diff options
author | David Walter Seikel | 2016-03-28 22:28:34 +1000 |
---|---|---|
committer | David Walter Seikel | 2016-03-28 22:28:34 +1000 |
commit | 7028cbe09c688437910a25623098762bf0fa592d (patch) | |
tree | 10b5af58277d9880380c2251f109325542c4e6eb /src/others/irrlicht-1.8.1/source/Irrlicht/aesGladman/sha2.cpp | |
parent | Move lemon to the src/others directory. (diff) | |
download | SledjHamr-7028cbe09c688437910a25623098762bf0fa592d.zip SledjHamr-7028cbe09c688437910a25623098762bf0fa592d.tar.gz SledjHamr-7028cbe09c688437910a25623098762bf0fa592d.tar.bz2 SledjHamr-7028cbe09c688437910a25623098762bf0fa592d.tar.xz |
Move Irrlicht to src/others.
Diffstat (limited to 'src/others/irrlicht-1.8.1/source/Irrlicht/aesGladman/sha2.cpp')
-rw-r--r-- | src/others/irrlicht-1.8.1/source/Irrlicht/aesGladman/sha2.cpp | 626 |
1 files changed, 626 insertions, 0 deletions
diff --git a/src/others/irrlicht-1.8.1/source/Irrlicht/aesGladman/sha2.cpp b/src/others/irrlicht-1.8.1/source/Irrlicht/aesGladman/sha2.cpp new file mode 100644 index 0000000..5be1bbf --- /dev/null +++ b/src/others/irrlicht-1.8.1/source/Irrlicht/aesGladman/sha2.cpp | |||
@@ -0,0 +1,626 @@ | |||
1 | /* | ||
2 | --------------------------------------------------------------------------- | ||
3 | Copyright (c) 2002, Dr Brian Gladman < >, Worcester, UK. | ||
4 | All rights reserved. | ||
5 | |||
6 | LICENSE TERMS | ||
7 | |||
8 | The free distribution and use of this software in both source and binary | ||
9 | form is allowed (with or without changes) provided that: | ||
10 | |||
11 | 1. distributions of this source code include the above copyright | ||
12 | notice, this list of conditions and the following disclaimer; | ||
13 | |||
14 | 2. distributions in binary form include the above copyright | ||
15 | notice, this list of conditions and the following disclaimer | ||
16 | in the documentation and/or other associated materials; | ||
17 | |||
18 | 3. the copyright holder's name is not used to endorse products | ||
19 | built using this software without specific written permission. | ||
20 | |||
21 | ALTERNATIVELY, provided that this notice is retained in full, this product | ||
22 | may be distributed under the terms of the GNU General Public License (GPL), | ||
23 | in which case the provisions of the GPL apply INSTEAD OF those given above. | ||
24 | |||
25 | DISCLAIMER | ||
26 | |||
27 | This software is provided 'as is' with no explicit or implied warranties | ||
28 | in respect of its properties, including, but not limited to, correctness | ||
29 | and/or fitness for purpose. | ||
30 | --------------------------------------------------------------------------- | ||
31 | Issue Date: 26/08/2003 | ||
32 | |||
33 | This is a byte oriented version of SHA2 that operates on arrays of bytes | ||
34 | stored in memory. This code implements sha256, sha384 and sha512 but the | ||
35 | latter two functions rely on efficient 64-bit integer operations that | ||
36 | may not be very efficient on 32-bit machines | ||
37 | |||
38 | The sha256 functions use a type 'sha256_ctx' to hold details of the | ||
39 | current hash state and uses the following three calls: | ||
40 | |||
41 | void sha256_begin(sha256_ctx ctx[1]) | ||
42 | void sha256_hash(const unsigned char data[], | ||
43 | unsigned long len, sha256_ctx ctx[1]) | ||
44 | void sha256_end(unsigned char hval[], sha256_ctx ctx[1]) | ||
45 | |||
46 | The first subroutine initialises a hash computation by setting up the | ||
47 | context in the sha256_ctx context. The second subroutine hashes 8-bit | ||
48 | bytes from array data[] into the hash state withinh sha256_ctx context, | ||
49 | the number of bytes to be hashed being given by the the unsigned long | ||
50 | integer len. The third subroutine completes the hash calculation and | ||
51 | places the resulting digest value in the array of 8-bit bytes hval[]. | ||
52 | |||
53 | The sha384 and sha512 functions are similar and use the interfaces: | ||
54 | |||
55 | void sha384_begin(sha384_ctx ctx[1]); | ||
56 | void sha384_hash(const unsigned char data[], | ||
57 | unsigned long len, sha384_ctx ctx[1]); | ||
58 | void sha384_end(unsigned char hval[], sha384_ctx ctx[1]); | ||
59 | |||
60 | void sha512_begin(sha512_ctx ctx[1]); | ||
61 | void sha512_hash(const unsigned char data[], | ||
62 | unsigned long len, sha512_ctx ctx[1]); | ||
63 | void sha512_end(unsigned char hval[], sha512_ctx ctx[1]); | ||
64 | |||
65 | In addition there is a function sha2 that can be used to call all these | ||
66 | functions using a call with a hash length parameter as follows: | ||
67 | |||
68 | int sha2_begin(unsigned long len, sha2_ctx ctx[1]); | ||
69 | void sha2_hash(const unsigned char data[], | ||
70 | unsigned long len, sha2_ctx ctx[1]); | ||
71 | void sha2_end(unsigned char hval[], sha2_ctx ctx[1]); | ||
72 | |||
73 | My thanks to Erik Andersen <andersen@codepoet.org> for testing this code | ||
74 | on big-endian systems and for his assistance with corrections | ||
75 | */ | ||
76 | |||
77 | /* define the hash functions that you need */ | ||
78 | |||
79 | #define SHA_2 /* for dynamic hash length */ | ||
80 | #define SHA_256 | ||
81 | #define SHA_384 | ||
82 | #define SHA_512 | ||
83 | |||
84 | #include <string.h> /* for memcpy() etc. */ | ||
85 | #include <stdlib.h> /* for _lrotr with VC++ */ | ||
86 | |||
87 | #include "sha2.h" | ||
88 | #include "../os.h" | ||
89 | |||
90 | /* BYTE ORDER IN 32-BIT WORDS | ||
91 | |||
92 | To obtain the highest speed on processors with 32-bit words, this code | ||
93 | needs to determine the byte order of the target machine. The following | ||
94 | block of code is an attempt to capture the most obvious ways in which | ||
95 | various environemnts define byte order. It may well fail, in which case | ||
96 | the definitions will need to be set by editing at the points marked | ||
97 | **** EDIT HERE IF NECESSARY **** below. My thanks to Peter Gutmann for | ||
98 | some of these defines (from cryptlib). | ||
99 | */ | ||
100 | |||
101 | #define BRG_LITTLE_ENDIAN 1234 /* byte 0 is least significant (i386) */ | ||
102 | #define BRG_BIG_ENDIAN 4321 /* byte 0 is most significant (mc68k) */ | ||
103 | |||
104 | #ifdef __BIG_ENDIAN__ | ||
105 | #define PLATFORM_BYTE_ORDER BRG_BIG_ENDIAN | ||
106 | #else | ||
107 | #define PLATFORM_BYTE_ORDER BRG_LITTLE_ENDIAN | ||
108 | #endif | ||
109 | |||
110 | #ifdef _MSC_VER | ||
111 | #pragma intrinsic(memcpy) | ||
112 | #endif | ||
113 | |||
114 | #define rotr32(x,n) (((x) >> n) | ((x) << (32 - n))) | ||
115 | |||
116 | #if !defined(bswap_32) | ||
117 | #define bswap_32(x) irr::os::Byteswap::byteswap(x) | ||
118 | #endif | ||
119 | |||
120 | #if (PLATFORM_BYTE_ORDER == BRG_LITTLE_ENDIAN) | ||
121 | #define SWAP_BYTES | ||
122 | #else | ||
123 | #undef SWAP_BYTES | ||
124 | #endif | ||
125 | |||
126 | #if defined(SHA_2) || defined(SHA_256) | ||
127 | |||
128 | #define SHA256_MASK (SHA256_BLOCK_SIZE - 1) | ||
129 | |||
130 | #if defined(SWAP_BYTES) | ||
131 | #define bsw_32(p,n) { int _i = (n); while(_i--) p[_i] = bswap_32(p[_i]); } | ||
132 | #else | ||
133 | #define bsw_32(p,n) | ||
134 | #endif | ||
135 | |||
136 | /* SHA256 mixing function definitions */ | ||
137 | |||
138 | #if 0 | ||
139 | |||
140 | #define ch(x,y,z) (((x) & (y)) ^ (~(x) & (z))) | ||
141 | #define maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) | ||
142 | |||
143 | #else /* Thanks to Rich Schroeppel and Colin Plumb for the following */ | ||
144 | |||
145 | #define ch(x,y,z) ((z) ^ ((x) & ((y) ^ (z)))) | ||
146 | #define maj(x,y,z) (((x) & (y)) | ((z) & ((x) ^ (y)))) | ||
147 | |||
148 | #endif | ||
149 | |||
150 | #define s256_0(x) (rotr32((x), 2) ^ rotr32((x), 13) ^ rotr32((x), 22)) | ||
151 | #define s256_1(x) (rotr32((x), 6) ^ rotr32((x), 11) ^ rotr32((x), 25)) | ||
152 | #define g256_0(x) (rotr32((x), 7) ^ rotr32((x), 18) ^ ((x) >> 3)) | ||
153 | #define g256_1(x) (rotr32((x), 17) ^ rotr32((x), 19) ^ ((x) >> 10)) | ||
154 | |||
155 | /* rotated SHA256 round definition. Rather than swapping variables as in */ | ||
156 | /* FIPS-180, different variables are 'rotated' on each round, returning */ | ||
157 | /* to their starting positions every eight rounds */ | ||
158 | |||
159 | #define h2(i) p[i & 15] += \ | ||
160 | g256_1(p[(i + 14) & 15]) + p[(i + 9) & 15] + g256_0(p[(i + 1) & 15]) | ||
161 | |||
162 | #define h2_cycle(i,j) \ | ||
163 | v[(7 - i) & 7] += (j ? h2(i) : p[i & 15]) + k256[i + j] \ | ||
164 | + s256_1(v[(4 - i) & 7]) + ch(v[(4 - i) & 7], v[(5 - i) & 7], v[(6 - i) & 7]); \ | ||
165 | v[(3 - i) & 7] += v[(7 - i) & 7]; \ | ||
166 | v[(7 - i) & 7] += s256_0(v[(0 - i) & 7]) + maj(v[(0 - i) & 7], v[(1 - i) & 7], v[(2 - i) & 7]) | ||
167 | |||
168 | /* SHA256 mixing data */ | ||
169 | |||
170 | const sha2_32t k256[64] = | ||
171 | { n_u32(428a2f98), n_u32(71374491), n_u32(b5c0fbcf), n_u32(e9b5dba5), | ||
172 | n_u32(3956c25b), n_u32(59f111f1), n_u32(923f82a4), n_u32(ab1c5ed5), | ||
173 | n_u32(d807aa98), n_u32(12835b01), n_u32(243185be), n_u32(550c7dc3), | ||
174 | n_u32(72be5d74), n_u32(80deb1fe), n_u32(9bdc06a7), n_u32(c19bf174), | ||
175 | n_u32(e49b69c1), n_u32(efbe4786), n_u32(0fc19dc6), n_u32(240ca1cc), | ||
176 | n_u32(2de92c6f), n_u32(4a7484aa), n_u32(5cb0a9dc), n_u32(76f988da), | ||
177 | n_u32(983e5152), n_u32(a831c66d), n_u32(b00327c8), n_u32(bf597fc7), | ||
178 | n_u32(c6e00bf3), n_u32(d5a79147), n_u32(06ca6351), n_u32(14292967), | ||
179 | n_u32(27b70a85), n_u32(2e1b2138), n_u32(4d2c6dfc), n_u32(53380d13), | ||
180 | n_u32(650a7354), n_u32(766a0abb), n_u32(81c2c92e), n_u32(92722c85), | ||
181 | n_u32(a2bfe8a1), n_u32(a81a664b), n_u32(c24b8b70), n_u32(c76c51a3), | ||
182 | n_u32(d192e819), n_u32(d6990624), n_u32(f40e3585), n_u32(106aa070), | ||
183 | n_u32(19a4c116), n_u32(1e376c08), n_u32(2748774c), n_u32(34b0bcb5), | ||
184 | n_u32(391c0cb3), n_u32(4ed8aa4a), n_u32(5b9cca4f), n_u32(682e6ff3), | ||
185 | n_u32(748f82ee), n_u32(78a5636f), n_u32(84c87814), n_u32(8cc70208), | ||
186 | n_u32(90befffa), n_u32(a4506ceb), n_u32(bef9a3f7), n_u32(c67178f2), | ||
187 | }; | ||
188 | |||
189 | /* SHA256 initialisation data */ | ||
190 | |||
191 | const sha2_32t i256[8] = | ||
192 | { | ||
193 | n_u32(6a09e667), n_u32(bb67ae85), n_u32(3c6ef372), n_u32(a54ff53a), | ||
194 | n_u32(510e527f), n_u32(9b05688c), n_u32(1f83d9ab), n_u32(5be0cd19) | ||
195 | }; | ||
196 | |||
197 | sha2_void sha256_begin(sha256_ctx ctx[1]) | ||
198 | { | ||
199 | ctx->count[0] = ctx->count[1] = 0; | ||
200 | memcpy(ctx->hash, i256, 8 * sizeof(sha2_32t)); | ||
201 | } | ||
202 | |||
203 | /* Compile 64 bytes of hash data into SHA256 digest value */ | ||
204 | /* NOTE: this routine assumes that the byte order in the */ | ||
205 | /* ctx->wbuf[] at this point is in such an order that low */ | ||
206 | /* address bytes in the ORIGINAL byte stream placed in this */ | ||
207 | /* buffer will now go to the high end of words on BOTH big */ | ||
208 | /* and little endian systems */ | ||
209 | |||
210 | sha2_void sha256_compile(sha256_ctx ctx[1]) | ||
211 | { sha2_32t v[8], j, *p = ctx->wbuf; | ||
212 | |||
213 | memcpy(v, ctx->hash, 8 * sizeof(sha2_32t)); | ||
214 | |||
215 | for(j = 0; j < 64; j += 16) | ||
216 | { | ||
217 | h2_cycle( 0, j); h2_cycle( 1, j); h2_cycle( 2, j); h2_cycle( 3, j); | ||
218 | h2_cycle( 4, j); h2_cycle( 5, j); h2_cycle( 6, j); h2_cycle( 7, j); | ||
219 | h2_cycle( 8, j); h2_cycle( 9, j); h2_cycle(10, j); h2_cycle(11, j); | ||
220 | h2_cycle(12, j); h2_cycle(13, j); h2_cycle(14, j); h2_cycle(15, j); | ||
221 | } | ||
222 | |||
223 | ctx->hash[0] += v[0]; ctx->hash[1] += v[1]; ctx->hash[2] += v[2]; ctx->hash[3] += v[3]; | ||
224 | ctx->hash[4] += v[4]; ctx->hash[5] += v[5]; ctx->hash[6] += v[6]; ctx->hash[7] += v[7]; | ||
225 | } | ||
226 | |||
227 | /* SHA256 hash data in an array of bytes into hash buffer */ | ||
228 | /* and call the hash_compile function as required. */ | ||
229 | |||
230 | sha2_void sha256_hash(const unsigned char data[], unsigned long len, sha256_ctx ctx[1]) | ||
231 | { sha2_32t pos = (sha2_32t)(ctx->count[0] & SHA256_MASK), | ||
232 | space = SHA256_BLOCK_SIZE - pos; | ||
233 | const unsigned char *sp = data; | ||
234 | |||
235 | if((ctx->count[0] += len) < len) | ||
236 | ++(ctx->count[1]); | ||
237 | |||
238 | while(len >= space) /* tranfer whole blocks while possible */ | ||
239 | { | ||
240 | memcpy(((unsigned char*)ctx->wbuf) + pos, sp, space); | ||
241 | sp += space; len -= space; space = SHA256_BLOCK_SIZE; pos = 0; | ||
242 | bsw_32(ctx->wbuf, SHA256_BLOCK_SIZE >> 2) | ||
243 | sha256_compile(ctx); | ||
244 | } | ||
245 | |||
246 | memcpy(((unsigned char*)ctx->wbuf) + pos, sp, len); | ||
247 | } | ||
248 | |||
249 | /* SHA256 Final padding and digest calculation */ | ||
250 | |||
251 | static sha2_32t m1[4] = | ||
252 | { | ||
253 | n_u32(00000000), n_u32(ff000000), n_u32(ffff0000), n_u32(ffffff00) | ||
254 | }; | ||
255 | |||
256 | static sha2_32t b1[4] = | ||
257 | { | ||
258 | n_u32(80000000), n_u32(00800000), n_u32(00008000), n_u32(00000080) | ||
259 | }; | ||
260 | |||
261 | sha2_void sha256_end(unsigned char hval[], sha256_ctx ctx[1]) | ||
262 | { sha2_32t i = (sha2_32t)(ctx->count[0] & SHA256_MASK); | ||
263 | |||
264 | bsw_32(ctx->wbuf, (i + 3) >> 2) | ||
265 | /* bytes in the buffer are now in an order in which references */ | ||
266 | /* to 32-bit words will put bytes with lower addresses into the */ | ||
267 | /* top of 32 bit words on BOTH big and little endian machines */ | ||
268 | |||
269 | /* we now need to mask valid bytes and add the padding which is */ | ||
270 | /* a single 1 bit and as many zero bits as necessary. */ | ||
271 | ctx->wbuf[i >> 2] = (ctx->wbuf[i >> 2] & m1[i & 3]) | b1[i & 3]; | ||
272 | |||
273 | /* we need 9 or more empty positions, one for the padding byte */ | ||
274 | /* (above) and eight for the length count. If there is not */ | ||
275 | /* enough space pad and empty the buffer */ | ||
276 | if(i > SHA256_BLOCK_SIZE - 9) | ||
277 | { | ||
278 | if(i < 60) ctx->wbuf[15] = 0; | ||
279 | sha256_compile(ctx); | ||
280 | i = 0; | ||
281 | } | ||
282 | else /* compute a word index for the empty buffer positions */ | ||
283 | i = (i >> 2) + 1; | ||
284 | |||
285 | while(i < 14) /* and zero pad all but last two positions */ | ||
286 | ctx->wbuf[i++] = 0; | ||
287 | |||
288 | /* the following 32-bit length fields are assembled in the */ | ||
289 | /* wrong byte order on little endian machines but this is */ | ||
290 | /* corrected later since they are only ever used as 32-bit */ | ||
291 | /* word values. */ | ||
292 | |||
293 | ctx->wbuf[14] = (ctx->count[1] << 3) | (ctx->count[0] >> 29); | ||
294 | ctx->wbuf[15] = ctx->count[0] << 3; | ||
295 | |||
296 | sha256_compile(ctx); | ||
297 | |||
298 | /* extract the hash value as bytes in case the hash buffer is */ | ||
299 | /* mislaigned for 32-bit words */ | ||
300 | for(i = 0; i < SHA256_DIGEST_SIZE; ++i) | ||
301 | hval[i] = (unsigned char)(ctx->hash[i >> 2] >> (8 * (~i & 3))); | ||
302 | } | ||
303 | |||
304 | sha2_void sha256(unsigned char hval[], const unsigned char data[], unsigned long len) | ||
305 | { sha256_ctx cx[1]; | ||
306 | |||
307 | sha256_begin(cx); sha256_hash(data, len, cx); sha256_end(hval, cx); | ||
308 | } | ||
309 | |||
310 | #endif | ||
311 | |||
312 | #if defined(SHA_2) || defined(SHA_384) || defined(SHA_512) | ||
313 | |||
314 | #define SHA512_MASK (SHA512_BLOCK_SIZE - 1) | ||
315 | |||
316 | #define rotr64(x,n) (((x) >> n) | ((x) << (64 - n))) | ||
317 | |||
318 | #if !defined(bswap_64) | ||
319 | #define bswap_64(x) ((((sha2_64t)(bswap_32((sha2_32t)(x)))) << 32) | (bswap_32((sha2_32t)((x) >> 32)))) | ||
320 | #endif | ||
321 | |||
322 | #if defined(SWAP_BYTES) | ||
323 | #define bsw_64(p,n) { int _i = (n); while(_i--) p[_i] = bswap_64(p[_i]); } | ||
324 | #else | ||
325 | #define bsw_64(p,n) | ||
326 | #endif | ||
327 | |||
328 | /* SHA512 mixing function definitions */ | ||
329 | |||
330 | #define s512_0(x) (rotr64((x), 28) ^ rotr64((x), 34) ^ rotr64((x), 39)) | ||
331 | #define s512_1(x) (rotr64((x), 14) ^ rotr64((x), 18) ^ rotr64((x), 41)) | ||
332 | #define g512_0(x) (rotr64((x), 1) ^ rotr64((x), 8) ^ ((x) >> 7)) | ||
333 | #define g512_1(x) (rotr64((x), 19) ^ rotr64((x), 61) ^ ((x) >> 6)) | ||
334 | |||
335 | /* rotated SHA512 round definition. Rather than swapping variables as in */ | ||
336 | /* FIPS-180, different variables are 'rotated' on each round, returning */ | ||
337 | /* to their starting positions every eight rounds */ | ||
338 | |||
339 | #define h5(i) ctx->wbuf[i & 15] += \ | ||
340 | g512_1(ctx->wbuf[(i + 14) & 15]) + ctx->wbuf[(i + 9) & 15] + g512_0(ctx->wbuf[(i + 1) & 15]) | ||
341 | |||
342 | #define h5_cycle(i,j) \ | ||
343 | v[(7 - i) & 7] += (j ? h5(i) : ctx->wbuf[i & 15]) + k512[i + j] \ | ||
344 | + s512_1(v[(4 - i) & 7]) + ch(v[(4 - i) & 7], v[(5 - i) & 7], v[(6 - i) & 7]); \ | ||
345 | v[(3 - i) & 7] += v[(7 - i) & 7]; \ | ||
346 | v[(7 - i) & 7] += s512_0(v[(0 - i) & 7]) + maj(v[(0 - i) & 7], v[(1 - i) & 7], v[(2 - i) & 7]) | ||
347 | |||
348 | /* SHA384/SHA512 mixing data */ | ||
349 | |||
350 | const sha2_64t k512[80] = | ||
351 | { | ||
352 | n_u64(428a2f98d728ae22), n_u64(7137449123ef65cd), | ||
353 | n_u64(b5c0fbcfec4d3b2f), n_u64(e9b5dba58189dbbc), | ||
354 | n_u64(3956c25bf348b538), n_u64(59f111f1b605d019), | ||
355 | n_u64(923f82a4af194f9b), n_u64(ab1c5ed5da6d8118), | ||
356 | n_u64(d807aa98a3030242), n_u64(12835b0145706fbe), | ||
357 | n_u64(243185be4ee4b28c), n_u64(550c7dc3d5ffb4e2), | ||
358 | n_u64(72be5d74f27b896f), n_u64(80deb1fe3b1696b1), | ||
359 | n_u64(9bdc06a725c71235), n_u64(c19bf174cf692694), | ||
360 | n_u64(e49b69c19ef14ad2), n_u64(efbe4786384f25e3), | ||
361 | n_u64(0fc19dc68b8cd5b5), n_u64(240ca1cc77ac9c65), | ||
362 | n_u64(2de92c6f592b0275), n_u64(4a7484aa6ea6e483), | ||
363 | n_u64(5cb0a9dcbd41fbd4), n_u64(76f988da831153b5), | ||
364 | n_u64(983e5152ee66dfab), n_u64(a831c66d2db43210), | ||
365 | n_u64(b00327c898fb213f), n_u64(bf597fc7beef0ee4), | ||
366 | n_u64(c6e00bf33da88fc2), n_u64(d5a79147930aa725), | ||
367 | n_u64(06ca6351e003826f), n_u64(142929670a0e6e70), | ||
368 | n_u64(27b70a8546d22ffc), n_u64(2e1b21385c26c926), | ||
369 | n_u64(4d2c6dfc5ac42aed), n_u64(53380d139d95b3df), | ||
370 | n_u64(650a73548baf63de), n_u64(766a0abb3c77b2a8), | ||
371 | n_u64(81c2c92e47edaee6), n_u64(92722c851482353b), | ||
372 | n_u64(a2bfe8a14cf10364), n_u64(a81a664bbc423001), | ||
373 | n_u64(c24b8b70d0f89791), n_u64(c76c51a30654be30), | ||
374 | n_u64(d192e819d6ef5218), n_u64(d69906245565a910), | ||
375 | n_u64(f40e35855771202a), n_u64(106aa07032bbd1b8), | ||
376 | n_u64(19a4c116b8d2d0c8), n_u64(1e376c085141ab53), | ||
377 | n_u64(2748774cdf8eeb99), n_u64(34b0bcb5e19b48a8), | ||
378 | n_u64(391c0cb3c5c95a63), n_u64(4ed8aa4ae3418acb), | ||
379 | n_u64(5b9cca4f7763e373), n_u64(682e6ff3d6b2b8a3), | ||
380 | n_u64(748f82ee5defb2fc), n_u64(78a5636f43172f60), | ||
381 | n_u64(84c87814a1f0ab72), n_u64(8cc702081a6439ec), | ||
382 | n_u64(90befffa23631e28), n_u64(a4506cebde82bde9), | ||
383 | n_u64(bef9a3f7b2c67915), n_u64(c67178f2e372532b), | ||
384 | n_u64(ca273eceea26619c), n_u64(d186b8c721c0c207), | ||
385 | n_u64(eada7dd6cde0eb1e), n_u64(f57d4f7fee6ed178), | ||
386 | n_u64(06f067aa72176fba), n_u64(0a637dc5a2c898a6), | ||
387 | n_u64(113f9804bef90dae), n_u64(1b710b35131c471b), | ||
388 | n_u64(28db77f523047d84), n_u64(32caab7b40c72493), | ||
389 | n_u64(3c9ebe0a15c9bebc), n_u64(431d67c49c100d4c), | ||
390 | n_u64(4cc5d4becb3e42b6), n_u64(597f299cfc657e2a), | ||
391 | n_u64(5fcb6fab3ad6faec), n_u64(6c44198c4a475817) | ||
392 | }; | ||
393 | |||
394 | /* Compile 64 bytes of hash data into SHA384/SHA512 digest value */ | ||
395 | |||
396 | sha2_void sha512_compile(sha512_ctx ctx[1]) | ||
397 | { sha2_64t v[8]; | ||
398 | sha2_32t j; | ||
399 | |||
400 | memcpy(v, ctx->hash, 8 * sizeof(sha2_64t)); | ||
401 | |||
402 | for(j = 0; j < 80; j += 16) | ||
403 | { | ||
404 | h5_cycle( 0, j); h5_cycle( 1, j); h5_cycle( 2, j); h5_cycle( 3, j); | ||
405 | h5_cycle( 4, j); h5_cycle( 5, j); h5_cycle( 6, j); h5_cycle( 7, j); | ||
406 | h5_cycle( 8, j); h5_cycle( 9, j); h5_cycle(10, j); h5_cycle(11, j); | ||
407 | h5_cycle(12, j); h5_cycle(13, j); h5_cycle(14, j); h5_cycle(15, j); | ||
408 | } | ||
409 | |||
410 | ctx->hash[0] += v[0]; ctx->hash[1] += v[1]; ctx->hash[2] += v[2]; ctx->hash[3] += v[3]; | ||
411 | ctx->hash[4] += v[4]; ctx->hash[5] += v[5]; ctx->hash[6] += v[6]; ctx->hash[7] += v[7]; | ||
412 | } | ||
413 | |||
414 | /* Compile 128 bytes of hash data into SHA256 digest value */ | ||
415 | /* NOTE: this routine assumes that the byte order in the */ | ||
416 | /* ctx->wbuf[] at this point is in such an order that low */ | ||
417 | /* address bytes in the ORIGINAL byte stream placed in this */ | ||
418 | /* buffer will now go to the high end of words on BOTH big */ | ||
419 | /* and little endian systems */ | ||
420 | |||
421 | sha2_void sha512_hash(const unsigned char data[], unsigned long len, sha512_ctx ctx[1]) | ||
422 | { sha2_32t pos = (sha2_32t)(ctx->count[0] & SHA512_MASK), | ||
423 | space = SHA512_BLOCK_SIZE - pos; | ||
424 | const unsigned char *sp = data; | ||
425 | |||
426 | if((ctx->count[0] += len) < len) | ||
427 | ++(ctx->count[1]); | ||
428 | |||
429 | while(len >= space) /* tranfer whole blocks while possible */ | ||
430 | { | ||
431 | memcpy(((unsigned char*)ctx->wbuf) + pos, sp, space); | ||
432 | sp += space; len -= space; space = SHA512_BLOCK_SIZE; pos = 0; | ||
433 | bsw_64(ctx->wbuf, SHA512_BLOCK_SIZE >> 3); | ||
434 | sha512_compile(ctx); | ||
435 | } | ||
436 | |||
437 | memcpy(((unsigned char*)ctx->wbuf) + pos, sp, len); | ||
438 | } | ||
439 | |||
440 | /* SHA384/512 Final padding and digest calculation */ | ||
441 | |||
442 | static sha2_64t m2[8] = | ||
443 | { | ||
444 | n_u64(0000000000000000), n_u64(ff00000000000000), | ||
445 | n_u64(ffff000000000000), n_u64(ffffff0000000000), | ||
446 | n_u64(ffffffff00000000), n_u64(ffffffffff000000), | ||
447 | n_u64(ffffffffffff0000), n_u64(ffffffffffffff00) | ||
448 | }; | ||
449 | |||
450 | static sha2_64t b2[8] = | ||
451 | { | ||
452 | n_u64(8000000000000000), n_u64(0080000000000000), | ||
453 | n_u64(0000800000000000), n_u64(0000008000000000), | ||
454 | n_u64(0000000080000000), n_u64(0000000000800000), | ||
455 | n_u64(0000000000008000), n_u64(0000000000000080) | ||
456 | }; | ||
457 | |||
458 | static void sha_end(unsigned char hval[], sha512_ctx ctx[1], const unsigned int hlen) | ||
459 | { sha2_32t i = (sha2_32t)(ctx->count[0] & SHA512_MASK); | ||
460 | |||
461 | bsw_64(ctx->wbuf, (i + 7) >> 3); | ||
462 | |||
463 | /* bytes in the buffer are now in an order in which references */ | ||
464 | /* to 64-bit words will put bytes with lower addresses into the */ | ||
465 | /* top of 64 bit words on BOTH big and little endian machines */ | ||
466 | |||
467 | /* we now need to mask valid bytes and add the padding which is */ | ||
468 | /* a single 1 bit and as many zero bits as necessary. */ | ||
469 | ctx->wbuf[i >> 3] = (ctx->wbuf[i >> 3] & m2[i & 7]) | b2[i & 7]; | ||
470 | |||
471 | /* we need 17 or more empty byte positions, one for the padding */ | ||
472 | /* byte (above) and sixteen for the length count. If there is */ | ||
473 | /* not enough space pad and empty the buffer */ | ||
474 | if(i > SHA512_BLOCK_SIZE - 17) | ||
475 | { | ||
476 | if(i < 120) ctx->wbuf[15] = 0; | ||
477 | sha512_compile(ctx); | ||
478 | i = 0; | ||
479 | } | ||
480 | else | ||
481 | i = (i >> 3) + 1; | ||
482 | |||
483 | while(i < 14) | ||
484 | ctx->wbuf[i++] = 0; | ||
485 | |||
486 | /* the following 64-bit length fields are assembled in the */ | ||
487 | /* wrong byte order on little endian machines but this is */ | ||
488 | /* corrected later since they are only ever used as 64-bit */ | ||
489 | /* word values. */ | ||
490 | |||
491 | ctx->wbuf[14] = (ctx->count[1] << 3) | (ctx->count[0] >> 61); | ||
492 | ctx->wbuf[15] = ctx->count[0] << 3; | ||
493 | |||
494 | sha512_compile(ctx); | ||
495 | |||
496 | /* extract the hash value as bytes in case the hash buffer is */ | ||
497 | /* misaligned for 32-bit words */ | ||
498 | for(i = 0; i < hlen; ++i) | ||
499 | hval[i] = (unsigned char)(ctx->hash[i >> 3] >> (8 * (~i & 7))); | ||
500 | } | ||
501 | |||
502 | #endif | ||
503 | |||
504 | #if defined(SHA_2) || defined(SHA_384) | ||
505 | |||
506 | /* SHA384 initialisation data */ | ||
507 | |||
508 | const sha2_64t i384[80] = | ||
509 | { | ||
510 | n_u64(cbbb9d5dc1059ed8), n_u64(629a292a367cd507), | ||
511 | n_u64(9159015a3070dd17), n_u64(152fecd8f70e5939), | ||
512 | n_u64(67332667ffc00b31), n_u64(8eb44a8768581511), | ||
513 | n_u64(db0c2e0d64f98fa7), n_u64(47b5481dbefa4fa4) | ||
514 | }; | ||
515 | |||
516 | sha2_void sha384_begin(sha384_ctx ctx[1]) | ||
517 | { | ||
518 | ctx->count[0] = ctx->count[1] = 0; | ||
519 | memcpy(ctx->hash, i384, 8 * sizeof(sha2_64t)); | ||
520 | } | ||
521 | |||
522 | sha2_void sha384_end(unsigned char hval[], sha384_ctx ctx[1]) | ||
523 | { | ||
524 | sha_end(hval, ctx, SHA384_DIGEST_SIZE); | ||
525 | } | ||
526 | |||
527 | sha2_void sha384(unsigned char hval[], const unsigned char data[], unsigned long len) | ||
528 | { sha384_ctx cx[1]; | ||
529 | |||
530 | sha384_begin(cx); sha384_hash(data, len, cx); sha384_end(hval, cx); | ||
531 | } | ||
532 | |||
533 | #endif | ||
534 | |||
535 | #if defined(SHA_2) || defined(SHA_512) | ||
536 | |||
537 | /* SHA512 initialisation data */ | ||
538 | |||
539 | const sha2_64t i512[80] = | ||
540 | { | ||
541 | n_u64(6a09e667f3bcc908), n_u64(bb67ae8584caa73b), | ||
542 | n_u64(3c6ef372fe94f82b), n_u64(a54ff53a5f1d36f1), | ||
543 | n_u64(510e527fade682d1), n_u64(9b05688c2b3e6c1f), | ||
544 | n_u64(1f83d9abfb41bd6b), n_u64(5be0cd19137e2179) | ||
545 | }; | ||
546 | |||
547 | sha2_void sha512_begin(sha512_ctx ctx[1]) | ||
548 | { | ||
549 | ctx->count[0] = ctx->count[1] = 0; | ||
550 | memcpy(ctx->hash, i512, 8 * sizeof(sha2_64t)); | ||
551 | } | ||
552 | |||
553 | sha2_void sha512_end(unsigned char hval[], sha512_ctx ctx[1]) | ||
554 | { | ||
555 | sha_end(hval, ctx, SHA512_DIGEST_SIZE); | ||
556 | } | ||
557 | |||
558 | sha2_void sha512(unsigned char hval[], const unsigned char data[], unsigned long len) | ||
559 | { sha512_ctx cx[1]; | ||
560 | |||
561 | sha512_begin(cx); sha512_hash(data, len, cx); sha512_end(hval, cx); | ||
562 | } | ||
563 | |||
564 | #endif | ||
565 | |||
566 | #if defined(SHA_2) | ||
567 | |||
568 | #define CTX_256(x) ((x)->uu->ctx256) | ||
569 | #define CTX_384(x) ((x)->uu->ctx512) | ||
570 | #define CTX_512(x) ((x)->uu->ctx512) | ||
571 | |||
572 | /* SHA2 initialisation */ | ||
573 | |||
574 | sha2_int sha2_begin(unsigned long len, sha2_ctx ctx[1]) | ||
575 | { unsigned long l = len; | ||
576 | switch(len) | ||
577 | { | ||
578 | case 256: l = len >> 3; | ||
579 | case 32: CTX_256(ctx)->count[0] = CTX_256(ctx)->count[1] = 0; | ||
580 | memcpy(CTX_256(ctx)->hash, i256, 32); break; | ||
581 | case 384: l = len >> 3; | ||
582 | case 48: CTX_384(ctx)->count[0] = CTX_384(ctx)->count[1] = 0; | ||
583 | memcpy(CTX_384(ctx)->hash, i384, 64); break; | ||
584 | case 512: l = len >> 3; | ||
585 | case 64: CTX_512(ctx)->count[0] = CTX_512(ctx)->count[1] = 0; | ||
586 | memcpy(CTX_512(ctx)->hash, i512, 64); break; | ||
587 | default: return SHA2_BAD; | ||
588 | } | ||
589 | |||
590 | ctx->sha2_len = l; return SHA2_GOOD; | ||
591 | } | ||
592 | |||
593 | sha2_void sha2_hash(const unsigned char data[], unsigned long len, sha2_ctx ctx[1]) | ||
594 | { | ||
595 | switch(ctx->sha2_len) | ||
596 | { | ||
597 | case 32: sha256_hash(data, len, CTX_256(ctx)); return; | ||
598 | case 48: sha384_hash(data, len, CTX_384(ctx)); return; | ||
599 | case 64: sha512_hash(data, len, CTX_512(ctx)); return; | ||
600 | } | ||
601 | } | ||
602 | |||
603 | sha2_void sha2_end(unsigned char hval[], sha2_ctx ctx[1]) | ||
604 | { | ||
605 | switch(ctx->sha2_len) | ||
606 | { | ||
607 | case 32: sha256_end(hval, CTX_256(ctx)); return; | ||
608 | case 48: sha_end(hval, CTX_384(ctx), SHA384_DIGEST_SIZE); return; | ||
609 | case 64: sha_end(hval, CTX_512(ctx), SHA512_DIGEST_SIZE); return; | ||
610 | } | ||
611 | } | ||
612 | |||
613 | sha2_int sha2(unsigned char hval[], unsigned long size, | ||
614 | const unsigned char data[], unsigned long len) | ||
615 | { sha2_ctx cx[1]; | ||
616 | |||
617 | if(sha2_begin(size, cx) == SHA2_GOOD) | ||
618 | { | ||
619 | sha2_hash(data, len, cx); sha2_end(hval, cx); return SHA2_GOOD; | ||
620 | } | ||
621 | else | ||
622 | return SHA2_BAD; | ||
623 | } | ||
624 | |||
625 | #endif | ||
626 | |||