diff options
Diffstat (limited to '')
-rw-r--r-- | libraries/irrlicht-1.8/source/Irrlicht/aesGladman/sha2.cpp | 1252 |
1 files changed, 626 insertions, 626 deletions
diff --git a/libraries/irrlicht-1.8/source/Irrlicht/aesGladman/sha2.cpp b/libraries/irrlicht-1.8/source/Irrlicht/aesGladman/sha2.cpp index 5be1bbf..a7f1c53 100644 --- a/libraries/irrlicht-1.8/source/Irrlicht/aesGladman/sha2.cpp +++ b/libraries/irrlicht-1.8/source/Irrlicht/aesGladman/sha2.cpp | |||
@@ -1,626 +1,626 @@ | |||
1 | /* | 1 | /* |
2 | --------------------------------------------------------------------------- | 2 | --------------------------------------------------------------------------- |
3 | Copyright (c) 2002, Dr Brian Gladman < >, Worcester, UK. | 3 | Copyright (c) 2002, Dr Brian Gladman < >, Worcester, UK. |
4 | All rights reserved. | 4 | All rights reserved. |
5 | 5 | ||
6 | LICENSE TERMS | 6 | LICENSE TERMS |
7 | 7 | ||
8 | The free distribution and use of this software in both source and binary | 8 | The free distribution and use of this software in both source and binary |
9 | form is allowed (with or without changes) provided that: | 9 | form is allowed (with or without changes) provided that: |
10 | 10 | ||
11 | 1. distributions of this source code include the above copyright | 11 | 1. distributions of this source code include the above copyright |
12 | notice, this list of conditions and the following disclaimer; | 12 | notice, this list of conditions and the following disclaimer; |
13 | 13 | ||
14 | 2. distributions in binary form include the above copyright | 14 | 2. distributions in binary form include the above copyright |
15 | notice, this list of conditions and the following disclaimer | 15 | notice, this list of conditions and the following disclaimer |
16 | in the documentation and/or other associated materials; | 16 | in the documentation and/or other associated materials; |
17 | 17 | ||
18 | 3. the copyright holder's name is not used to endorse products | 18 | 3. the copyright holder's name is not used to endorse products |
19 | built using this software without specific written permission. | 19 | built using this software without specific written permission. |
20 | 20 | ||
21 | ALTERNATIVELY, provided that this notice is retained in full, this product | 21 | ALTERNATIVELY, provided that this notice is retained in full, this product |
22 | may be distributed under the terms of the GNU General Public License (GPL), | 22 | may be distributed under the terms of the GNU General Public License (GPL), |
23 | in which case the provisions of the GPL apply INSTEAD OF those given above. | 23 | in which case the provisions of the GPL apply INSTEAD OF those given above. |
24 | 24 | ||
25 | DISCLAIMER | 25 | DISCLAIMER |
26 | 26 | ||
27 | This software is provided 'as is' with no explicit or implied warranties | 27 | This software is provided 'as is' with no explicit or implied warranties |
28 | in respect of its properties, including, but not limited to, correctness | 28 | in respect of its properties, including, but not limited to, correctness |
29 | and/or fitness for purpose. | 29 | and/or fitness for purpose. |
30 | --------------------------------------------------------------------------- | 30 | --------------------------------------------------------------------------- |
31 | Issue Date: 26/08/2003 | 31 | Issue Date: 26/08/2003 |
32 | 32 | ||
33 | This is a byte oriented version of SHA2 that operates on arrays of bytes | 33 | This is a byte oriented version of SHA2 that operates on arrays of bytes |
34 | stored in memory. This code implements sha256, sha384 and sha512 but the | 34 | stored in memory. This code implements sha256, sha384 and sha512 but the |
35 | latter two functions rely on efficient 64-bit integer operations that | 35 | latter two functions rely on efficient 64-bit integer operations that |
36 | may not be very efficient on 32-bit machines | 36 | may not be very efficient on 32-bit machines |
37 | 37 | ||
38 | The sha256 functions use a type 'sha256_ctx' to hold details of the | 38 | The sha256 functions use a type 'sha256_ctx' to hold details of the |
39 | current hash state and uses the following three calls: | 39 | current hash state and uses the following three calls: |
40 | 40 | ||
41 | void sha256_begin(sha256_ctx ctx[1]) | 41 | void sha256_begin(sha256_ctx ctx[1]) |
42 | void sha256_hash(const unsigned char data[], | 42 | void sha256_hash(const unsigned char data[], |
43 | unsigned long len, sha256_ctx ctx[1]) | 43 | unsigned long len, sha256_ctx ctx[1]) |
44 | void sha256_end(unsigned char hval[], sha256_ctx ctx[1]) | 44 | void sha256_end(unsigned char hval[], sha256_ctx ctx[1]) |
45 | 45 | ||
46 | The first subroutine initialises a hash computation by setting up the | 46 | The first subroutine initialises a hash computation by setting up the |
47 | context in the sha256_ctx context. The second subroutine hashes 8-bit | 47 | context in the sha256_ctx context. The second subroutine hashes 8-bit |
48 | bytes from array data[] into the hash state withinh sha256_ctx context, | 48 | bytes from array data[] into the hash state withinh sha256_ctx context, |
49 | the number of bytes to be hashed being given by the the unsigned long | 49 | the number of bytes to be hashed being given by the the unsigned long |
50 | integer len. The third subroutine completes the hash calculation and | 50 | integer len. The third subroutine completes the hash calculation and |
51 | places the resulting digest value in the array of 8-bit bytes hval[]. | 51 | places the resulting digest value in the array of 8-bit bytes hval[]. |
52 | 52 | ||
53 | The sha384 and sha512 functions are similar and use the interfaces: | 53 | The sha384 and sha512 functions are similar and use the interfaces: |
54 | 54 | ||
55 | void sha384_begin(sha384_ctx ctx[1]); | 55 | void sha384_begin(sha384_ctx ctx[1]); |
56 | void sha384_hash(const unsigned char data[], | 56 | void sha384_hash(const unsigned char data[], |
57 | unsigned long len, sha384_ctx ctx[1]); | 57 | unsigned long len, sha384_ctx ctx[1]); |
58 | void sha384_end(unsigned char hval[], sha384_ctx ctx[1]); | 58 | void sha384_end(unsigned char hval[], sha384_ctx ctx[1]); |
59 | 59 | ||
60 | void sha512_begin(sha512_ctx ctx[1]); | 60 | void sha512_begin(sha512_ctx ctx[1]); |
61 | void sha512_hash(const unsigned char data[], | 61 | void sha512_hash(const unsigned char data[], |
62 | unsigned long len, sha512_ctx ctx[1]); | 62 | unsigned long len, sha512_ctx ctx[1]); |
63 | void sha512_end(unsigned char hval[], sha512_ctx ctx[1]); | 63 | void sha512_end(unsigned char hval[], sha512_ctx ctx[1]); |
64 | 64 | ||
65 | In addition there is a function sha2 that can be used to call all these | 65 | In addition there is a function sha2 that can be used to call all these |
66 | functions using a call with a hash length parameter as follows: | 66 | functions using a call with a hash length parameter as follows: |
67 | 67 | ||
68 | int sha2_begin(unsigned long len, sha2_ctx ctx[1]); | 68 | int sha2_begin(unsigned long len, sha2_ctx ctx[1]); |
69 | void sha2_hash(const unsigned char data[], | 69 | void sha2_hash(const unsigned char data[], |
70 | unsigned long len, sha2_ctx ctx[1]); | 70 | unsigned long len, sha2_ctx ctx[1]); |
71 | void sha2_end(unsigned char hval[], sha2_ctx ctx[1]); | 71 | void sha2_end(unsigned char hval[], sha2_ctx ctx[1]); |
72 | 72 | ||
73 | My thanks to Erik Andersen <andersen@codepoet.org> for testing this code | 73 | My thanks to Erik Andersen <andersen@codepoet.org> for testing this code |
74 | on big-endian systems and for his assistance with corrections | 74 | on big-endian systems and for his assistance with corrections |
75 | */ | 75 | */ |
76 | 76 | ||
77 | /* define the hash functions that you need */ | 77 | /* define the hash functions that you need */ |
78 | 78 | ||
79 | #define SHA_2 /* for dynamic hash length */ | 79 | #define SHA_2 /* for dynamic hash length */ |
80 | #define SHA_256 | 80 | #define SHA_256 |
81 | #define SHA_384 | 81 | #define SHA_384 |
82 | #define SHA_512 | 82 | #define SHA_512 |
83 | 83 | ||
84 | #include <string.h> /* for memcpy() etc. */ | 84 | #include <string.h> /* for memcpy() etc. */ |
85 | #include <stdlib.h> /* for _lrotr with VC++ */ | 85 | #include <stdlib.h> /* for _lrotr with VC++ */ |
86 | 86 | ||
87 | #include "sha2.h" | 87 | #include "sha2.h" |
88 | #include "../os.h" | 88 | #include "../os.h" |
89 | 89 | ||
90 | /* BYTE ORDER IN 32-BIT WORDS | 90 | /* BYTE ORDER IN 32-BIT WORDS |
91 | 91 | ||
92 | To obtain the highest speed on processors with 32-bit words, this code | 92 | To obtain the highest speed on processors with 32-bit words, this code |
93 | needs to determine the byte order of the target machine. The following | 93 | needs to determine the byte order of the target machine. The following |
94 | block of code is an attempt to capture the most obvious ways in which | 94 | block of code is an attempt to capture the most obvious ways in which |
95 | various environemnts define byte order. It may well fail, in which case | 95 | various environemnts define byte order. It may well fail, in which case |
96 | the definitions will need to be set by editing at the points marked | 96 | the definitions will need to be set by editing at the points marked |
97 | **** EDIT HERE IF NECESSARY **** below. My thanks to Peter Gutmann for | 97 | **** EDIT HERE IF NECESSARY **** below. My thanks to Peter Gutmann for |
98 | some of these defines (from cryptlib). | 98 | some of these defines (from cryptlib). |
99 | */ | 99 | */ |
100 | 100 | ||
101 | #define BRG_LITTLE_ENDIAN 1234 /* byte 0 is least significant (i386) */ | 101 | #define BRG_LITTLE_ENDIAN 1234 /* byte 0 is least significant (i386) */ |
102 | #define BRG_BIG_ENDIAN 4321 /* byte 0 is most significant (mc68k) */ | 102 | #define BRG_BIG_ENDIAN 4321 /* byte 0 is most significant (mc68k) */ |
103 | 103 | ||
104 | #ifdef __BIG_ENDIAN__ | 104 | #ifdef __BIG_ENDIAN__ |
105 | #define PLATFORM_BYTE_ORDER BRG_BIG_ENDIAN | 105 | #define PLATFORM_BYTE_ORDER BRG_BIG_ENDIAN |
106 | #else | 106 | #else |
107 | #define PLATFORM_BYTE_ORDER BRG_LITTLE_ENDIAN | 107 | #define PLATFORM_BYTE_ORDER BRG_LITTLE_ENDIAN |
108 | #endif | 108 | #endif |
109 | 109 | ||
110 | #ifdef _MSC_VER | 110 | #ifdef _MSC_VER |
111 | #pragma intrinsic(memcpy) | 111 | #pragma intrinsic(memcpy) |
112 | #endif | 112 | #endif |
113 | 113 | ||
114 | #define rotr32(x,n) (((x) >> n) | ((x) << (32 - n))) | 114 | #define rotr32(x,n) (((x) >> n) | ((x) << (32 - n))) |
115 | 115 | ||
116 | #if !defined(bswap_32) | 116 | #if !defined(bswap_32) |
117 | #define bswap_32(x) irr::os::Byteswap::byteswap(x) | 117 | #define bswap_32(x) irr::os::Byteswap::byteswap(x) |
118 | #endif | 118 | #endif |
119 | 119 | ||
120 | #if (PLATFORM_BYTE_ORDER == BRG_LITTLE_ENDIAN) | 120 | #if (PLATFORM_BYTE_ORDER == BRG_LITTLE_ENDIAN) |
121 | #define SWAP_BYTES | 121 | #define SWAP_BYTES |
122 | #else | 122 | #else |
123 | #undef SWAP_BYTES | 123 | #undef SWAP_BYTES |
124 | #endif | 124 | #endif |
125 | 125 | ||
126 | #if defined(SHA_2) || defined(SHA_256) | 126 | #if defined(SHA_2) || defined(SHA_256) |
127 | 127 | ||
128 | #define SHA256_MASK (SHA256_BLOCK_SIZE - 1) | 128 | #define SHA256_MASK (SHA256_BLOCK_SIZE - 1) |
129 | 129 | ||
130 | #if defined(SWAP_BYTES) | 130 | #if defined(SWAP_BYTES) |
131 | #define bsw_32(p,n) { int _i = (n); while(_i--) p[_i] = bswap_32(p[_i]); } | 131 | #define bsw_32(p,n) { int _i = (n); while(_i--) p[_i] = bswap_32(p[_i]); } |
132 | #else | 132 | #else |
133 | #define bsw_32(p,n) | 133 | #define bsw_32(p,n) |
134 | #endif | 134 | #endif |
135 | 135 | ||
136 | /* SHA256 mixing function definitions */ | 136 | /* SHA256 mixing function definitions */ |
137 | 137 | ||
138 | #if 0 | 138 | #if 0 |
139 | 139 | ||
140 | #define ch(x,y,z) (((x) & (y)) ^ (~(x) & (z))) | 140 | #define ch(x,y,z) (((x) & (y)) ^ (~(x) & (z))) |
141 | #define maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) | 141 | #define maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) |
142 | 142 | ||
143 | #else /* Thanks to Rich Schroeppel and Colin Plumb for the following */ | 143 | #else /* Thanks to Rich Schroeppel and Colin Plumb for the following */ |
144 | 144 | ||
145 | #define ch(x,y,z) ((z) ^ ((x) & ((y) ^ (z)))) | 145 | #define ch(x,y,z) ((z) ^ ((x) & ((y) ^ (z)))) |
146 | #define maj(x,y,z) (((x) & (y)) | ((z) & ((x) ^ (y)))) | 146 | #define maj(x,y,z) (((x) & (y)) | ((z) & ((x) ^ (y)))) |
147 | 147 | ||
148 | #endif | 148 | #endif |
149 | 149 | ||
150 | #define s256_0(x) (rotr32((x), 2) ^ rotr32((x), 13) ^ rotr32((x), 22)) | 150 | #define s256_0(x) (rotr32((x), 2) ^ rotr32((x), 13) ^ rotr32((x), 22)) |
151 | #define s256_1(x) (rotr32((x), 6) ^ rotr32((x), 11) ^ rotr32((x), 25)) | 151 | #define s256_1(x) (rotr32((x), 6) ^ rotr32((x), 11) ^ rotr32((x), 25)) |
152 | #define g256_0(x) (rotr32((x), 7) ^ rotr32((x), 18) ^ ((x) >> 3)) | 152 | #define g256_0(x) (rotr32((x), 7) ^ rotr32((x), 18) ^ ((x) >> 3)) |
153 | #define g256_1(x) (rotr32((x), 17) ^ rotr32((x), 19) ^ ((x) >> 10)) | 153 | #define g256_1(x) (rotr32((x), 17) ^ rotr32((x), 19) ^ ((x) >> 10)) |
154 | 154 | ||
155 | /* rotated SHA256 round definition. Rather than swapping variables as in */ | 155 | /* rotated SHA256 round definition. Rather than swapping variables as in */ |
156 | /* FIPS-180, different variables are 'rotated' on each round, returning */ | 156 | /* FIPS-180, different variables are 'rotated' on each round, returning */ |
157 | /* to their starting positions every eight rounds */ | 157 | /* to their starting positions every eight rounds */ |
158 | 158 | ||
159 | #define h2(i) p[i & 15] += \ | 159 | #define h2(i) p[i & 15] += \ |
160 | g256_1(p[(i + 14) & 15]) + p[(i + 9) & 15] + g256_0(p[(i + 1) & 15]) | 160 | g256_1(p[(i + 14) & 15]) + p[(i + 9) & 15] + g256_0(p[(i + 1) & 15]) |
161 | 161 | ||
162 | #define h2_cycle(i,j) \ | 162 | #define h2_cycle(i,j) \ |
163 | v[(7 - i) & 7] += (j ? h2(i) : p[i & 15]) + k256[i + j] \ | 163 | v[(7 - i) & 7] += (j ? h2(i) : p[i & 15]) + k256[i + j] \ |
164 | + s256_1(v[(4 - i) & 7]) + ch(v[(4 - i) & 7], v[(5 - i) & 7], v[(6 - i) & 7]); \ | 164 | + s256_1(v[(4 - i) & 7]) + ch(v[(4 - i) & 7], v[(5 - i) & 7], v[(6 - i) & 7]); \ |
165 | v[(3 - i) & 7] += v[(7 - i) & 7]; \ | 165 | v[(3 - i) & 7] += v[(7 - i) & 7]; \ |
166 | v[(7 - i) & 7] += s256_0(v[(0 - i) & 7]) + maj(v[(0 - i) & 7], v[(1 - i) & 7], v[(2 - i) & 7]) | 166 | v[(7 - i) & 7] += s256_0(v[(0 - i) & 7]) + maj(v[(0 - i) & 7], v[(1 - i) & 7], v[(2 - i) & 7]) |
167 | 167 | ||
168 | /* SHA256 mixing data */ | 168 | /* SHA256 mixing data */ |
169 | 169 | ||
170 | const sha2_32t k256[64] = | 170 | const sha2_32t k256[64] = |
171 | { n_u32(428a2f98), n_u32(71374491), n_u32(b5c0fbcf), n_u32(e9b5dba5), | 171 | { n_u32(428a2f98), n_u32(71374491), n_u32(b5c0fbcf), n_u32(e9b5dba5), |
172 | n_u32(3956c25b), n_u32(59f111f1), n_u32(923f82a4), n_u32(ab1c5ed5), | 172 | n_u32(3956c25b), n_u32(59f111f1), n_u32(923f82a4), n_u32(ab1c5ed5), |
173 | n_u32(d807aa98), n_u32(12835b01), n_u32(243185be), n_u32(550c7dc3), | 173 | n_u32(d807aa98), n_u32(12835b01), n_u32(243185be), n_u32(550c7dc3), |
174 | n_u32(72be5d74), n_u32(80deb1fe), n_u32(9bdc06a7), n_u32(c19bf174), | 174 | n_u32(72be5d74), n_u32(80deb1fe), n_u32(9bdc06a7), n_u32(c19bf174), |
175 | n_u32(e49b69c1), n_u32(efbe4786), n_u32(0fc19dc6), n_u32(240ca1cc), | 175 | n_u32(e49b69c1), n_u32(efbe4786), n_u32(0fc19dc6), n_u32(240ca1cc), |
176 | n_u32(2de92c6f), n_u32(4a7484aa), n_u32(5cb0a9dc), n_u32(76f988da), | 176 | n_u32(2de92c6f), n_u32(4a7484aa), n_u32(5cb0a9dc), n_u32(76f988da), |
177 | n_u32(983e5152), n_u32(a831c66d), n_u32(b00327c8), n_u32(bf597fc7), | 177 | n_u32(983e5152), n_u32(a831c66d), n_u32(b00327c8), n_u32(bf597fc7), |
178 | n_u32(c6e00bf3), n_u32(d5a79147), n_u32(06ca6351), n_u32(14292967), | 178 | n_u32(c6e00bf3), n_u32(d5a79147), n_u32(06ca6351), n_u32(14292967), |
179 | n_u32(27b70a85), n_u32(2e1b2138), n_u32(4d2c6dfc), n_u32(53380d13), | 179 | n_u32(27b70a85), n_u32(2e1b2138), n_u32(4d2c6dfc), n_u32(53380d13), |
180 | n_u32(650a7354), n_u32(766a0abb), n_u32(81c2c92e), n_u32(92722c85), | 180 | n_u32(650a7354), n_u32(766a0abb), n_u32(81c2c92e), n_u32(92722c85), |
181 | n_u32(a2bfe8a1), n_u32(a81a664b), n_u32(c24b8b70), n_u32(c76c51a3), | 181 | n_u32(a2bfe8a1), n_u32(a81a664b), n_u32(c24b8b70), n_u32(c76c51a3), |
182 | n_u32(d192e819), n_u32(d6990624), n_u32(f40e3585), n_u32(106aa070), | 182 | n_u32(d192e819), n_u32(d6990624), n_u32(f40e3585), n_u32(106aa070), |
183 | n_u32(19a4c116), n_u32(1e376c08), n_u32(2748774c), n_u32(34b0bcb5), | 183 | n_u32(19a4c116), n_u32(1e376c08), n_u32(2748774c), n_u32(34b0bcb5), |
184 | n_u32(391c0cb3), n_u32(4ed8aa4a), n_u32(5b9cca4f), n_u32(682e6ff3), | 184 | n_u32(391c0cb3), n_u32(4ed8aa4a), n_u32(5b9cca4f), n_u32(682e6ff3), |
185 | n_u32(748f82ee), n_u32(78a5636f), n_u32(84c87814), n_u32(8cc70208), | 185 | n_u32(748f82ee), n_u32(78a5636f), n_u32(84c87814), n_u32(8cc70208), |
186 | n_u32(90befffa), n_u32(a4506ceb), n_u32(bef9a3f7), n_u32(c67178f2), | 186 | n_u32(90befffa), n_u32(a4506ceb), n_u32(bef9a3f7), n_u32(c67178f2), |
187 | }; | 187 | }; |
188 | 188 | ||
189 | /* SHA256 initialisation data */ | 189 | /* SHA256 initialisation data */ |
190 | 190 | ||
191 | const sha2_32t i256[8] = | 191 | const sha2_32t i256[8] = |
192 | { | 192 | { |
193 | n_u32(6a09e667), n_u32(bb67ae85), n_u32(3c6ef372), n_u32(a54ff53a), | 193 | n_u32(6a09e667), n_u32(bb67ae85), n_u32(3c6ef372), n_u32(a54ff53a), |
194 | n_u32(510e527f), n_u32(9b05688c), n_u32(1f83d9ab), n_u32(5be0cd19) | 194 | n_u32(510e527f), n_u32(9b05688c), n_u32(1f83d9ab), n_u32(5be0cd19) |
195 | }; | 195 | }; |
196 | 196 | ||
197 | sha2_void sha256_begin(sha256_ctx ctx[1]) | 197 | sha2_void sha256_begin(sha256_ctx ctx[1]) |
198 | { | 198 | { |
199 | ctx->count[0] = ctx->count[1] = 0; | 199 | ctx->count[0] = ctx->count[1] = 0; |
200 | memcpy(ctx->hash, i256, 8 * sizeof(sha2_32t)); | 200 | memcpy(ctx->hash, i256, 8 * sizeof(sha2_32t)); |
201 | } | 201 | } |
202 | 202 | ||
203 | /* Compile 64 bytes of hash data into SHA256 digest value */ | 203 | /* Compile 64 bytes of hash data into SHA256 digest value */ |
204 | /* NOTE: this routine assumes that the byte order in the */ | 204 | /* NOTE: this routine assumes that the byte order in the */ |
205 | /* ctx->wbuf[] at this point is in such an order that low */ | 205 | /* ctx->wbuf[] at this point is in such an order that low */ |
206 | /* address bytes in the ORIGINAL byte stream placed in this */ | 206 | /* address bytes in the ORIGINAL byte stream placed in this */ |
207 | /* buffer will now go to the high end of words on BOTH big */ | 207 | /* buffer will now go to the high end of words on BOTH big */ |
208 | /* and little endian systems */ | 208 | /* and little endian systems */ |
209 | 209 | ||
210 | sha2_void sha256_compile(sha256_ctx ctx[1]) | 210 | sha2_void sha256_compile(sha256_ctx ctx[1]) |
211 | { sha2_32t v[8], j, *p = ctx->wbuf; | 211 | { sha2_32t v[8], j, *p = ctx->wbuf; |
212 | 212 | ||
213 | memcpy(v, ctx->hash, 8 * sizeof(sha2_32t)); | 213 | memcpy(v, ctx->hash, 8 * sizeof(sha2_32t)); |
214 | 214 | ||
215 | for(j = 0; j < 64; j += 16) | 215 | for(j = 0; j < 64; j += 16) |
216 | { | 216 | { |
217 | h2_cycle( 0, j); h2_cycle( 1, j); h2_cycle( 2, j); h2_cycle( 3, j); | 217 | h2_cycle( 0, j); h2_cycle( 1, j); h2_cycle( 2, j); h2_cycle( 3, j); |
218 | h2_cycle( 4, j); h2_cycle( 5, j); h2_cycle( 6, j); h2_cycle( 7, j); | 218 | h2_cycle( 4, j); h2_cycle( 5, j); h2_cycle( 6, j); h2_cycle( 7, j); |
219 | h2_cycle( 8, j); h2_cycle( 9, j); h2_cycle(10, j); h2_cycle(11, j); | 219 | h2_cycle( 8, j); h2_cycle( 9, j); h2_cycle(10, j); h2_cycle(11, j); |
220 | h2_cycle(12, j); h2_cycle(13, j); h2_cycle(14, j); h2_cycle(15, j); | 220 | h2_cycle(12, j); h2_cycle(13, j); h2_cycle(14, j); h2_cycle(15, j); |
221 | } | 221 | } |
222 | 222 | ||
223 | ctx->hash[0] += v[0]; ctx->hash[1] += v[1]; ctx->hash[2] += v[2]; ctx->hash[3] += v[3]; | 223 | ctx->hash[0] += v[0]; ctx->hash[1] += v[1]; ctx->hash[2] += v[2]; ctx->hash[3] += v[3]; |
224 | ctx->hash[4] += v[4]; ctx->hash[5] += v[5]; ctx->hash[6] += v[6]; ctx->hash[7] += v[7]; | 224 | ctx->hash[4] += v[4]; ctx->hash[5] += v[5]; ctx->hash[6] += v[6]; ctx->hash[7] += v[7]; |
225 | } | 225 | } |
226 | 226 | ||
227 | /* SHA256 hash data in an array of bytes into hash buffer */ | 227 | /* SHA256 hash data in an array of bytes into hash buffer */ |
228 | /* and call the hash_compile function as required. */ | 228 | /* and call the hash_compile function as required. */ |
229 | 229 | ||
230 | sha2_void sha256_hash(const unsigned char data[], unsigned long len, sha256_ctx ctx[1]) | 230 | sha2_void sha256_hash(const unsigned char data[], unsigned long len, sha256_ctx ctx[1]) |
231 | { sha2_32t pos = (sha2_32t)(ctx->count[0] & SHA256_MASK), | 231 | { sha2_32t pos = (sha2_32t)(ctx->count[0] & SHA256_MASK), |
232 | space = SHA256_BLOCK_SIZE - pos; | 232 | space = SHA256_BLOCK_SIZE - pos; |
233 | const unsigned char *sp = data; | 233 | const unsigned char *sp = data; |
234 | 234 | ||
235 | if((ctx->count[0] += len) < len) | 235 | if((ctx->count[0] += len) < len) |
236 | ++(ctx->count[1]); | 236 | ++(ctx->count[1]); |
237 | 237 | ||
238 | while(len >= space) /* tranfer whole blocks while possible */ | 238 | while(len >= space) /* tranfer whole blocks while possible */ |
239 | { | 239 | { |
240 | memcpy(((unsigned char*)ctx->wbuf) + pos, sp, space); | 240 | memcpy(((unsigned char*)ctx->wbuf) + pos, sp, space); |
241 | sp += space; len -= space; space = SHA256_BLOCK_SIZE; pos = 0; | 241 | sp += space; len -= space; space = SHA256_BLOCK_SIZE; pos = 0; |
242 | bsw_32(ctx->wbuf, SHA256_BLOCK_SIZE >> 2) | 242 | bsw_32(ctx->wbuf, SHA256_BLOCK_SIZE >> 2) |
243 | sha256_compile(ctx); | 243 | sha256_compile(ctx); |
244 | } | 244 | } |
245 | 245 | ||
246 | memcpy(((unsigned char*)ctx->wbuf) + pos, sp, len); | 246 | memcpy(((unsigned char*)ctx->wbuf) + pos, sp, len); |
247 | } | 247 | } |
248 | 248 | ||
249 | /* SHA256 Final padding and digest calculation */ | 249 | /* SHA256 Final padding and digest calculation */ |
250 | 250 | ||
251 | static sha2_32t m1[4] = | 251 | static sha2_32t m1[4] = |
252 | { | 252 | { |
253 | n_u32(00000000), n_u32(ff000000), n_u32(ffff0000), n_u32(ffffff00) | 253 | n_u32(00000000), n_u32(ff000000), n_u32(ffff0000), n_u32(ffffff00) |
254 | }; | 254 | }; |
255 | 255 | ||
256 | static sha2_32t b1[4] = | 256 | static sha2_32t b1[4] = |
257 | { | 257 | { |
258 | n_u32(80000000), n_u32(00800000), n_u32(00008000), n_u32(00000080) | 258 | n_u32(80000000), n_u32(00800000), n_u32(00008000), n_u32(00000080) |
259 | }; | 259 | }; |
260 | 260 | ||
261 | sha2_void sha256_end(unsigned char hval[], sha256_ctx ctx[1]) | 261 | sha2_void sha256_end(unsigned char hval[], sha256_ctx ctx[1]) |
262 | { sha2_32t i = (sha2_32t)(ctx->count[0] & SHA256_MASK); | 262 | { sha2_32t i = (sha2_32t)(ctx->count[0] & SHA256_MASK); |
263 | 263 | ||
264 | bsw_32(ctx->wbuf, (i + 3) >> 2) | 264 | bsw_32(ctx->wbuf, (i + 3) >> 2) |
265 | /* bytes in the buffer are now in an order in which references */ | 265 | /* bytes in the buffer are now in an order in which references */ |
266 | /* to 32-bit words will put bytes with lower addresses into the */ | 266 | /* to 32-bit words will put bytes with lower addresses into the */ |
267 | /* top of 32 bit words on BOTH big and little endian machines */ | 267 | /* top of 32 bit words on BOTH big and little endian machines */ |
268 | 268 | ||
269 | /* we now need to mask valid bytes and add the padding which is */ | 269 | /* we now need to mask valid bytes and add the padding which is */ |
270 | /* a single 1 bit and as many zero bits as necessary. */ | 270 | /* a single 1 bit and as many zero bits as necessary. */ |
271 | ctx->wbuf[i >> 2] = (ctx->wbuf[i >> 2] & m1[i & 3]) | b1[i & 3]; | 271 | ctx->wbuf[i >> 2] = (ctx->wbuf[i >> 2] & m1[i & 3]) | b1[i & 3]; |
272 | 272 | ||
273 | /* we need 9 or more empty positions, one for the padding byte */ | 273 | /* we need 9 or more empty positions, one for the padding byte */ |
274 | /* (above) and eight for the length count. If there is not */ | 274 | /* (above) and eight for the length count. If there is not */ |
275 | /* enough space pad and empty the buffer */ | 275 | /* enough space pad and empty the buffer */ |
276 | if(i > SHA256_BLOCK_SIZE - 9) | 276 | if(i > SHA256_BLOCK_SIZE - 9) |
277 | { | 277 | { |
278 | if(i < 60) ctx->wbuf[15] = 0; | 278 | if(i < 60) ctx->wbuf[15] = 0; |
279 | sha256_compile(ctx); | 279 | sha256_compile(ctx); |
280 | i = 0; | 280 | i = 0; |
281 | } | 281 | } |
282 | else /* compute a word index for the empty buffer positions */ | 282 | else /* compute a word index for the empty buffer positions */ |
283 | i = (i >> 2) + 1; | 283 | i = (i >> 2) + 1; |
284 | 284 | ||
285 | while(i < 14) /* and zero pad all but last two positions */ | 285 | while(i < 14) /* and zero pad all but last two positions */ |
286 | ctx->wbuf[i++] = 0; | 286 | ctx->wbuf[i++] = 0; |
287 | 287 | ||
288 | /* the following 32-bit length fields are assembled in the */ | 288 | /* the following 32-bit length fields are assembled in the */ |
289 | /* wrong byte order on little endian machines but this is */ | 289 | /* wrong byte order on little endian machines but this is */ |
290 | /* corrected later since they are only ever used as 32-bit */ | 290 | /* corrected later since they are only ever used as 32-bit */ |
291 | /* word values. */ | 291 | /* word values. */ |
292 | 292 | ||
293 | ctx->wbuf[14] = (ctx->count[1] << 3) | (ctx->count[0] >> 29); | 293 | ctx->wbuf[14] = (ctx->count[1] << 3) | (ctx->count[0] >> 29); |
294 | ctx->wbuf[15] = ctx->count[0] << 3; | 294 | ctx->wbuf[15] = ctx->count[0] << 3; |
295 | 295 | ||
296 | sha256_compile(ctx); | 296 | sha256_compile(ctx); |
297 | 297 | ||
298 | /* extract the hash value as bytes in case the hash buffer is */ | 298 | /* extract the hash value as bytes in case the hash buffer is */ |
299 | /* mislaigned for 32-bit words */ | 299 | /* mislaigned for 32-bit words */ |
300 | for(i = 0; i < SHA256_DIGEST_SIZE; ++i) | 300 | for(i = 0; i < SHA256_DIGEST_SIZE; ++i) |
301 | hval[i] = (unsigned char)(ctx->hash[i >> 2] >> (8 * (~i & 3))); | 301 | hval[i] = (unsigned char)(ctx->hash[i >> 2] >> (8 * (~i & 3))); |
302 | } | 302 | } |
303 | 303 | ||
304 | sha2_void sha256(unsigned char hval[], const unsigned char data[], unsigned long len) | 304 | sha2_void sha256(unsigned char hval[], const unsigned char data[], unsigned long len) |
305 | { sha256_ctx cx[1]; | 305 | { sha256_ctx cx[1]; |
306 | 306 | ||
307 | sha256_begin(cx); sha256_hash(data, len, cx); sha256_end(hval, cx); | 307 | sha256_begin(cx); sha256_hash(data, len, cx); sha256_end(hval, cx); |
308 | } | 308 | } |
309 | 309 | ||
310 | #endif | 310 | #endif |
311 | 311 | ||
312 | #if defined(SHA_2) || defined(SHA_384) || defined(SHA_512) | 312 | #if defined(SHA_2) || defined(SHA_384) || defined(SHA_512) |
313 | 313 | ||
314 | #define SHA512_MASK (SHA512_BLOCK_SIZE - 1) | 314 | #define SHA512_MASK (SHA512_BLOCK_SIZE - 1) |
315 | 315 | ||
316 | #define rotr64(x,n) (((x) >> n) | ((x) << (64 - n))) | 316 | #define rotr64(x,n) (((x) >> n) | ((x) << (64 - n))) |
317 | 317 | ||
318 | #if !defined(bswap_64) | 318 | #if !defined(bswap_64) |
319 | #define bswap_64(x) ((((sha2_64t)(bswap_32((sha2_32t)(x)))) << 32) | (bswap_32((sha2_32t)((x) >> 32)))) | 319 | #define bswap_64(x) ((((sha2_64t)(bswap_32((sha2_32t)(x)))) << 32) | (bswap_32((sha2_32t)((x) >> 32)))) |
320 | #endif | 320 | #endif |
321 | 321 | ||
322 | #if defined(SWAP_BYTES) | 322 | #if defined(SWAP_BYTES) |
323 | #define bsw_64(p,n) { int _i = (n); while(_i--) p[_i] = bswap_64(p[_i]); } | 323 | #define bsw_64(p,n) { int _i = (n); while(_i--) p[_i] = bswap_64(p[_i]); } |
324 | #else | 324 | #else |
325 | #define bsw_64(p,n) | 325 | #define bsw_64(p,n) |
326 | #endif | 326 | #endif |
327 | 327 | ||
328 | /* SHA512 mixing function definitions */ | 328 | /* SHA512 mixing function definitions */ |
329 | 329 | ||
330 | #define s512_0(x) (rotr64((x), 28) ^ rotr64((x), 34) ^ rotr64((x), 39)) | 330 | #define s512_0(x) (rotr64((x), 28) ^ rotr64((x), 34) ^ rotr64((x), 39)) |
331 | #define s512_1(x) (rotr64((x), 14) ^ rotr64((x), 18) ^ rotr64((x), 41)) | 331 | #define s512_1(x) (rotr64((x), 14) ^ rotr64((x), 18) ^ rotr64((x), 41)) |
332 | #define g512_0(x) (rotr64((x), 1) ^ rotr64((x), 8) ^ ((x) >> 7)) | 332 | #define g512_0(x) (rotr64((x), 1) ^ rotr64((x), 8) ^ ((x) >> 7)) |
333 | #define g512_1(x) (rotr64((x), 19) ^ rotr64((x), 61) ^ ((x) >> 6)) | 333 | #define g512_1(x) (rotr64((x), 19) ^ rotr64((x), 61) ^ ((x) >> 6)) |
334 | 334 | ||
335 | /* rotated SHA512 round definition. Rather than swapping variables as in */ | 335 | /* rotated SHA512 round definition. Rather than swapping variables as in */ |
336 | /* FIPS-180, different variables are 'rotated' on each round, returning */ | 336 | /* FIPS-180, different variables are 'rotated' on each round, returning */ |
337 | /* to their starting positions every eight rounds */ | 337 | /* to their starting positions every eight rounds */ |
338 | 338 | ||
339 | #define h5(i) ctx->wbuf[i & 15] += \ | 339 | #define h5(i) ctx->wbuf[i & 15] += \ |
340 | g512_1(ctx->wbuf[(i + 14) & 15]) + ctx->wbuf[(i + 9) & 15] + g512_0(ctx->wbuf[(i + 1) & 15]) | 340 | g512_1(ctx->wbuf[(i + 14) & 15]) + ctx->wbuf[(i + 9) & 15] + g512_0(ctx->wbuf[(i + 1) & 15]) |
341 | 341 | ||
342 | #define h5_cycle(i,j) \ | 342 | #define h5_cycle(i,j) \ |
343 | v[(7 - i) & 7] += (j ? h5(i) : ctx->wbuf[i & 15]) + k512[i + j] \ | 343 | v[(7 - i) & 7] += (j ? h5(i) : ctx->wbuf[i & 15]) + k512[i + j] \ |
344 | + s512_1(v[(4 - i) & 7]) + ch(v[(4 - i) & 7], v[(5 - i) & 7], v[(6 - i) & 7]); \ | 344 | + s512_1(v[(4 - i) & 7]) + ch(v[(4 - i) & 7], v[(5 - i) & 7], v[(6 - i) & 7]); \ |
345 | v[(3 - i) & 7] += v[(7 - i) & 7]; \ | 345 | v[(3 - i) & 7] += v[(7 - i) & 7]; \ |
346 | v[(7 - i) & 7] += s512_0(v[(0 - i) & 7]) + maj(v[(0 - i) & 7], v[(1 - i) & 7], v[(2 - i) & 7]) | 346 | v[(7 - i) & 7] += s512_0(v[(0 - i) & 7]) + maj(v[(0 - i) & 7], v[(1 - i) & 7], v[(2 - i) & 7]) |
347 | 347 | ||
348 | /* SHA384/SHA512 mixing data */ | 348 | /* SHA384/SHA512 mixing data */ |
349 | 349 | ||
350 | const sha2_64t k512[80] = | 350 | const sha2_64t k512[80] = |
351 | { | 351 | { |
352 | n_u64(428a2f98d728ae22), n_u64(7137449123ef65cd), | 352 | n_u64(428a2f98d728ae22), n_u64(7137449123ef65cd), |
353 | n_u64(b5c0fbcfec4d3b2f), n_u64(e9b5dba58189dbbc), | 353 | n_u64(b5c0fbcfec4d3b2f), n_u64(e9b5dba58189dbbc), |
354 | n_u64(3956c25bf348b538), n_u64(59f111f1b605d019), | 354 | n_u64(3956c25bf348b538), n_u64(59f111f1b605d019), |
355 | n_u64(923f82a4af194f9b), n_u64(ab1c5ed5da6d8118), | 355 | n_u64(923f82a4af194f9b), n_u64(ab1c5ed5da6d8118), |
356 | n_u64(d807aa98a3030242), n_u64(12835b0145706fbe), | 356 | n_u64(d807aa98a3030242), n_u64(12835b0145706fbe), |
357 | n_u64(243185be4ee4b28c), n_u64(550c7dc3d5ffb4e2), | 357 | n_u64(243185be4ee4b28c), n_u64(550c7dc3d5ffb4e2), |
358 | n_u64(72be5d74f27b896f), n_u64(80deb1fe3b1696b1), | 358 | n_u64(72be5d74f27b896f), n_u64(80deb1fe3b1696b1), |
359 | n_u64(9bdc06a725c71235), n_u64(c19bf174cf692694), | 359 | n_u64(9bdc06a725c71235), n_u64(c19bf174cf692694), |
360 | n_u64(e49b69c19ef14ad2), n_u64(efbe4786384f25e3), | 360 | n_u64(e49b69c19ef14ad2), n_u64(efbe4786384f25e3), |
361 | n_u64(0fc19dc68b8cd5b5), n_u64(240ca1cc77ac9c65), | 361 | n_u64(0fc19dc68b8cd5b5), n_u64(240ca1cc77ac9c65), |
362 | n_u64(2de92c6f592b0275), n_u64(4a7484aa6ea6e483), | 362 | n_u64(2de92c6f592b0275), n_u64(4a7484aa6ea6e483), |
363 | n_u64(5cb0a9dcbd41fbd4), n_u64(76f988da831153b5), | 363 | n_u64(5cb0a9dcbd41fbd4), n_u64(76f988da831153b5), |
364 | n_u64(983e5152ee66dfab), n_u64(a831c66d2db43210), | 364 | n_u64(983e5152ee66dfab), n_u64(a831c66d2db43210), |
365 | n_u64(b00327c898fb213f), n_u64(bf597fc7beef0ee4), | 365 | n_u64(b00327c898fb213f), n_u64(bf597fc7beef0ee4), |
366 | n_u64(c6e00bf33da88fc2), n_u64(d5a79147930aa725), | 366 | n_u64(c6e00bf33da88fc2), n_u64(d5a79147930aa725), |
367 | n_u64(06ca6351e003826f), n_u64(142929670a0e6e70), | 367 | n_u64(06ca6351e003826f), n_u64(142929670a0e6e70), |
368 | n_u64(27b70a8546d22ffc), n_u64(2e1b21385c26c926), | 368 | n_u64(27b70a8546d22ffc), n_u64(2e1b21385c26c926), |
369 | n_u64(4d2c6dfc5ac42aed), n_u64(53380d139d95b3df), | 369 | n_u64(4d2c6dfc5ac42aed), n_u64(53380d139d95b3df), |
370 | n_u64(650a73548baf63de), n_u64(766a0abb3c77b2a8), | 370 | n_u64(650a73548baf63de), n_u64(766a0abb3c77b2a8), |
371 | n_u64(81c2c92e47edaee6), n_u64(92722c851482353b), | 371 | n_u64(81c2c92e47edaee6), n_u64(92722c851482353b), |
372 | n_u64(a2bfe8a14cf10364), n_u64(a81a664bbc423001), | 372 | n_u64(a2bfe8a14cf10364), n_u64(a81a664bbc423001), |
373 | n_u64(c24b8b70d0f89791), n_u64(c76c51a30654be30), | 373 | n_u64(c24b8b70d0f89791), n_u64(c76c51a30654be30), |
374 | n_u64(d192e819d6ef5218), n_u64(d69906245565a910), | 374 | n_u64(d192e819d6ef5218), n_u64(d69906245565a910), |
375 | n_u64(f40e35855771202a), n_u64(106aa07032bbd1b8), | 375 | n_u64(f40e35855771202a), n_u64(106aa07032bbd1b8), |
376 | n_u64(19a4c116b8d2d0c8), n_u64(1e376c085141ab53), | 376 | n_u64(19a4c116b8d2d0c8), n_u64(1e376c085141ab53), |
377 | n_u64(2748774cdf8eeb99), n_u64(34b0bcb5e19b48a8), | 377 | n_u64(2748774cdf8eeb99), n_u64(34b0bcb5e19b48a8), |
378 | n_u64(391c0cb3c5c95a63), n_u64(4ed8aa4ae3418acb), | 378 | n_u64(391c0cb3c5c95a63), n_u64(4ed8aa4ae3418acb), |
379 | n_u64(5b9cca4f7763e373), n_u64(682e6ff3d6b2b8a3), | 379 | n_u64(5b9cca4f7763e373), n_u64(682e6ff3d6b2b8a3), |
380 | n_u64(748f82ee5defb2fc), n_u64(78a5636f43172f60), | 380 | n_u64(748f82ee5defb2fc), n_u64(78a5636f43172f60), |
381 | n_u64(84c87814a1f0ab72), n_u64(8cc702081a6439ec), | 381 | n_u64(84c87814a1f0ab72), n_u64(8cc702081a6439ec), |
382 | n_u64(90befffa23631e28), n_u64(a4506cebde82bde9), | 382 | n_u64(90befffa23631e28), n_u64(a4506cebde82bde9), |
383 | n_u64(bef9a3f7b2c67915), n_u64(c67178f2e372532b), | 383 | n_u64(bef9a3f7b2c67915), n_u64(c67178f2e372532b), |
384 | n_u64(ca273eceea26619c), n_u64(d186b8c721c0c207), | 384 | n_u64(ca273eceea26619c), n_u64(d186b8c721c0c207), |
385 | n_u64(eada7dd6cde0eb1e), n_u64(f57d4f7fee6ed178), | 385 | n_u64(eada7dd6cde0eb1e), n_u64(f57d4f7fee6ed178), |
386 | n_u64(06f067aa72176fba), n_u64(0a637dc5a2c898a6), | 386 | n_u64(06f067aa72176fba), n_u64(0a637dc5a2c898a6), |
387 | n_u64(113f9804bef90dae), n_u64(1b710b35131c471b), | 387 | n_u64(113f9804bef90dae), n_u64(1b710b35131c471b), |
388 | n_u64(28db77f523047d84), n_u64(32caab7b40c72493), | 388 | n_u64(28db77f523047d84), n_u64(32caab7b40c72493), |
389 | n_u64(3c9ebe0a15c9bebc), n_u64(431d67c49c100d4c), | 389 | n_u64(3c9ebe0a15c9bebc), n_u64(431d67c49c100d4c), |
390 | n_u64(4cc5d4becb3e42b6), n_u64(597f299cfc657e2a), | 390 | n_u64(4cc5d4becb3e42b6), n_u64(597f299cfc657e2a), |
391 | n_u64(5fcb6fab3ad6faec), n_u64(6c44198c4a475817) | 391 | n_u64(5fcb6fab3ad6faec), n_u64(6c44198c4a475817) |
392 | }; | 392 | }; |
393 | 393 | ||
394 | /* Compile 64 bytes of hash data into SHA384/SHA512 digest value */ | 394 | /* Compile 64 bytes of hash data into SHA384/SHA512 digest value */ |
395 | 395 | ||
396 | sha2_void sha512_compile(sha512_ctx ctx[1]) | 396 | sha2_void sha512_compile(sha512_ctx ctx[1]) |
397 | { sha2_64t v[8]; | 397 | { sha2_64t v[8]; |
398 | sha2_32t j; | 398 | sha2_32t j; |
399 | 399 | ||
400 | memcpy(v, ctx->hash, 8 * sizeof(sha2_64t)); | 400 | memcpy(v, ctx->hash, 8 * sizeof(sha2_64t)); |
401 | 401 | ||
402 | for(j = 0; j < 80; j += 16) | 402 | for(j = 0; j < 80; j += 16) |
403 | { | 403 | { |
404 | h5_cycle( 0, j); h5_cycle( 1, j); h5_cycle( 2, j); h5_cycle( 3, j); | 404 | h5_cycle( 0, j); h5_cycle( 1, j); h5_cycle( 2, j); h5_cycle( 3, j); |
405 | h5_cycle( 4, j); h5_cycle( 5, j); h5_cycle( 6, j); h5_cycle( 7, j); | 405 | h5_cycle( 4, j); h5_cycle( 5, j); h5_cycle( 6, j); h5_cycle( 7, j); |
406 | h5_cycle( 8, j); h5_cycle( 9, j); h5_cycle(10, j); h5_cycle(11, j); | 406 | h5_cycle( 8, j); h5_cycle( 9, j); h5_cycle(10, j); h5_cycle(11, j); |
407 | h5_cycle(12, j); h5_cycle(13, j); h5_cycle(14, j); h5_cycle(15, j); | 407 | h5_cycle(12, j); h5_cycle(13, j); h5_cycle(14, j); h5_cycle(15, j); |
408 | } | 408 | } |
409 | 409 | ||
410 | ctx->hash[0] += v[0]; ctx->hash[1] += v[1]; ctx->hash[2] += v[2]; ctx->hash[3] += v[3]; | 410 | ctx->hash[0] += v[0]; ctx->hash[1] += v[1]; ctx->hash[2] += v[2]; ctx->hash[3] += v[3]; |
411 | ctx->hash[4] += v[4]; ctx->hash[5] += v[5]; ctx->hash[6] += v[6]; ctx->hash[7] += v[7]; | 411 | ctx->hash[4] += v[4]; ctx->hash[5] += v[5]; ctx->hash[6] += v[6]; ctx->hash[7] += v[7]; |
412 | } | 412 | } |
413 | 413 | ||
414 | /* Compile 128 bytes of hash data into SHA256 digest value */ | 414 | /* Compile 128 bytes of hash data into SHA256 digest value */ |
415 | /* NOTE: this routine assumes that the byte order in the */ | 415 | /* NOTE: this routine assumes that the byte order in the */ |
416 | /* ctx->wbuf[] at this point is in such an order that low */ | 416 | /* ctx->wbuf[] at this point is in such an order that low */ |
417 | /* address bytes in the ORIGINAL byte stream placed in this */ | 417 | /* address bytes in the ORIGINAL byte stream placed in this */ |
418 | /* buffer will now go to the high end of words on BOTH big */ | 418 | /* buffer will now go to the high end of words on BOTH big */ |
419 | /* and little endian systems */ | 419 | /* and little endian systems */ |
420 | 420 | ||
421 | sha2_void sha512_hash(const unsigned char data[], unsigned long len, sha512_ctx ctx[1]) | 421 | sha2_void sha512_hash(const unsigned char data[], unsigned long len, sha512_ctx ctx[1]) |
422 | { sha2_32t pos = (sha2_32t)(ctx->count[0] & SHA512_MASK), | 422 | { sha2_32t pos = (sha2_32t)(ctx->count[0] & SHA512_MASK), |
423 | space = SHA512_BLOCK_SIZE - pos; | 423 | space = SHA512_BLOCK_SIZE - pos; |
424 | const unsigned char *sp = data; | 424 | const unsigned char *sp = data; |
425 | 425 | ||
426 | if((ctx->count[0] += len) < len) | 426 | if((ctx->count[0] += len) < len) |
427 | ++(ctx->count[1]); | 427 | ++(ctx->count[1]); |
428 | 428 | ||
429 | while(len >= space) /* tranfer whole blocks while possible */ | 429 | while(len >= space) /* tranfer whole blocks while possible */ |
430 | { | 430 | { |
431 | memcpy(((unsigned char*)ctx->wbuf) + pos, sp, space); | 431 | memcpy(((unsigned char*)ctx->wbuf) + pos, sp, space); |
432 | sp += space; len -= space; space = SHA512_BLOCK_SIZE; pos = 0; | 432 | sp += space; len -= space; space = SHA512_BLOCK_SIZE; pos = 0; |
433 | bsw_64(ctx->wbuf, SHA512_BLOCK_SIZE >> 3); | 433 | bsw_64(ctx->wbuf, SHA512_BLOCK_SIZE >> 3); |
434 | sha512_compile(ctx); | 434 | sha512_compile(ctx); |
435 | } | 435 | } |
436 | 436 | ||
437 | memcpy(((unsigned char*)ctx->wbuf) + pos, sp, len); | 437 | memcpy(((unsigned char*)ctx->wbuf) + pos, sp, len); |
438 | } | 438 | } |
439 | 439 | ||
440 | /* SHA384/512 Final padding and digest calculation */ | 440 | /* SHA384/512 Final padding and digest calculation */ |
441 | 441 | ||
442 | static sha2_64t m2[8] = | 442 | static sha2_64t m2[8] = |
443 | { | 443 | { |
444 | n_u64(0000000000000000), n_u64(ff00000000000000), | 444 | n_u64(0000000000000000), n_u64(ff00000000000000), |
445 | n_u64(ffff000000000000), n_u64(ffffff0000000000), | 445 | n_u64(ffff000000000000), n_u64(ffffff0000000000), |
446 | n_u64(ffffffff00000000), n_u64(ffffffffff000000), | 446 | n_u64(ffffffff00000000), n_u64(ffffffffff000000), |
447 | n_u64(ffffffffffff0000), n_u64(ffffffffffffff00) | 447 | n_u64(ffffffffffff0000), n_u64(ffffffffffffff00) |
448 | }; | 448 | }; |
449 | 449 | ||
450 | static sha2_64t b2[8] = | 450 | static sha2_64t b2[8] = |
451 | { | 451 | { |
452 | n_u64(8000000000000000), n_u64(0080000000000000), | 452 | n_u64(8000000000000000), n_u64(0080000000000000), |
453 | n_u64(0000800000000000), n_u64(0000008000000000), | 453 | n_u64(0000800000000000), n_u64(0000008000000000), |
454 | n_u64(0000000080000000), n_u64(0000000000800000), | 454 | n_u64(0000000080000000), n_u64(0000000000800000), |
455 | n_u64(0000000000008000), n_u64(0000000000000080) | 455 | n_u64(0000000000008000), n_u64(0000000000000080) |
456 | }; | 456 | }; |
457 | 457 | ||
458 | static void sha_end(unsigned char hval[], sha512_ctx ctx[1], const unsigned int hlen) | 458 | static void sha_end(unsigned char hval[], sha512_ctx ctx[1], const unsigned int hlen) |
459 | { sha2_32t i = (sha2_32t)(ctx->count[0] & SHA512_MASK); | 459 | { sha2_32t i = (sha2_32t)(ctx->count[0] & SHA512_MASK); |
460 | 460 | ||
461 | bsw_64(ctx->wbuf, (i + 7) >> 3); | 461 | bsw_64(ctx->wbuf, (i + 7) >> 3); |
462 | 462 | ||
463 | /* bytes in the buffer are now in an order in which references */ | 463 | /* bytes in the buffer are now in an order in which references */ |
464 | /* to 64-bit words will put bytes with lower addresses into the */ | 464 | /* to 64-bit words will put bytes with lower addresses into the */ |
465 | /* top of 64 bit words on BOTH big and little endian machines */ | 465 | /* top of 64 bit words on BOTH big and little endian machines */ |
466 | 466 | ||
467 | /* we now need to mask valid bytes and add the padding which is */ | 467 | /* we now need to mask valid bytes and add the padding which is */ |
468 | /* a single 1 bit and as many zero bits as necessary. */ | 468 | /* a single 1 bit and as many zero bits as necessary. */ |
469 | ctx->wbuf[i >> 3] = (ctx->wbuf[i >> 3] & m2[i & 7]) | b2[i & 7]; | 469 | ctx->wbuf[i >> 3] = (ctx->wbuf[i >> 3] & m2[i & 7]) | b2[i & 7]; |
470 | 470 | ||
471 | /* we need 17 or more empty byte positions, one for the padding */ | 471 | /* we need 17 or more empty byte positions, one for the padding */ |
472 | /* byte (above) and sixteen for the length count. If there is */ | 472 | /* byte (above) and sixteen for the length count. If there is */ |
473 | /* not enough space pad and empty the buffer */ | 473 | /* not enough space pad and empty the buffer */ |
474 | if(i > SHA512_BLOCK_SIZE - 17) | 474 | if(i > SHA512_BLOCK_SIZE - 17) |
475 | { | 475 | { |
476 | if(i < 120) ctx->wbuf[15] = 0; | 476 | if(i < 120) ctx->wbuf[15] = 0; |
477 | sha512_compile(ctx); | 477 | sha512_compile(ctx); |
478 | i = 0; | 478 | i = 0; |
479 | } | 479 | } |
480 | else | 480 | else |
481 | i = (i >> 3) + 1; | 481 | i = (i >> 3) + 1; |
482 | 482 | ||
483 | while(i < 14) | 483 | while(i < 14) |
484 | ctx->wbuf[i++] = 0; | 484 | ctx->wbuf[i++] = 0; |
485 | 485 | ||
486 | /* the following 64-bit length fields are assembled in the */ | 486 | /* the following 64-bit length fields are assembled in the */ |
487 | /* wrong byte order on little endian machines but this is */ | 487 | /* wrong byte order on little endian machines but this is */ |
488 | /* corrected later since they are only ever used as 64-bit */ | 488 | /* corrected later since they are only ever used as 64-bit */ |
489 | /* word values. */ | 489 | /* word values. */ |
490 | 490 | ||
491 | ctx->wbuf[14] = (ctx->count[1] << 3) | (ctx->count[0] >> 61); | 491 | ctx->wbuf[14] = (ctx->count[1] << 3) | (ctx->count[0] >> 61); |
492 | ctx->wbuf[15] = ctx->count[0] << 3; | 492 | ctx->wbuf[15] = ctx->count[0] << 3; |
493 | 493 | ||
494 | sha512_compile(ctx); | 494 | sha512_compile(ctx); |
495 | 495 | ||
496 | /* extract the hash value as bytes in case the hash buffer is */ | 496 | /* extract the hash value as bytes in case the hash buffer is */ |
497 | /* misaligned for 32-bit words */ | 497 | /* misaligned for 32-bit words */ |
498 | for(i = 0; i < hlen; ++i) | 498 | for(i = 0; i < hlen; ++i) |
499 | hval[i] = (unsigned char)(ctx->hash[i >> 3] >> (8 * (~i & 7))); | 499 | hval[i] = (unsigned char)(ctx->hash[i >> 3] >> (8 * (~i & 7))); |
500 | } | 500 | } |
501 | 501 | ||
502 | #endif | 502 | #endif |
503 | 503 | ||
504 | #if defined(SHA_2) || defined(SHA_384) | 504 | #if defined(SHA_2) || defined(SHA_384) |
505 | 505 | ||
506 | /* SHA384 initialisation data */ | 506 | /* SHA384 initialisation data */ |
507 | 507 | ||
508 | const sha2_64t i384[80] = | 508 | const sha2_64t i384[80] = |
509 | { | 509 | { |
510 | n_u64(cbbb9d5dc1059ed8), n_u64(629a292a367cd507), | 510 | n_u64(cbbb9d5dc1059ed8), n_u64(629a292a367cd507), |
511 | n_u64(9159015a3070dd17), n_u64(152fecd8f70e5939), | 511 | n_u64(9159015a3070dd17), n_u64(152fecd8f70e5939), |
512 | n_u64(67332667ffc00b31), n_u64(8eb44a8768581511), | 512 | n_u64(67332667ffc00b31), n_u64(8eb44a8768581511), |
513 | n_u64(db0c2e0d64f98fa7), n_u64(47b5481dbefa4fa4) | 513 | n_u64(db0c2e0d64f98fa7), n_u64(47b5481dbefa4fa4) |
514 | }; | 514 | }; |
515 | 515 | ||
516 | sha2_void sha384_begin(sha384_ctx ctx[1]) | 516 | sha2_void sha384_begin(sha384_ctx ctx[1]) |
517 | { | 517 | { |
518 | ctx->count[0] = ctx->count[1] = 0; | 518 | ctx->count[0] = ctx->count[1] = 0; |
519 | memcpy(ctx->hash, i384, 8 * sizeof(sha2_64t)); | 519 | memcpy(ctx->hash, i384, 8 * sizeof(sha2_64t)); |
520 | } | 520 | } |
521 | 521 | ||
522 | sha2_void sha384_end(unsigned char hval[], sha384_ctx ctx[1]) | 522 | sha2_void sha384_end(unsigned char hval[], sha384_ctx ctx[1]) |
523 | { | 523 | { |
524 | sha_end(hval, ctx, SHA384_DIGEST_SIZE); | 524 | sha_end(hval, ctx, SHA384_DIGEST_SIZE); |
525 | } | 525 | } |
526 | 526 | ||
527 | sha2_void sha384(unsigned char hval[], const unsigned char data[], unsigned long len) | 527 | sha2_void sha384(unsigned char hval[], const unsigned char data[], unsigned long len) |
528 | { sha384_ctx cx[1]; | 528 | { sha384_ctx cx[1]; |
529 | 529 | ||
530 | sha384_begin(cx); sha384_hash(data, len, cx); sha384_end(hval, cx); | 530 | sha384_begin(cx); sha384_hash(data, len, cx); sha384_end(hval, cx); |
531 | } | 531 | } |
532 | 532 | ||
533 | #endif | 533 | #endif |
534 | 534 | ||
535 | #if defined(SHA_2) || defined(SHA_512) | 535 | #if defined(SHA_2) || defined(SHA_512) |
536 | 536 | ||
537 | /* SHA512 initialisation data */ | 537 | /* SHA512 initialisation data */ |
538 | 538 | ||
539 | const sha2_64t i512[80] = | 539 | const sha2_64t i512[80] = |
540 | { | 540 | { |
541 | n_u64(6a09e667f3bcc908), n_u64(bb67ae8584caa73b), | 541 | n_u64(6a09e667f3bcc908), n_u64(bb67ae8584caa73b), |
542 | n_u64(3c6ef372fe94f82b), n_u64(a54ff53a5f1d36f1), | 542 | n_u64(3c6ef372fe94f82b), n_u64(a54ff53a5f1d36f1), |
543 | n_u64(510e527fade682d1), n_u64(9b05688c2b3e6c1f), | 543 | n_u64(510e527fade682d1), n_u64(9b05688c2b3e6c1f), |
544 | n_u64(1f83d9abfb41bd6b), n_u64(5be0cd19137e2179) | 544 | n_u64(1f83d9abfb41bd6b), n_u64(5be0cd19137e2179) |
545 | }; | 545 | }; |
546 | 546 | ||
547 | sha2_void sha512_begin(sha512_ctx ctx[1]) | 547 | sha2_void sha512_begin(sha512_ctx ctx[1]) |
548 | { | 548 | { |
549 | ctx->count[0] = ctx->count[1] = 0; | 549 | ctx->count[0] = ctx->count[1] = 0; |
550 | memcpy(ctx->hash, i512, 8 * sizeof(sha2_64t)); | 550 | memcpy(ctx->hash, i512, 8 * sizeof(sha2_64t)); |
551 | } | 551 | } |
552 | 552 | ||
553 | sha2_void sha512_end(unsigned char hval[], sha512_ctx ctx[1]) | 553 | sha2_void sha512_end(unsigned char hval[], sha512_ctx ctx[1]) |
554 | { | 554 | { |
555 | sha_end(hval, ctx, SHA512_DIGEST_SIZE); | 555 | sha_end(hval, ctx, SHA512_DIGEST_SIZE); |
556 | } | 556 | } |
557 | 557 | ||
558 | sha2_void sha512(unsigned char hval[], const unsigned char data[], unsigned long len) | 558 | sha2_void sha512(unsigned char hval[], const unsigned char data[], unsigned long len) |
559 | { sha512_ctx cx[1]; | 559 | { sha512_ctx cx[1]; |
560 | 560 | ||
561 | sha512_begin(cx); sha512_hash(data, len, cx); sha512_end(hval, cx); | 561 | sha512_begin(cx); sha512_hash(data, len, cx); sha512_end(hval, cx); |
562 | } | 562 | } |
563 | 563 | ||
564 | #endif | 564 | #endif |
565 | 565 | ||
566 | #if defined(SHA_2) | 566 | #if defined(SHA_2) |
567 | 567 | ||
568 | #define CTX_256(x) ((x)->uu->ctx256) | 568 | #define CTX_256(x) ((x)->uu->ctx256) |
569 | #define CTX_384(x) ((x)->uu->ctx512) | 569 | #define CTX_384(x) ((x)->uu->ctx512) |
570 | #define CTX_512(x) ((x)->uu->ctx512) | 570 | #define CTX_512(x) ((x)->uu->ctx512) |
571 | 571 | ||
572 | /* SHA2 initialisation */ | 572 | /* SHA2 initialisation */ |
573 | 573 | ||
574 | sha2_int sha2_begin(unsigned long len, sha2_ctx ctx[1]) | 574 | sha2_int sha2_begin(unsigned long len, sha2_ctx ctx[1]) |
575 | { unsigned long l = len; | 575 | { unsigned long l = len; |
576 | switch(len) | 576 | switch(len) |
577 | { | 577 | { |
578 | case 256: l = len >> 3; | 578 | case 256: l = len >> 3; |
579 | case 32: CTX_256(ctx)->count[0] = CTX_256(ctx)->count[1] = 0; | 579 | case 32: CTX_256(ctx)->count[0] = CTX_256(ctx)->count[1] = 0; |
580 | memcpy(CTX_256(ctx)->hash, i256, 32); break; | 580 | memcpy(CTX_256(ctx)->hash, i256, 32); break; |
581 | case 384: l = len >> 3; | 581 | case 384: l = len >> 3; |
582 | case 48: CTX_384(ctx)->count[0] = CTX_384(ctx)->count[1] = 0; | 582 | case 48: CTX_384(ctx)->count[0] = CTX_384(ctx)->count[1] = 0; |
583 | memcpy(CTX_384(ctx)->hash, i384, 64); break; | 583 | memcpy(CTX_384(ctx)->hash, i384, 64); break; |
584 | case 512: l = len >> 3; | 584 | case 512: l = len >> 3; |
585 | case 64: CTX_512(ctx)->count[0] = CTX_512(ctx)->count[1] = 0; | 585 | case 64: CTX_512(ctx)->count[0] = CTX_512(ctx)->count[1] = 0; |
586 | memcpy(CTX_512(ctx)->hash, i512, 64); break; | 586 | memcpy(CTX_512(ctx)->hash, i512, 64); break; |
587 | default: return SHA2_BAD; | 587 | default: return SHA2_BAD; |
588 | } | 588 | } |
589 | 589 | ||
590 | ctx->sha2_len = l; return SHA2_GOOD; | 590 | ctx->sha2_len = l; return SHA2_GOOD; |
591 | } | 591 | } |
592 | 592 | ||
593 | sha2_void sha2_hash(const unsigned char data[], unsigned long len, sha2_ctx ctx[1]) | 593 | sha2_void sha2_hash(const unsigned char data[], unsigned long len, sha2_ctx ctx[1]) |
594 | { | 594 | { |
595 | switch(ctx->sha2_len) | 595 | switch(ctx->sha2_len) |
596 | { | 596 | { |
597 | case 32: sha256_hash(data, len, CTX_256(ctx)); return; | 597 | case 32: sha256_hash(data, len, CTX_256(ctx)); return; |
598 | case 48: sha384_hash(data, len, CTX_384(ctx)); return; | 598 | case 48: sha384_hash(data, len, CTX_384(ctx)); return; |
599 | case 64: sha512_hash(data, len, CTX_512(ctx)); return; | 599 | case 64: sha512_hash(data, len, CTX_512(ctx)); return; |
600 | } | 600 | } |
601 | } | 601 | } |
602 | 602 | ||
603 | sha2_void sha2_end(unsigned char hval[], sha2_ctx ctx[1]) | 603 | sha2_void sha2_end(unsigned char hval[], sha2_ctx ctx[1]) |
604 | { | 604 | { |
605 | switch(ctx->sha2_len) | 605 | switch(ctx->sha2_len) |
606 | { | 606 | { |
607 | case 32: sha256_end(hval, CTX_256(ctx)); return; | 607 | case 32: sha256_end(hval, CTX_256(ctx)); return; |
608 | case 48: sha_end(hval, CTX_384(ctx), SHA384_DIGEST_SIZE); return; | 608 | case 48: sha_end(hval, CTX_384(ctx), SHA384_DIGEST_SIZE); return; |
609 | case 64: sha_end(hval, CTX_512(ctx), SHA512_DIGEST_SIZE); return; | 609 | case 64: sha_end(hval, CTX_512(ctx), SHA512_DIGEST_SIZE); return; |
610 | } | 610 | } |
611 | } | 611 | } |
612 | 612 | ||
613 | sha2_int sha2(unsigned char hval[], unsigned long size, | 613 | sha2_int sha2(unsigned char hval[], unsigned long size, |
614 | const unsigned char data[], unsigned long len) | 614 | const unsigned char data[], unsigned long len) |
615 | { sha2_ctx cx[1]; | 615 | { sha2_ctx cx[1]; |
616 | 616 | ||
617 | if(sha2_begin(size, cx) == SHA2_GOOD) | 617 | if(sha2_begin(size, cx) == SHA2_GOOD) |
618 | { | 618 | { |
619 | sha2_hash(data, len, cx); sha2_end(hval, cx); return SHA2_GOOD; | 619 | sha2_hash(data, len, cx); sha2_end(hval, cx); return SHA2_GOOD; |
620 | } | 620 | } |
621 | else | 621 | else |
622 | return SHA2_BAD; | 622 | return SHA2_BAD; |
623 | } | 623 | } |
624 | 624 | ||
625 | #endif | 625 | #endif |
626 | 626 | ||