Mercurial > trustbridge > nss-cmake-static

comparison nss/lib/freebl/sha512.c @ 0:1e5118fa0cb1

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
This is NSS with a Cmake Buildsyste To compile a static NSS library for Windows we've used the Chromium-NSS fork and added a Cmake buildsystem to compile it statically for Windows. See README.chromium for chromium changes and README.trustbridge for our modifications.
author Andre Heinecke <andre.heinecke@intevation.de>
date Mon, 28 Jul 2014 10:47:06 +0200
parents
children
comparison
equal deleted inserted replaced
-1:000000000000 0:1e5118fa0cb1
1 /*
2 * sha512.c - implementation of SHA224, SHA256, SHA384 and SHA512
3 *
4 * This Source Code Form is subject to the terms of the Mozilla Public
5 * License, v. 2.0. If a copy of the MPL was not distributed with this
6 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
7
8 #ifdef FREEBL_NO_DEPEND
9 #include "stubs.h"
10 #endif
11
12 #include "prcpucfg.h"
13 #if defined(NSS_X86) || defined(SHA_NO_LONG_LONG)
14 #define NOUNROLL512 1
15 #undef HAVE_LONG_LONG
16 #endif
17 #include "prtypes.h" /* for PRUintXX */
18 #include "prlong.h"
19 #include "secport.h" /* for PORT_XXX */
20 #include "blapi.h"
21 #include "sha256.h" /* for struct SHA256ContextStr */
22
23 /* ============= Common constants and defines ======================= */
24
25 #define W ctx->u.w
26 #define B ctx->u.b
27 #define H ctx->h
28
29 #define SHR(x,n) (x >> n)
30 #define SHL(x,n) (x << n)
31 #define Ch(x,y,z) ((x & y) ^ (~x & z))
32 #define Maj(x,y,z) ((x & y) ^ (x & z) ^ (y & z))
33 #define SHA_MIN(a,b) (a < b ? a : b)
34
35 /* Padding used with all flavors of SHA */
36 static const PRUint8 pad[240] = {
37 0x80,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
38 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
39 /* compiler will fill the rest in with zeros */
40 };
41
42 /* ============= SHA256 implementation ================================== */
43
44 /* SHA-256 constants, K256. */
45 static const PRUint32 K256[64] = {
46 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5,
47 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
48 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,
49 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
50 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc,
51 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
52 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7,
53 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
54 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13,
55 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
56 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3,
57 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
58 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5,
59 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
60 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208,
61 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
62 };
63
64 /* SHA-256 initial hash values */
65 static const PRUint32 H256[8] = {
66 0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a,
67 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19
68 };
69
70 #if (_MSC_VER >= 1300)
71 #include <stdlib.h>
72 #pragma intrinsic(_byteswap_ulong)
73 #define SHA_HTONL(x) _byteswap_ulong(x)
74 #define BYTESWAP4(x) x = SHA_HTONL(x)
75 #elif defined(_MSC_VER) && defined(NSS_X86_OR_X64)
76 #ifndef FORCEINLINE
77 #if (_MSC_VER >= 1200)
78 #define FORCEINLINE __forceinline
79 #else
80 #define FORCEINLINE __inline
81 #endif
82 #endif
83 #define FASTCALL __fastcall
84
85 static FORCEINLINE PRUint32 FASTCALL
86 swap4b(PRUint32 dwd)
87 {
88 __asm {
89 mov eax,dwd
90 bswap eax
91 }
92 }
93
94 #define SHA_HTONL(x) swap4b(x)
95 #define BYTESWAP4(x) x = SHA_HTONL(x)
96
97 #elif defined(__GNUC__) && defined(NSS_X86_OR_X64)
98 static __inline__ PRUint32 swap4b(PRUint32 value)
99 {
100 __asm__("bswap %0" : "+r" (value));
101 return (value);
102 }
103 #define SHA_HTONL(x) swap4b(x)
104 #define BYTESWAP4(x) x = SHA_HTONL(x)
105
106 #elif defined(__GNUC__) && (defined(__thumb2__) || \
107 (!defined(__thumb__) && \
108 (defined(__ARM_ARCH_6__) || \
109 defined(__ARM_ARCH_6J__) || \
110 defined(__ARM_ARCH_6K__) || \
111 defined(__ARM_ARCH_6Z__) || \
112 defined(__ARM_ARCH_6ZK__) || \
113 defined(__ARM_ARCH_6T2__) || \
114 defined(__ARM_ARCH_7__) || \
115 defined(__ARM_ARCH_7A__) || \
116 defined(__ARM_ARCH_7R__))))
117 static __inline__ PRUint32 swap4b(PRUint32 value)
118 {
119 PRUint32 ret;
120 __asm__("rev %0, %1" : "=r" (ret) : "r"(value));
121 return ret;
122 }
123 #define SHA_HTONL(x) swap4b(x)
124 #define BYTESWAP4(x) x = SHA_HTONL(x)
125
126 #else
127 #define SWAP4MASK 0x00FF00FF
128 #define SHA_HTONL(x) (t1 = (x), t1 = (t1 << 16) | (t1 >> 16), \
129 ((t1 & SWAP4MASK) << 8) | ((t1 >> 8) & SWAP4MASK))
130 #define BYTESWAP4(x) x = SHA_HTONL(x)
131 #endif
132
133 #if defined(_MSC_VER)
134 #pragma intrinsic (_lrotr, _lrotl)
135 #define ROTR32(x,n) _lrotr(x,n)
136 #define ROTL32(x,n) _lrotl(x,n)
137 #else
138 #define ROTR32(x,n) ((x >> n) | (x << ((8 * sizeof x) - n)))
139 #define ROTL32(x,n) ((x << n) | (x >> ((8 * sizeof x) - n)))
140 #endif
141
142 /* Capitol Sigma and lower case sigma functions */
143 #define S0(x) (ROTR32(x, 2) ^ ROTR32(x,13) ^ ROTR32(x,22))
144 #define S1(x) (ROTR32(x, 6) ^ ROTR32(x,11) ^ ROTR32(x,25))
145 #define s0(x) (t1 = x, ROTR32(t1, 7) ^ ROTR32(t1,18) ^ SHR(t1, 3))
146 #define s1(x) (t2 = x, ROTR32(t2,17) ^ ROTR32(t2,19) ^ SHR(t2,10))
147
148 SHA256Context *
149 SHA256_NewContext(void)
150 {
151 SHA256Context *ctx = PORT_New(SHA256Context);
152 return ctx;
153 }
154
155 void
156 SHA256_DestroyContext(SHA256Context *ctx, PRBool freeit)
157 {
158 memset(ctx, 0, sizeof *ctx);
159 if (freeit) {
160 PORT_Free(ctx);
161 }
162 }
163
164 void
165 SHA256_Begin(SHA256Context *ctx)
166 {
167 memset(ctx, 0, sizeof *ctx);
168 memcpy(H, H256, sizeof H256);
169 }
170
171 static void
172 SHA256_Compress(SHA256Context *ctx)
173 {
174 {
175 register PRUint32 t1, t2;
176
177 #if defined(IS_LITTLE_ENDIAN)
178 BYTESWAP4(W[0]);
179 BYTESWAP4(W[1]);
180 BYTESWAP4(W[2]);
181 BYTESWAP4(W[3]);
182 BYTESWAP4(W[4]);
183 BYTESWAP4(W[5]);
184 BYTESWAP4(W[6]);
185 BYTESWAP4(W[7]);
186 BYTESWAP4(W[8]);
187 BYTESWAP4(W[9]);
188 BYTESWAP4(W[10]);
189 BYTESWAP4(W[11]);
190 BYTESWAP4(W[12]);
191 BYTESWAP4(W[13]);
192 BYTESWAP4(W[14]);
193 BYTESWAP4(W[15]);
194 #endif
195
196 #define INITW(t) W[t] = (s1(W[t-2]) + W[t-7] + s0(W[t-15]) + W[t-16])
197
198 /* prepare the "message schedule" */
199 #ifdef NOUNROLL256
200 {
201 int t;
202 for (t = 16; t < 64; ++t) {
203 INITW(t);
204 }
205 }
206 #else
207 INITW(16);
208 INITW(17);
209 INITW(18);
210 INITW(19);
211
212 INITW(20);
213 INITW(21);
214 INITW(22);
215 INITW(23);
216 INITW(24);
217 INITW(25);
218 INITW(26);
219 INITW(27);
220 INITW(28);
221 INITW(29);
222
223 INITW(30);
224 INITW(31);
225 INITW(32);
226 INITW(33);
227 INITW(34);
228 INITW(35);
229 INITW(36);
230 INITW(37);
231 INITW(38);
232 INITW(39);
233
234 INITW(40);
235 INITW(41);
236 INITW(42);
237 INITW(43);
238 INITW(44);
239 INITW(45);
240 INITW(46);
241 INITW(47);
242 INITW(48);
243 INITW(49);
244
245 INITW(50);
246 INITW(51);
247 INITW(52);
248 INITW(53);
249 INITW(54);
250 INITW(55);
251 INITW(56);
252 INITW(57);
253 INITW(58);
254 INITW(59);
255
256 INITW(60);
257 INITW(61);
258 INITW(62);
259 INITW(63);
260
261 #endif
262 #undef INITW
263 }
264 {
265 PRUint32 a, b, c, d, e, f, g, h;
266
267 a = H[0];
268 b = H[1];
269 c = H[2];
270 d = H[3];
271 e = H[4];
272 f = H[5];
273 g = H[6];
274 h = H[7];
275
276 #define ROUND(n,a,b,c,d,e,f,g,h) \
277 h += S1(e) + Ch(e,f,g) + K256[n] + W[n]; \
278 d += h; \
279 h += S0(a) + Maj(a,b,c);
280
281 #ifdef NOUNROLL256
282 {
283 int t;
284 for (t = 0; t < 64; t+= 8) {
285 ROUND(t+0,a,b,c,d,e,f,g,h)
286 ROUND(t+1,h,a,b,c,d,e,f,g)
287 ROUND(t+2,g,h,a,b,c,d,e,f)
288 ROUND(t+3,f,g,h,a,b,c,d,e)
289 ROUND(t+4,e,f,g,h,a,b,c,d)
290 ROUND(t+5,d,e,f,g,h,a,b,c)
291 ROUND(t+6,c,d,e,f,g,h,a,b)
292 ROUND(t+7,b,c,d,e,f,g,h,a)
293 }
294 }
295 #else
296 ROUND( 0,a,b,c,d,e,f,g,h)
297 ROUND( 1,h,a,b,c,d,e,f,g)
298 ROUND( 2,g,h,a,b,c,d,e,f)
299 ROUND( 3,f,g,h,a,b,c,d,e)
300 ROUND( 4,e,f,g,h,a,b,c,d)
301 ROUND( 5,d,e,f,g,h,a,b,c)
302 ROUND( 6,c,d,e,f,g,h,a,b)
303 ROUND( 7,b,c,d,e,f,g,h,a)
304
305 ROUND( 8,a,b,c,d,e,f,g,h)
306 ROUND( 9,h,a,b,c,d,e,f,g)
307 ROUND(10,g,h,a,b,c,d,e,f)
308 ROUND(11,f,g,h,a,b,c,d,e)
309 ROUND(12,e,f,g,h,a,b,c,d)
310 ROUND(13,d,e,f,g,h,a,b,c)
311 ROUND(14,c,d,e,f,g,h,a,b)
312 ROUND(15,b,c,d,e,f,g,h,a)
313
314 ROUND(16,a,b,c,d,e,f,g,h)
315 ROUND(17,h,a,b,c,d,e,f,g)
316 ROUND(18,g,h,a,b,c,d,e,f)
317 ROUND(19,f,g,h,a,b,c,d,e)
318 ROUND(20,e,f,g,h,a,b,c,d)
319 ROUND(21,d,e,f,g,h,a,b,c)
320 ROUND(22,c,d,e,f,g,h,a,b)
321 ROUND(23,b,c,d,e,f,g,h,a)
322
323 ROUND(24,a,b,c,d,e,f,g,h)
324 ROUND(25,h,a,b,c,d,e,f,g)
325 ROUND(26,g,h,a,b,c,d,e,f)
326 ROUND(27,f,g,h,a,b,c,d,e)
327 ROUND(28,e,f,g,h,a,b,c,d)
328 ROUND(29,d,e,f,g,h,a,b,c)
329 ROUND(30,c,d,e,f,g,h,a,b)
330 ROUND(31,b,c,d,e,f,g,h,a)
331
332 ROUND(32,a,b,c,d,e,f,g,h)
333 ROUND(33,h,a,b,c,d,e,f,g)
334 ROUND(34,g,h,a,b,c,d,e,f)
335 ROUND(35,f,g,h,a,b,c,d,e)
336 ROUND(36,e,f,g,h,a,b,c,d)
337 ROUND(37,d,e,f,g,h,a,b,c)
338 ROUND(38,c,d,e,f,g,h,a,b)
339 ROUND(39,b,c,d,e,f,g,h,a)
340
341 ROUND(40,a,b,c,d,e,f,g,h)
342 ROUND(41,h,a,b,c,d,e,f,g)
343 ROUND(42,g,h,a,b,c,d,e,f)
344 ROUND(43,f,g,h,a,b,c,d,e)
345 ROUND(44,e,f,g,h,a,b,c,d)
346 ROUND(45,d,e,f,g,h,a,b,c)
347 ROUND(46,c,d,e,f,g,h,a,b)
348 ROUND(47,b,c,d,e,f,g,h,a)
349
350 ROUND(48,a,b,c,d,e,f,g,h)
351 ROUND(49,h,a,b,c,d,e,f,g)
352 ROUND(50,g,h,a,b,c,d,e,f)
353 ROUND(51,f,g,h,a,b,c,d,e)
354 ROUND(52,e,f,g,h,a,b,c,d)
355 ROUND(53,d,e,f,g,h,a,b,c)
356 ROUND(54,c,d,e,f,g,h,a,b)
357 ROUND(55,b,c,d,e,f,g,h,a)
358
359 ROUND(56,a,b,c,d,e,f,g,h)
360 ROUND(57,h,a,b,c,d,e,f,g)
361 ROUND(58,g,h,a,b,c,d,e,f)
362 ROUND(59,f,g,h,a,b,c,d,e)
363 ROUND(60,e,f,g,h,a,b,c,d)
364 ROUND(61,d,e,f,g,h,a,b,c)
365 ROUND(62,c,d,e,f,g,h,a,b)
366 ROUND(63,b,c,d,e,f,g,h,a)
367 #endif
368
369 H[0] += a;
370 H[1] += b;
371 H[2] += c;
372 H[3] += d;
373 H[4] += e;
374 H[5] += f;
375 H[6] += g;
376 H[7] += h;
377 }
378 #undef ROUND
379 }
380
381 #undef s0
382 #undef s1
383 #undef S0
384 #undef S1
385
386 void
387 SHA256_Update(SHA256Context *ctx, const unsigned char *input,
388 unsigned int inputLen)
389 {
390 unsigned int inBuf = ctx->sizeLo & 0x3f;
391 if (!inputLen)
392 return;
393
394 /* Add inputLen into the count of bytes processed, before processing */
395 if ((ctx->sizeLo += inputLen) < inputLen)
396 ctx->sizeHi++;
397
398 /* if data already in buffer, attemp to fill rest of buffer */
399 if (inBuf) {
400 unsigned int todo = SHA256_BLOCK_LENGTH - inBuf;
401 if (inputLen < todo)
402 todo = inputLen;
403 memcpy(B + inBuf, input, todo);
404 input += todo;
405 inputLen -= todo;
406 if (inBuf + todo == SHA256_BLOCK_LENGTH)
407 SHA256_Compress(ctx);
408 }
409
410 /* if enough data to fill one or more whole buffers, process them. */
411 while (inputLen >= SHA256_BLOCK_LENGTH) {
412 memcpy(B, input, SHA256_BLOCK_LENGTH);
413 input += SHA256_BLOCK_LENGTH;
414 inputLen -= SHA256_BLOCK_LENGTH;
415 SHA256_Compress(ctx);
416 }
417 /* if data left over, fill it into buffer */
418 if (inputLen)
419 memcpy(B, input, inputLen);
420 }
421
422 void
423 SHA256_End(SHA256Context *ctx, unsigned char *digest,
424 unsigned int *digestLen, unsigned int maxDigestLen)
425 {
426 unsigned int inBuf = ctx->sizeLo & 0x3f;
427 unsigned int padLen = (inBuf < 56) ? (56 - inBuf) : (56 + 64 - inBuf);
428 PRUint32 hi, lo;
429 #ifdef SWAP4MASK
430 PRUint32 t1;
431 #endif
432
433 hi = (ctx->sizeHi << 3) | (ctx->sizeLo >> 29);
434 lo = (ctx->sizeLo << 3);
435
436 SHA256_Update(ctx, pad, padLen);
437
438 #if defined(IS_LITTLE_ENDIAN)
439 W[14] = SHA_HTONL(hi);
440 W[15] = SHA_HTONL(lo);
441 #else
442 W[14] = hi;
443 W[15] = lo;
444 #endif
445 SHA256_Compress(ctx);
446
447 /* now output the answer */
448 #if defined(IS_LITTLE_ENDIAN)
449 BYTESWAP4(H[0]);
450 BYTESWAP4(H[1]);
451 BYTESWAP4(H[2]);
452 BYTESWAP4(H[3]);
453 BYTESWAP4(H[4]);
454 BYTESWAP4(H[5]);
455 BYTESWAP4(H[6]);
456 BYTESWAP4(H[7]);
457 #endif
458 padLen = PR_MIN(SHA256_LENGTH, maxDigestLen);
459 memcpy(digest, H, padLen);
460 if (digestLen)
461 *digestLen = padLen;
462 }
463
464 void
465 SHA256_EndRaw(SHA256Context *ctx, unsigned char *digest,
466 unsigned int *digestLen, unsigned int maxDigestLen)
467 {
468 PRUint32 h[8];
469 unsigned int len;
470 #ifdef SWAP4MASK
471 PRUint32 t1;
472 #endif
473
474 memcpy(h, ctx->h, sizeof(h));
475
476 #if defined(IS_LITTLE_ENDIAN)
477 BYTESWAP4(h[0]);
478 BYTESWAP4(h[1]);
479 BYTESWAP4(h[2]);
480 BYTESWAP4(h[3]);
481 BYTESWAP4(h[4]);
482 BYTESWAP4(h[5]);
483 BYTESWAP4(h[6]);
484 BYTESWAP4(h[7]);
485 #endif
486
487 len = PR_MIN(SHA256_LENGTH, maxDigestLen);
488 memcpy(digest, h, len);
489 if (digestLen)
490 *digestLen = len;
491 }
492
493 SECStatus
494 SHA256_HashBuf(unsigned char *dest, const unsigned char *src,
495 PRUint32 src_length)
496 {
497 SHA256Context ctx;
498 unsigned int outLen;
499
500 SHA256_Begin(&ctx);
501 SHA256_Update(&ctx, src, src_length);
502 SHA256_End(&ctx, dest, &outLen, SHA256_LENGTH);
503 memset(&ctx, 0, sizeof ctx);
504
505 return SECSuccess;
506 }
507
508
509 SECStatus
510 SHA256_Hash(unsigned char *dest, const char *src)
511 {
512 return SHA256_HashBuf(dest, (const unsigned char *)src, PORT_Strlen(src));
513 }
514
515
516 void SHA256_TraceState(SHA256Context *ctx) { }
517
518 unsigned int
519 SHA256_FlattenSize(SHA256Context *ctx)
520 {
521 return sizeof *ctx;
522 }
523
524 SECStatus
525 SHA256_Flatten(SHA256Context *ctx,unsigned char *space)
526 {
527 PORT_Memcpy(space, ctx, sizeof *ctx);
528 return SECSuccess;
529 }
530
531 SHA256Context *
532 SHA256_Resurrect(unsigned char *space, void *arg)
533 {
534 SHA256Context *ctx = SHA256_NewContext();
535 if (ctx)
536 PORT_Memcpy(ctx, space, sizeof *ctx);
537 return ctx;
538 }
539
540 void SHA256_Clone(SHA256Context *dest, SHA256Context *src)
541 {
542 memcpy(dest, src, sizeof *dest);
543 }
544
545 /* ============= SHA224 implementation ================================== */
546
547 /* SHA-224 initial hash values */
548 static const PRUint32 H224[8] = {
549 0xc1059ed8, 0x367cd507, 0x3070dd17, 0xf70e5939,
550 0xffc00b31, 0x68581511, 0x64f98fa7, 0xbefa4fa4
551 };
552
553 SHA224Context *
554 SHA224_NewContext(void)
555 {
556 return SHA256_NewContext();
557 }
558
559 void
560 SHA224_DestroyContext(SHA224Context *ctx, PRBool freeit)
561 {
562 SHA256_DestroyContext(ctx, freeit);
563 }
564
565 void
566 SHA224_Begin(SHA224Context *ctx)
567 {
568 memset(ctx, 0, sizeof *ctx);
569 memcpy(H, H224, sizeof H224);
570 }
571
572 void
573 SHA224_Update(SHA224Context *ctx, const unsigned char *input,
574 unsigned int inputLen)
575 {
576 SHA256_Update(ctx, input, inputLen);
577 }
578
579 void
580 SHA224_End(SHA256Context *ctx, unsigned char *digest,
581 unsigned int *digestLen, unsigned int maxDigestLen)
582 {
583 unsigned int maxLen = SHA_MIN(maxDigestLen, SHA224_LENGTH);
584 SHA256_End(ctx, digest, digestLen, maxLen);
585 }
586
587 void
588 SHA224_EndRaw(SHA256Context *ctx, unsigned char *digest,
589 unsigned int *digestLen, unsigned int maxDigestLen)
590 {
591 unsigned int maxLen = SHA_MIN(maxDigestLen, SHA224_LENGTH);
592 SHA256_EndRaw(ctx, digest, digestLen, maxLen);
593 }
594
595 SECStatus
596 SHA224_HashBuf(unsigned char *dest, const unsigned char *src,
597 PRUint32 src_length)
598 {
599 SHA256Context ctx;
600 unsigned int outLen;
601
602 SHA224_Begin(&ctx);
603 SHA256_Update(&ctx, src, src_length);
604 SHA256_End(&ctx, dest, &outLen, SHA224_LENGTH);
605 memset(&ctx, 0, sizeof ctx);
606
607 return SECSuccess;
608 }
609
610 SECStatus
611 SHA224_Hash(unsigned char *dest, const char *src)
612 {
613 return SHA224_HashBuf(dest, (const unsigned char *)src, PORT_Strlen(src));
614 }
615
616 void SHA224_TraceState(SHA224Context *ctx) { }
617
618 unsigned int
619 SHA224_FlattenSize(SHA224Context *ctx)
620 {
621 return SHA256_FlattenSize(ctx);
622 }
623
624 SECStatus
625 SHA224_Flatten(SHA224Context *ctx, unsigned char *space)
626 {
627 return SHA256_Flatten(ctx, space);
628 }
629
630 SHA224Context *
631 SHA224_Resurrect(unsigned char *space, void *arg)
632 {
633 return SHA256_Resurrect(space, arg);
634 }
635
636 void SHA224_Clone(SHA224Context *dest, SHA224Context *src)
637 {
638 SHA256_Clone(dest, src);
639 }
640
641
642 /* ======= SHA512 and SHA384 common constants and defines ================= */
643
644 /* common #defines for SHA512 and SHA384 */
645 #if defined(HAVE_LONG_LONG)
646 #if defined(_MSC_VER)
647 #pragma intrinsic(_rotr64,_rotl64)
648 #define ROTR64(x,n) _rotr64(x,n)
649 #define ROTL64(x,n) _rotl64(x,n)
650 #else
651 #define ROTR64(x,n) ((x >> n) | (x << (64 - n)))
652 #define ROTL64(x,n) ((x << n) | (x >> (64 - n)))
653 #endif
654
655 #define S0(x) (ROTR64(x,28) ^ ROTR64(x,34) ^ ROTR64(x,39))
656 #define S1(x) (ROTR64(x,14) ^ ROTR64(x,18) ^ ROTR64(x,41))
657 #define s0(x) (t1 = x, ROTR64(t1, 1) ^ ROTR64(t1, 8) ^ SHR(t1,7))
658 #define s1(x) (t2 = x, ROTR64(t2,19) ^ ROTR64(t2,61) ^ SHR(t2,6))
659
660 #if PR_BYTES_PER_LONG == 8
661 #define ULLC(hi,lo) 0x ## hi ## lo ## UL
662 #elif defined(_MSC_VER)
663 #define ULLC(hi,lo) 0x ## hi ## lo ## ui64
664 #else
665 #define ULLC(hi,lo) 0x ## hi ## lo ## ULL
666 #endif
667
668 #if defined(_MSC_VER)
669 #pragma intrinsic(_byteswap_uint64)
670 #define SHA_HTONLL(x) _byteswap_uint64(x)
671
672 #elif defined(__GNUC__) && (defined(__x86_64__) || defined(__x86_64))
673 static __inline__ PRUint64 swap8b(PRUint64 value)
674 {
675 __asm__("bswapq %0" : "+r" (value));
676 return (value);
677 }
678 #define SHA_HTONLL(x) swap8b(x)
679
680 #else
681 #define SHA_MASK16 ULLC(0000FFFF,0000FFFF)
682 #define SHA_MASK8 ULLC(00FF00FF,00FF00FF)
683 #define SHA_HTONLL(x) (t1 = x, \
684 t1 = ((t1 & SHA_MASK8 ) << 8) | ((t1 >> 8) & SHA_MASK8 ), \
685 t1 = ((t1 & SHA_MASK16) << 16) | ((t1 >> 16) & SHA_MASK16), \
686 (t1 >> 32) | (t1 << 32))
687 #endif
688 #define BYTESWAP8(x) x = SHA_HTONLL(x)
689
690 #else /* no long long */
691
692 #if defined(IS_LITTLE_ENDIAN)
693 #define ULLC(hi,lo) { 0x ## lo ## U, 0x ## hi ## U }
694 #else
695 #define ULLC(hi,lo) { 0x ## hi ## U, 0x ## lo ## U }
696 #endif
697
698 #define SHA_HTONLL(x) ( BYTESWAP4(x.lo), BYTESWAP4(x.hi), \
699 x.hi ^= x.lo ^= x.hi ^= x.lo, x)
700 #define BYTESWAP8(x) do { PRUint32 tmp; BYTESWAP4(x.lo); BYTESWAP4(x.hi); \
701 tmp = x.lo; x.lo = x.hi; x.hi = tmp; } while (0)
702 #endif
703
704 /* SHA-384 and SHA-512 constants, K512. */
705 static const PRUint64 K512[80] = {
706 #if PR_BYTES_PER_LONG == 8
707 0x428a2f98d728ae22UL , 0x7137449123ef65cdUL ,
708 0xb5c0fbcfec4d3b2fUL , 0xe9b5dba58189dbbcUL ,
709 0x3956c25bf348b538UL , 0x59f111f1b605d019UL ,
710 0x923f82a4af194f9bUL , 0xab1c5ed5da6d8118UL ,
711 0xd807aa98a3030242UL , 0x12835b0145706fbeUL ,
712 0x243185be4ee4b28cUL , 0x550c7dc3d5ffb4e2UL ,
713 0x72be5d74f27b896fUL , 0x80deb1fe3b1696b1UL ,
714 0x9bdc06a725c71235UL , 0xc19bf174cf692694UL ,
715 0xe49b69c19ef14ad2UL , 0xefbe4786384f25e3UL ,
716 0x0fc19dc68b8cd5b5UL , 0x240ca1cc77ac9c65UL ,
717 0x2de92c6f592b0275UL , 0x4a7484aa6ea6e483UL ,
718 0x5cb0a9dcbd41fbd4UL , 0x76f988da831153b5UL ,
719 0x983e5152ee66dfabUL , 0xa831c66d2db43210UL ,
720 0xb00327c898fb213fUL , 0xbf597fc7beef0ee4UL ,
721 0xc6e00bf33da88fc2UL , 0xd5a79147930aa725UL ,
722 0x06ca6351e003826fUL , 0x142929670a0e6e70UL ,
723 0x27b70a8546d22ffcUL , 0x2e1b21385c26c926UL ,
724 0x4d2c6dfc5ac42aedUL , 0x53380d139d95b3dfUL ,
725 0x650a73548baf63deUL , 0x766a0abb3c77b2a8UL ,
726 0x81c2c92e47edaee6UL , 0x92722c851482353bUL ,
727 0xa2bfe8a14cf10364UL , 0xa81a664bbc423001UL ,
728 0xc24b8b70d0f89791UL , 0xc76c51a30654be30UL ,
729 0xd192e819d6ef5218UL , 0xd69906245565a910UL ,
730 0xf40e35855771202aUL , 0x106aa07032bbd1b8UL ,
731 0x19a4c116b8d2d0c8UL , 0x1e376c085141ab53UL ,
732 0x2748774cdf8eeb99UL , 0x34b0bcb5e19b48a8UL ,
733 0x391c0cb3c5c95a63UL , 0x4ed8aa4ae3418acbUL ,
734 0x5b9cca4f7763e373UL , 0x682e6ff3d6b2b8a3UL ,
735 0x748f82ee5defb2fcUL , 0x78a5636f43172f60UL ,
736 0x84c87814a1f0ab72UL , 0x8cc702081a6439ecUL ,
737 0x90befffa23631e28UL , 0xa4506cebde82bde9UL ,
738 0xbef9a3f7b2c67915UL , 0xc67178f2e372532bUL ,
739 0xca273eceea26619cUL , 0xd186b8c721c0c207UL ,
740 0xeada7dd6cde0eb1eUL , 0xf57d4f7fee6ed178UL ,
741 0x06f067aa72176fbaUL , 0x0a637dc5a2c898a6UL ,
742 0x113f9804bef90daeUL , 0x1b710b35131c471bUL ,
743 0x28db77f523047d84UL , 0x32caab7b40c72493UL ,
744 0x3c9ebe0a15c9bebcUL , 0x431d67c49c100d4cUL ,
745 0x4cc5d4becb3e42b6UL , 0x597f299cfc657e2aUL ,
746 0x5fcb6fab3ad6faecUL , 0x6c44198c4a475817UL
747 #else
748 ULLC(428a2f98,d728ae22), ULLC(71374491,23ef65cd),
749 ULLC(b5c0fbcf,ec4d3b2f), ULLC(e9b5dba5,8189dbbc),
750 ULLC(3956c25b,f348b538), ULLC(59f111f1,b605d019),
751 ULLC(923f82a4,af194f9b), ULLC(ab1c5ed5,da6d8118),
752 ULLC(d807aa98,a3030242), ULLC(12835b01,45706fbe),
753 ULLC(243185be,4ee4b28c), ULLC(550c7dc3,d5ffb4e2),
754 ULLC(72be5d74,f27b896f), ULLC(80deb1fe,3b1696b1),
755 ULLC(9bdc06a7,25c71235), ULLC(c19bf174,cf692694),
756 ULLC(e49b69c1,9ef14ad2), ULLC(efbe4786,384f25e3),
757 ULLC(0fc19dc6,8b8cd5b5), ULLC(240ca1cc,77ac9c65),
758 ULLC(2de92c6f,592b0275), ULLC(4a7484aa,6ea6e483),
759 ULLC(5cb0a9dc,bd41fbd4), ULLC(76f988da,831153b5),
760 ULLC(983e5152,ee66dfab), ULLC(a831c66d,2db43210),
761 ULLC(b00327c8,98fb213f), ULLC(bf597fc7,beef0ee4),
762 ULLC(c6e00bf3,3da88fc2), ULLC(d5a79147,930aa725),
763 ULLC(06ca6351,e003826f), ULLC(14292967,0a0e6e70),
764 ULLC(27b70a85,46d22ffc), ULLC(2e1b2138,5c26c926),
765 ULLC(4d2c6dfc,5ac42aed), ULLC(53380d13,9d95b3df),
766 ULLC(650a7354,8baf63de), ULLC(766a0abb,3c77b2a8),
767 ULLC(81c2c92e,47edaee6), ULLC(92722c85,1482353b),
768 ULLC(a2bfe8a1,4cf10364), ULLC(a81a664b,bc423001),
769 ULLC(c24b8b70,d0f89791), ULLC(c76c51a3,0654be30),
770 ULLC(d192e819,d6ef5218), ULLC(d6990624,5565a910),
771 ULLC(f40e3585,5771202a), ULLC(106aa070,32bbd1b8),
772 ULLC(19a4c116,b8d2d0c8), ULLC(1e376c08,5141ab53),
773 ULLC(2748774c,df8eeb99), ULLC(34b0bcb5,e19b48a8),
774 ULLC(391c0cb3,c5c95a63), ULLC(4ed8aa4a,e3418acb),
775 ULLC(5b9cca4f,7763e373), ULLC(682e6ff3,d6b2b8a3),
776 ULLC(748f82ee,5defb2fc), ULLC(78a5636f,43172f60),
777 ULLC(84c87814,a1f0ab72), ULLC(8cc70208,1a6439ec),
778 ULLC(90befffa,23631e28), ULLC(a4506ceb,de82bde9),
779 ULLC(bef9a3f7,b2c67915), ULLC(c67178f2,e372532b),
780 ULLC(ca273ece,ea26619c), ULLC(d186b8c7,21c0c207),
781 ULLC(eada7dd6,cde0eb1e), ULLC(f57d4f7f,ee6ed178),
782 ULLC(06f067aa,72176fba), ULLC(0a637dc5,a2c898a6),
783 ULLC(113f9804,bef90dae), ULLC(1b710b35,131c471b),
784 ULLC(28db77f5,23047d84), ULLC(32caab7b,40c72493),
785 ULLC(3c9ebe0a,15c9bebc), ULLC(431d67c4,9c100d4c),
786 ULLC(4cc5d4be,cb3e42b6), ULLC(597f299c,fc657e2a),
787 ULLC(5fcb6fab,3ad6faec), ULLC(6c44198c,4a475817)
788 #endif
789 };
790
791 struct SHA512ContextStr {
792 union {
793 PRUint64 w[80]; /* message schedule, input buffer, plus 64 words */
794 PRUint32 l[160];
795 PRUint8 b[640];
796 } u;
797 PRUint64 h[8]; /* 8 state variables */
798 PRUint64 sizeLo; /* 64-bit count of hashed bytes. */
799 };
800
801 /* =========== SHA512 implementation ===================================== */
802
803 /* SHA-512 initial hash values */
804 static const PRUint64 H512[8] = {
805 #if PR_BYTES_PER_LONG == 8
806 0x6a09e667f3bcc908UL , 0xbb67ae8584caa73bUL ,
807 0x3c6ef372fe94f82bUL , 0xa54ff53a5f1d36f1UL ,
808 0x510e527fade682d1UL , 0x9b05688c2b3e6c1fUL ,
809 0x1f83d9abfb41bd6bUL , 0x5be0cd19137e2179UL
810 #else
811 ULLC(6a09e667,f3bcc908), ULLC(bb67ae85,84caa73b),
812 ULLC(3c6ef372,fe94f82b), ULLC(a54ff53a,5f1d36f1),
813 ULLC(510e527f,ade682d1), ULLC(9b05688c,2b3e6c1f),
814 ULLC(1f83d9ab,fb41bd6b), ULLC(5be0cd19,137e2179)
815 #endif
816 };
817
818
819 SHA512Context *
820 SHA512_NewContext(void)
821 {
822 SHA512Context *ctx = PORT_New(SHA512Context);
823 return ctx;
824 }
825
826 void
827 SHA512_DestroyContext(SHA512Context *ctx, PRBool freeit)
828 {
829 memset(ctx, 0, sizeof *ctx);
830 if (freeit) {
831 PORT_Free(ctx);
832 }
833 }
834
835 void
836 SHA512_Begin(SHA512Context *ctx)
837 {
838 memset(ctx, 0, sizeof *ctx);
839 memcpy(H, H512, sizeof H512);
840 }
841
842 #if defined(SHA512_TRACE)
843 #if defined(HAVE_LONG_LONG)
844 #define DUMP(n,a,d,e,h) printf(" t = %2d, %s = %016lx, %s = %016lx\n", \
845 n, #e, d, #a, h);
846 #else
847 #define DUMP(n,a,d,e,h) printf(" t = %2d, %s = %08x%08x, %s = %08x%08x\n", \
848 n, #e, d.hi, d.lo, #a, h.hi, h.lo);
849 #endif
850 #else
851 #define DUMP(n,a,d,e,h)
852 #endif
853
854 #if defined(HAVE_LONG_LONG)
855
856 #define ADDTO(x,y) y += x
857
858 #define INITW(t) W[t] = (s1(W[t-2]) + W[t-7] + s0(W[t-15]) + W[t-16])
859
860 #define ROUND(n,a,b,c,d,e,f,g,h) \
861 h += S1(e) + Ch(e,f,g) + K512[n] + W[n]; \
862 d += h; \
863 h += S0(a) + Maj(a,b,c); \
864 DUMP(n,a,d,e,h)
865
866 #else /* use only 32-bit variables, and don't unroll loops */
867
868 #undef NOUNROLL512
869 #define NOUNROLL512 1
870
871 #define ADDTO(x,y) y.lo += x.lo; y.hi += x.hi + (x.lo > y.lo)
872
873 #define ROTR64a(x,n,lo,hi) (x.lo >> n | x.hi << (32-n))
874 #define ROTR64A(x,n,lo,hi) (x.lo << (64-n) | x.hi >> (n-32))
875 #define SHR64a(x,n,lo,hi) (x.lo >> n | x.hi << (32-n))
876
877 /* Capitol Sigma and lower case sigma functions */
878 #define s0lo(x) (ROTR64a(x,1,lo,hi) ^ ROTR64a(x,8,lo,hi) ^ SHR64a(x,7,lo,hi))
879 #define s0hi(x) (ROTR64a(x,1,hi,lo) ^ ROTR64a(x,8,hi,lo) ^ (x.hi >> 7))
880
881 #define s1lo(x) (ROTR64a(x,19,lo,hi) ^ ROTR64A(x,61,lo,hi) ^ SHR64a(x,6,lo,hi))
882 #define s1hi(x) (ROTR64a(x,19,hi,lo) ^ ROTR64A(x,61,hi,lo) ^ (x.hi >> 6))
883
884 #define S0lo(x)(ROTR64a(x,28,lo,hi) ^ ROTR64A(x,34,lo,hi) ^ ROTR64A(x,39,lo,hi))
885 #define S0hi(x)(ROTR64a(x,28,hi,lo) ^ ROTR64A(x,34,hi,lo) ^ ROTR64A(x,39,hi,lo))
886
887 #define S1lo(x)(ROTR64a(x,14,lo,hi) ^ ROTR64a(x,18,lo,hi) ^ ROTR64A(x,41,lo,hi))
888 #define S1hi(x)(ROTR64a(x,14,hi,lo) ^ ROTR64a(x,18,hi,lo) ^ ROTR64A(x,41,hi,lo))
889
890 /* 32-bit versions of Ch and Maj */
891 #define Chxx(x,y,z,lo) ((x.lo & y.lo) ^ (~x.lo & z.lo))
892 #define Majx(x,y,z,lo) ((x.lo & y.lo) ^ (x.lo & z.lo) ^ (y.lo & z.lo))
893
894 #define INITW(t) \
895 do { \
896 PRUint32 lo, tm; \
897 PRUint32 cy = 0; \
898 lo = s1lo(W[t-2]); \
899 lo += (tm = W[t-7].lo); if (lo < tm) cy++; \
900 lo += (tm = s0lo(W[t-15])); if (lo < tm) cy++; \
901 lo += (tm = W[t-16].lo); if (lo < tm) cy++; \
902 W[t].lo = lo; \
903 W[t].hi = cy + s1hi(W[t-2]) + W[t-7].hi + s0hi(W[t-15]) + W[t-16].hi; \
904 } while (0)
905
906 #define ROUND(n,a,b,c,d,e,f,g,h) \
907 { \
908 PRUint32 lo, tm, cy; \
909 lo = S1lo(e); \
910 lo += (tm = Chxx(e,f,g,lo)); cy = (lo < tm); \
911 lo += (tm = K512[n].lo); if (lo < tm) cy++; \
912 lo += (tm = W[n].lo); if (lo < tm) cy++; \
913 h.lo += lo; if (h.lo < lo) cy++; \
914 h.hi += cy + S1hi(e) + Chxx(e,f,g,hi) + K512[n].hi + W[n].hi; \
915 d.lo += h.lo; \
916 d.hi += h.hi + (d.lo < h.lo); \
917 lo = S0lo(a); \
918 lo += (tm = Majx(a,b,c,lo)); cy = (lo < tm); \
919 h.lo += lo; if (h.lo < lo) cy++; \
920 h.hi += cy + S0hi(a) + Majx(a,b,c,hi); \
921 DUMP(n,a,d,e,h) \
922 }
923 #endif
924
925 static void
926 SHA512_Compress(SHA512Context *ctx)
927 {
928 #if defined(IS_LITTLE_ENDIAN)
929 {
930 #if defined(HAVE_LONG_LONG)
931 PRUint64 t1;
932 #else
933 PRUint32 t1;
934 #endif
935 BYTESWAP8(W[0]);
936 BYTESWAP8(W[1]);
937 BYTESWAP8(W[2]);
938 BYTESWAP8(W[3]);
939 BYTESWAP8(W[4]);
940 BYTESWAP8(W[5]);
941 BYTESWAP8(W[6]);
942 BYTESWAP8(W[7]);
943 BYTESWAP8(W[8]);
944 BYTESWAP8(W[9]);
945 BYTESWAP8(W[10]);
946 BYTESWAP8(W[11]);
947 BYTESWAP8(W[12]);
948 BYTESWAP8(W[13]);
949 BYTESWAP8(W[14]);
950 BYTESWAP8(W[15]);
951 }
952 #endif
953
954 {
955 PRUint64 t1, t2;
956 #ifdef NOUNROLL512
957 {
958 /* prepare the "message schedule" */
959 int t;
960 for (t = 16; t < 80; ++t) {
961 INITW(t);
962 }
963 }
964 #else
965 INITW(16);
966 INITW(17);
967 INITW(18);
968 INITW(19);
969
970 INITW(20);
971 INITW(21);
972 INITW(22);
973 INITW(23);
974 INITW(24);
975 INITW(25);
976 INITW(26);
977 INITW(27);
978 INITW(28);
979 INITW(29);
980
981 INITW(30);
982 INITW(31);
983 INITW(32);
984 INITW(33);
985 INITW(34);
986 INITW(35);
987 INITW(36);
988 INITW(37);
989 INITW(38);
990 INITW(39);
991
992 INITW(40);
993 INITW(41);
994 INITW(42);
995 INITW(43);
996 INITW(44);
997 INITW(45);
998 INITW(46);
999 INITW(47);
1000 INITW(48);
1001 INITW(49);
1002
1003 INITW(50);
1004 INITW(51);
1005 INITW(52);
1006 INITW(53);
1007 INITW(54);
1008 INITW(55);
1009 INITW(56);
1010 INITW(57);
1011 INITW(58);
1012 INITW(59);
1013
1014 INITW(60);
1015 INITW(61);
1016 INITW(62);
1017 INITW(63);
1018 INITW(64);
1019 INITW(65);
1020 INITW(66);
1021 INITW(67);
1022 INITW(68);
1023 INITW(69);
1024
1025 INITW(70);
1026 INITW(71);
1027 INITW(72);
1028 INITW(73);
1029 INITW(74);
1030 INITW(75);
1031 INITW(76);
1032 INITW(77);
1033 INITW(78);
1034 INITW(79);
1035 #endif
1036 }
1037 #ifdef SHA512_TRACE
1038 {
1039 int i;
1040 for (i = 0; i < 80; ++i) {
1041 #ifdef HAVE_LONG_LONG
1042 printf("W[%2d] = %016lx\n", i, W[i]);
1043 #else
1044 printf("W[%2d] = %08x%08x\n", i, W[i].hi, W[i].lo);
1045 #endif
1046 }
1047 }
1048 #endif
1049 {
1050 PRUint64 a, b, c, d, e, f, g, h;
1051
1052 a = H[0];
1053 b = H[1];
1054 c = H[2];
1055 d = H[3];
1056 e = H[4];
1057 f = H[5];
1058 g = H[6];
1059 h = H[7];
1060
1061 #ifdef NOUNROLL512
1062 {
1063 int t;
1064 for (t = 0; t < 80; t+= 8) {
1065 ROUND(t+0,a,b,c,d,e,f,g,h)
1066 ROUND(t+1,h,a,b,c,d,e,f,g)
1067 ROUND(t+2,g,h,a,b,c,d,e,f)
1068 ROUND(t+3,f,g,h,a,b,c,d,e)
1069 ROUND(t+4,e,f,g,h,a,b,c,d)
1070 ROUND(t+5,d,e,f,g,h,a,b,c)
1071 ROUND(t+6,c,d,e,f,g,h,a,b)
1072 ROUND(t+7,b,c,d,e,f,g,h,a)
1073 }
1074 }
1075 #else
1076 ROUND( 0,a,b,c,d,e,f,g,h)
1077 ROUND( 1,h,a,b,c,d,e,f,g)
1078 ROUND( 2,g,h,a,b,c,d,e,f)
1079 ROUND( 3,f,g,h,a,b,c,d,e)
1080 ROUND( 4,e,f,g,h,a,b,c,d)
1081 ROUND( 5,d,e,f,g,h,a,b,c)
1082 ROUND( 6,c,d,e,f,g,h,a,b)
1083 ROUND( 7,b,c,d,e,f,g,h,a)
1084
1085 ROUND( 8,a,b,c,d,e,f,g,h)
1086 ROUND( 9,h,a,b,c,d,e,f,g)
1087 ROUND(10,g,h,a,b,c,d,e,f)
1088 ROUND(11,f,g,h,a,b,c,d,e)
1089 ROUND(12,e,f,g,h,a,b,c,d)
1090 ROUND(13,d,e,f,g,h,a,b,c)
1091 ROUND(14,c,d,e,f,g,h,a,b)
1092 ROUND(15,b,c,d,e,f,g,h,a)
1093
1094 ROUND(16,a,b,c,d,e,f,g,h)
1095 ROUND(17,h,a,b,c,d,e,f,g)
1096 ROUND(18,g,h,a,b,c,d,e,f)
1097 ROUND(19,f,g,h,a,b,c,d,e)
1098 ROUND(20,e,f,g,h,a,b,c,d)
1099 ROUND(21,d,e,f,g,h,a,b,c)
1100 ROUND(22,c,d,e,f,g,h,a,b)
1101 ROUND(23,b,c,d,e,f,g,h,a)
1102
1103 ROUND(24,a,b,c,d,e,f,g,h)
1104 ROUND(25,h,a,b,c,d,e,f,g)
1105 ROUND(26,g,h,a,b,c,d,e,f)
1106 ROUND(27,f,g,h,a,b,c,d,e)
1107 ROUND(28,e,f,g,h,a,b,c,d)
1108 ROUND(29,d,e,f,g,h,a,b,c)
1109 ROUND(30,c,d,e,f,g,h,a,b)
1110 ROUND(31,b,c,d,e,f,g,h,a)
1111
1112 ROUND(32,a,b,c,d,e,f,g,h)
1113 ROUND(33,h,a,b,c,d,e,f,g)
1114 ROUND(34,g,h,a,b,c,d,e,f)
1115 ROUND(35,f,g,h,a,b,c,d,e)
1116 ROUND(36,e,f,g,h,a,b,c,d)
1117 ROUND(37,d,e,f,g,h,a,b,c)
1118 ROUND(38,c,d,e,f,g,h,a,b)
1119 ROUND(39,b,c,d,e,f,g,h,a)
1120
1121 ROUND(40,a,b,c,d,e,f,g,h)
1122 ROUND(41,h,a,b,c,d,e,f,g)
1123 ROUND(42,g,h,a,b,c,d,e,f)
1124 ROUND(43,f,g,h,a,b,c,d,e)
1125 ROUND(44,e,f,g,h,a,b,c,d)
1126 ROUND(45,d,e,f,g,h,a,b,c)
1127 ROUND(46,c,d,e,f,g,h,a,b)
1128 ROUND(47,b,c,d,e,f,g,h,a)
1129
1130 ROUND(48,a,b,c,d,e,f,g,h)
1131 ROUND(49,h,a,b,c,d,e,f,g)
1132 ROUND(50,g,h,a,b,c,d,e,f)
1133 ROUND(51,f,g,h,a,b,c,d,e)
1134 ROUND(52,e,f,g,h,a,b,c,d)
1135 ROUND(53,d,e,f,g,h,a,b,c)
1136 ROUND(54,c,d,e,f,g,h,a,b)
1137 ROUND(55,b,c,d,e,f,g,h,a)
1138
1139 ROUND(56,a,b,c,d,e,f,g,h)
1140 ROUND(57,h,a,b,c,d,e,f,g)
1141 ROUND(58,g,h,a,b,c,d,e,f)
1142 ROUND(59,f,g,h,a,b,c,d,e)
1143 ROUND(60,e,f,g,h,a,b,c,d)
1144 ROUND(61,d,e,f,g,h,a,b,c)
1145 ROUND(62,c,d,e,f,g,h,a,b)
1146 ROUND(63,b,c,d,e,f,g,h,a)
1147
1148 ROUND(64,a,b,c,d,e,f,g,h)
1149 ROUND(65,h,a,b,c,d,e,f,g)
1150 ROUND(66,g,h,a,b,c,d,e,f)
1151 ROUND(67,f,g,h,a,b,c,d,e)
1152 ROUND(68,e,f,g,h,a,b,c,d)
1153 ROUND(69,d,e,f,g,h,a,b,c)
1154 ROUND(70,c,d,e,f,g,h,a,b)
1155 ROUND(71,b,c,d,e,f,g,h,a)
1156
1157 ROUND(72,a,b,c,d,e,f,g,h)
1158 ROUND(73,h,a,b,c,d,e,f,g)
1159 ROUND(74,g,h,a,b,c,d,e,f)
1160 ROUND(75,f,g,h,a,b,c,d,e)
1161 ROUND(76,e,f,g,h,a,b,c,d)
1162 ROUND(77,d,e,f,g,h,a,b,c)
1163 ROUND(78,c,d,e,f,g,h,a,b)
1164 ROUND(79,b,c,d,e,f,g,h,a)
1165 #endif
1166
1167 ADDTO(a,H[0]);
1168 ADDTO(b,H[1]);
1169 ADDTO(c,H[2]);
1170 ADDTO(d,H[3]);
1171 ADDTO(e,H[4]);
1172 ADDTO(f,H[5]);
1173 ADDTO(g,H[6]);
1174 ADDTO(h,H[7]);
1175 }
1176 }
1177
1178 void
1179 SHA512_Update(SHA512Context *ctx, const unsigned char *input,
1180 unsigned int inputLen)
1181 {
1182 unsigned int inBuf;
1183 if (!inputLen)
1184 return;
1185
1186 #if defined(HAVE_LONG_LONG)
1187 inBuf = (unsigned int)ctx->sizeLo & 0x7f;
1188 /* Add inputLen into the count of bytes processed, before processing */
1189 ctx->sizeLo += inputLen;
1190 #else
1191 inBuf = (unsigned int)ctx->sizeLo.lo & 0x7f;
1192 ctx->sizeLo.lo += inputLen;
1193 if (ctx->sizeLo.lo < inputLen) ctx->sizeLo.hi++;
1194 #endif
1195
1196 /* if data already in buffer, attemp to fill rest of buffer */
1197 if (inBuf) {
1198 unsigned int todo = SHA512_BLOCK_LENGTH - inBuf;
1199 if (inputLen < todo)
1200 todo = inputLen;
1201 memcpy(B + inBuf, input, todo);
1202 input += todo;
1203 inputLen -= todo;
1204 if (inBuf + todo == SHA512_BLOCK_LENGTH)
1205 SHA512_Compress(ctx);
1206 }
1207
1208 /* if enough data to fill one or more whole buffers, process them. */
1209 while (inputLen >= SHA512_BLOCK_LENGTH) {
1210 memcpy(B, input, SHA512_BLOCK_LENGTH);
1211 input += SHA512_BLOCK_LENGTH;
1212 inputLen -= SHA512_BLOCK_LENGTH;
1213 SHA512_Compress(ctx);
1214 }
1215 /* if data left over, fill it into buffer */
1216 if (inputLen)
1217 memcpy(B, input, inputLen);
1218 }
1219
1220 void
1221 SHA512_End(SHA512Context *ctx, unsigned char *digest,
1222 unsigned int *digestLen, unsigned int maxDigestLen)
1223 {
1224 #if defined(HAVE_LONG_LONG)
1225 unsigned int inBuf = (unsigned int)ctx->sizeLo & 0x7f;
1226 PRUint64 t1;
1227 #else
1228 unsigned int inBuf = (unsigned int)ctx->sizeLo.lo & 0x7f;
1229 PRUint32 t1;
1230 #endif
1231 unsigned int padLen = (inBuf < 112) ? (112 - inBuf) : (112 + 128 - inBuf);
1232 PRUint64 lo;
1233 LL_SHL(lo, ctx->sizeLo, 3);
1234
1235 SHA512_Update(ctx, pad, padLen);
1236
1237 #if defined(HAVE_LONG_LONG)
1238 W[14] = 0;
1239 #else
1240 W[14].lo = 0;
1241 W[14].hi = 0;
1242 #endif
1243
1244 W[15] = lo;
1245 #if defined(IS_LITTLE_ENDIAN)
1246 BYTESWAP8(W[15]);
1247 #endif
1248 SHA512_Compress(ctx);
1249
1250 /* now output the answer */
1251 #if defined(IS_LITTLE_ENDIAN)
1252 BYTESWAP8(H[0]);
1253 BYTESWAP8(H[1]);
1254 BYTESWAP8(H[2]);
1255 BYTESWAP8(H[3]);
1256 BYTESWAP8(H[4]);
1257 BYTESWAP8(H[5]);
1258 BYTESWAP8(H[6]);
1259 BYTESWAP8(H[7]);
1260 #endif
1261 padLen = PR_MIN(SHA512_LENGTH, maxDigestLen);
1262 memcpy(digest, H, padLen);
1263 if (digestLen)
1264 *digestLen = padLen;
1265 }
1266
1267 void
1268 SHA512_EndRaw(SHA512Context *ctx, unsigned char *digest,
1269 unsigned int *digestLen, unsigned int maxDigestLen)
1270 {
1271 #if defined(HAVE_LONG_LONG)
1272 PRUint64 t1;
1273 #else
1274 PRUint32 t1;
1275 #endif
1276 PRUint64 h[8];
1277 unsigned int len;
1278
1279 memcpy(h, ctx->h, sizeof(h));
1280
1281 #if defined(IS_LITTLE_ENDIAN)
1282 BYTESWAP8(h[0]);
1283 BYTESWAP8(h[1]);
1284 BYTESWAP8(h[2]);
1285 BYTESWAP8(h[3]);
1286 BYTESWAP8(h[4]);
1287 BYTESWAP8(h[5]);
1288 BYTESWAP8(h[6]);
1289 BYTESWAP8(h[7]);
1290 #endif
1291 len = PR_MIN(SHA512_LENGTH, maxDigestLen);
1292 memcpy(digest, h, len);
1293 if (digestLen)
1294 *digestLen = len;
1295 }
1296
1297 SECStatus
1298 SHA512_HashBuf(unsigned char *dest, const unsigned char *src,
1299 PRUint32 src_length)
1300 {
1301 SHA512Context ctx;
1302 unsigned int outLen;
1303
1304 SHA512_Begin(&ctx);
1305 SHA512_Update(&ctx, src, src_length);
1306 SHA512_End(&ctx, dest, &outLen, SHA512_LENGTH);
1307 memset(&ctx, 0, sizeof ctx);
1308
1309 return SECSuccess;
1310 }
1311
1312
1313 SECStatus
1314 SHA512_Hash(unsigned char *dest, const char *src)
1315 {
1316 return SHA512_HashBuf(dest, (const unsigned char *)src, PORT_Strlen(src));
1317 }
1318
1319
1320 void SHA512_TraceState(SHA512Context *ctx) { }
1321
1322 unsigned int
1323 SHA512_FlattenSize(SHA512Context *ctx)
1324 {
1325 return sizeof *ctx;
1326 }
1327
1328 SECStatus
1329 SHA512_Flatten(SHA512Context *ctx,unsigned char *space)
1330 {
1331 PORT_Memcpy(space, ctx, sizeof *ctx);
1332 return SECSuccess;
1333 }
1334
1335 SHA512Context *
1336 SHA512_Resurrect(unsigned char *space, void *arg)
1337 {
1338 SHA512Context *ctx = SHA512_NewContext();
1339 if (ctx)
1340 PORT_Memcpy(ctx, space, sizeof *ctx);
1341 return ctx;
1342 }
1343
1344 void SHA512_Clone(SHA512Context *dest, SHA512Context *src)
1345 {
1346 memcpy(dest, src, sizeof *dest);
1347 }
1348
1349 /* ======================================================================= */
1350 /* SHA384 uses a SHA512Context as the real context.
1351 ** The only differences between SHA384 an SHA512 are:
1352 ** a) the intialization values for the context, and
1353 ** b) the number of bytes of data produced as output.
1354 */
1355
1356 /* SHA-384 initial hash values */
1357 static const PRUint64 H384[8] = {
1358 #if PR_BYTES_PER_LONG == 8
1359 0xcbbb9d5dc1059ed8UL , 0x629a292a367cd507UL ,
1360 0x9159015a3070dd17UL , 0x152fecd8f70e5939UL ,
1361 0x67332667ffc00b31UL , 0x8eb44a8768581511UL ,
1362 0xdb0c2e0d64f98fa7UL , 0x47b5481dbefa4fa4UL
1363 #else
1364 ULLC(cbbb9d5d,c1059ed8), ULLC(629a292a,367cd507),
1365 ULLC(9159015a,3070dd17), ULLC(152fecd8,f70e5939),
1366 ULLC(67332667,ffc00b31), ULLC(8eb44a87,68581511),
1367 ULLC(db0c2e0d,64f98fa7), ULLC(47b5481d,befa4fa4)
1368 #endif
1369 };
1370
1371 SHA384Context *
1372 SHA384_NewContext(void)
1373 {
1374 return SHA512_NewContext();
1375 }
1376
1377 void
1378 SHA384_DestroyContext(SHA384Context *ctx, PRBool freeit)
1379 {
1380 SHA512_DestroyContext(ctx, freeit);
1381 }
1382
1383 void
1384 SHA384_Begin(SHA384Context *ctx)
1385 {
1386 memset(ctx, 0, sizeof *ctx);
1387 memcpy(H, H384, sizeof H384);
1388 }
1389
1390 void
1391 SHA384_Update(SHA384Context *ctx, const unsigned char *input,
1392 unsigned int inputLen)
1393 {
1394 SHA512_Update(ctx, input, inputLen);
1395 }
1396
1397 void
1398 SHA384_End(SHA384Context *ctx, unsigned char *digest,
1399 unsigned int *digestLen, unsigned int maxDigestLen)
1400 {
1401 unsigned int maxLen = SHA_MIN(maxDigestLen, SHA384_LENGTH);
1402 SHA512_End(ctx, digest, digestLen, maxLen);
1403 }
1404
1405 void
1406 SHA384_EndRaw(SHA384Context *ctx, unsigned char *digest,
1407 unsigned int *digestLen, unsigned int maxDigestLen)
1408 {
1409 unsigned int maxLen = SHA_MIN(maxDigestLen, SHA384_LENGTH);
1410 SHA512_EndRaw(ctx, digest, digestLen, maxLen);
1411 }
1412
1413 SECStatus
1414 SHA384_HashBuf(unsigned char *dest, const unsigned char *src,
1415 PRUint32 src_length)
1416 {
1417 SHA512Context ctx;
1418 unsigned int outLen;
1419
1420 SHA384_Begin(&ctx);
1421 SHA512_Update(&ctx, src, src_length);
1422 SHA512_End(&ctx, dest, &outLen, SHA384_LENGTH);
1423 memset(&ctx, 0, sizeof ctx);
1424
1425 return SECSuccess;
1426 }
1427
1428 SECStatus
1429 SHA384_Hash(unsigned char *dest, const char *src)
1430 {
1431 return SHA384_HashBuf(dest, (const unsigned char *)src, PORT_Strlen(src));
1432 }
1433
1434 void SHA384_TraceState(SHA384Context *ctx) { }
1435
1436 unsigned int
1437 SHA384_FlattenSize(SHA384Context *ctx)
1438 {
1439 return sizeof(SHA384Context);
1440 }
1441
1442 SECStatus
1443 SHA384_Flatten(SHA384Context *ctx,unsigned char *space)
1444 {
1445 return SHA512_Flatten(ctx, space);
1446 }
1447
1448 SHA384Context *
1449 SHA384_Resurrect(unsigned char *space, void *arg)
1450 {
1451 return SHA512_Resurrect(space, arg);
1452 }
1453
1454 void SHA384_Clone(SHA384Context *dest, SHA384Context *src)
1455 {
1456 memcpy(dest, src, sizeof *dest);
1457 }
1458
1459 /* ======================================================================= */
1460 #ifdef SELFTEST
1461 #include <stdio.h>
1462
1463 static const char abc[] = { "abc" };
1464 static const char abcdbc[] = {
1465 "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
1466 };
1467 static const char abcdef[] = {
1468 "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn"
1469 "hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"
1470 };
1471
1472 void
1473 dumpHash32(const unsigned char *buf, unsigned int bufLen)
1474 {
1475 unsigned int i;
1476 for (i = 0; i < bufLen; i += 4) {
1477 printf(" %02x%02x%02x%02x", buf[i], buf[i+1], buf[i+2], buf[i+3]);
1478 }
1479 printf("\n");
1480 }
1481
1482 void test256(void)
1483 {
1484 unsigned char outBuf[SHA256_LENGTH];
1485
1486 printf("SHA256, input = %s\n", abc);
1487 SHA256_Hash(outBuf, abc);
1488 dumpHash32(outBuf, sizeof outBuf);
1489
1490 printf("SHA256, input = %s\n", abcdbc);
1491 SHA256_Hash(outBuf, abcdbc);
1492 dumpHash32(outBuf, sizeof outBuf);
1493 }
1494
1495 void test224(void)
1496 {
1497 SHA224Context ctx;
1498 unsigned char a1000times[1000];
1499 unsigned int outLen;
1500 unsigned char outBuf[SHA224_LENGTH];
1501 int i;
1502
1503 /* Test Vector 1 */
1504 printf("SHA224, input = %s\n", abc);
1505 SHA224_Hash(outBuf, abc);
1506 dumpHash32(outBuf, sizeof outBuf);
1507
1508 /* Test Vector 2 */
1509 printf("SHA224, input = %s\n", abcdbc);
1510 SHA224_Hash(outBuf, abcdbc);
1511 dumpHash32(outBuf, sizeof outBuf);
1512
1513 /* Test Vector 3 */
1514
1515 /* to hash one million 'a's perform 1000
1516 * sha224 updates on a buffer with 1000 'a's
1517 */
1518 memset(a1000times, 'a', 1000);
1519 printf("SHA224, input = %s\n", "a one million times");
1520 SHA224_Begin(&ctx);
1521 for (i = 0; i < 1000; i++)
1522 SHA224_Update(&ctx, a1000times, 1000);
1523 SHA224_End(&ctx, outBuf, &outLen, SHA224_LENGTH);
1524 dumpHash32(outBuf, sizeof outBuf);
1525 }
1526
1527 void
1528 dumpHash64(const unsigned char *buf, unsigned int bufLen)
1529 {
1530 unsigned int i;
1531 for (i = 0; i < bufLen; i += 8) {
1532 if (i % 32 == 0)
1533 printf("\n");
1534 printf(" %02x%02x%02x%02x%02x%02x%02x%02x",
1535 buf[i ], buf[i+1], buf[i+2], buf[i+3],
1536 buf[i+4], buf[i+5], buf[i+6], buf[i+7]);
1537 }
1538 printf("\n");
1539 }
1540
1541 void test512(void)
1542 {
1543 unsigned char outBuf[SHA512_LENGTH];
1544
1545 printf("SHA512, input = %s\n", abc);
1546 SHA512_Hash(outBuf, abc);
1547 dumpHash64(outBuf, sizeof outBuf);
1548
1549 printf("SHA512, input = %s\n", abcdef);
1550 SHA512_Hash(outBuf, abcdef);
1551 dumpHash64(outBuf, sizeof outBuf);
1552 }
1553
1554 void time512(void)
1555 {
1556 unsigned char outBuf[SHA512_LENGTH];
1557
1558 SHA512_Hash(outBuf, abc);
1559 SHA512_Hash(outBuf, abcdef);
1560 }
1561
1562 void test384(void)
1563 {
1564 unsigned char outBuf[SHA384_LENGTH];
1565
1566 printf("SHA384, input = %s\n", abc);
1567 SHA384_Hash(outBuf, abc);
1568 dumpHash64(outBuf, sizeof outBuf);
1569
1570 printf("SHA384, input = %s\n", abcdef);
1571 SHA384_Hash(outBuf, abcdef);
1572 dumpHash64(outBuf, sizeof outBuf);
1573 }
1574
1575 int main (int argc, char *argv[], char *envp[])
1576 {
1577 int i = 1;
1578 if (argc > 1) {
1579 i = atoi(argv[1]);
1580 }
1581 if (i < 2) {
1582 test224();
1583 test256();
1584 test384();
1585 test512();
1586 } else {
1587 while (i-- > 0) {
1588 time512();
1589 }
1590 printf("done\n");
1591 }
1592 return 0;
1593 }
1594
1595 void *PORT_Alloc(size_t len) { return malloc(len); }
1596 void PORT_Free(void *ptr) { free(ptr); }
1597 void PORT_ZFree(void *ptr, size_t len) { memset(ptr, 0, len); free(ptr); }
1598 #endif
This site is hosted by Intevation GmbH (Datenschutzerklärung und Impressum | Privacy Policy and Imprint)