Annotation of embedaddon/sudo/plugins/sudoers/sha2.c, revision 1.1
1.1 ! misho 1: /*
! 2: * Copyright (c) 2013 Todd C. Miller <Todd.Miller@courtesan.com>
! 3: *
! 4: * Permission to use, copy, modify, and distribute this software for any
! 5: * purpose with or without fee is hereby granted, provided that the above
! 6: * copyright notice and this permission notice appear in all copies.
! 7: *
! 8: * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
! 9: * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
! 10: * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
! 11: * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
! 12: * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
! 13: * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
! 14: * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
! 15: */
! 16:
! 17: /*
! 18: * Implementation of SHA-224, SHA-256, SHA-384 and SHA-512
! 19: * as per FIPS 180-4: Secure Hash Standard (SHS)
! 20: * http://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf
! 21: *
! 22: * Derived from the public domain SHA-1 and SHA-2 implementations
! 23: * by Steve Reid and Wei Dai respectively.
! 24: */
! 25:
! 26: #include <config.h>
! 27:
! 28: #include <stdio.h>
! 29: #ifdef STDC_HEADERS
! 30: # include <stdlib.h>
! 31: # include <stddef.h>
! 32: #else
! 33: # ifdef HAVE_STDLIB_H
! 34: # include <stdlib.h>
! 35: # endif
! 36: #endif /* STDC_HEADERS */
! 37: #ifdef HAVE_STRING_H
! 38: # if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS)
! 39: # include <memory.h>
! 40: # endif
! 41: # include <string.h>
! 42: #endif /* HAVE_STRING_H */
! 43: #ifdef HAVE_STRINGS_H
! 44: # include <strings.h>
! 45: #endif /* HAVE_STRINGS_H */
! 46: #if defined(HAVE_STDINT_H)
! 47: # include <stdint.h>
! 48: #elif defined(HAVE_INTTYPES_H)
! 49: # include <inttypes.h>
! 50: #endif
! 51: #if defined(HAVE_ENDIAN_H)
! 52: # include <endian.h>
! 53: #elif defined(HAVE_SYS_ENDIAN_H)
! 54: # include <sys/endian.h>
! 55: #elif defined(HAVE_MACHINE_ENDIAN_H)
! 56: # include <machine/endian.h>
! 57: #else
! 58: # include "compat/endian.h"
! 59: #endif
! 60:
! 61: #include "sha2.h"
! 62:
! 63: /*
! 64: * SHA-2 operates on 32-bit and 64-bit words in big endian byte order.
! 65: * The following macros convert between character arrays and big endian words.
! 66: */
! 67: #define BE8TO32(x, y) do { \
! 68: (x) = (((uint32_t)((y)[0] & 255) << 24) | \
! 69: ((uint32_t)((y)[1] & 255) << 16) | \
! 70: ((uint32_t)((y)[2] & 255) << 8) | \
! 71: ((uint32_t)((y)[3] & 255))); \
! 72: } while (0)
! 73:
! 74: #define BE8TO64(x, y) do { \
! 75: (x) = (((uint64_t)((y)[0] & 255) << 56) | \
! 76: ((uint64_t)((y)[1] & 255) << 48) | \
! 77: ((uint64_t)((y)[2] & 255) << 40) | \
! 78: ((uint64_t)((y)[3] & 255) << 32) | \
! 79: ((uint64_t)((y)[4] & 255) << 24) | \
! 80: ((uint64_t)((y)[5] & 255) << 16) | \
! 81: ((uint64_t)((y)[6] & 255) << 8) | \
! 82: ((uint64_t)((y)[7] & 255))); \
! 83: } while (0)
! 84:
! 85: #define BE32TO8(x, y) do { \
! 86: (x)[0] = (uint8_t)(((y) >> 24) & 255); \
! 87: (x)[1] = (uint8_t)(((y) >> 16) & 255); \
! 88: (x)[2] = (uint8_t)(((y) >> 8) & 255); \
! 89: (x)[3] = (uint8_t)((y) & 255); \
! 90: } while (0)
! 91:
! 92: #define BE64TO8(x, y) do { \
! 93: (x)[0] = (uint8_t)(((y) >> 56) & 255); \
! 94: (x)[1] = (uint8_t)(((y) >> 48) & 255); \
! 95: (x)[2] = (uint8_t)(((y) >> 40) & 255); \
! 96: (x)[3] = (uint8_t)(((y) >> 32) & 255); \
! 97: (x)[4] = (uint8_t)(((y) >> 24) & 255); \
! 98: (x)[5] = (uint8_t)(((y) >> 16) & 255); \
! 99: (x)[6] = (uint8_t)(((y) >> 8) & 255); \
! 100: (x)[7] = (uint8_t)((y) & 255); \
! 101: } while (0)
! 102:
! 103: #define rotrFixed(x,y) (y ? ((x>>y) | (x<<(sizeof(x)*8-y))) : x)
! 104:
! 105: #define blk0(i) (W[i])
! 106: #define blk2(i) (W[i&15]+=s1(W[(i-2)&15])+W[(i-7)&15]+s0(W[(i-15)&15]))
! 107:
! 108: #define Ch(x,y,z) (z^(x&(y^z)))
! 109: #define Maj(x,y,z) (y^((x^y)&(y^z)))
! 110:
! 111: #define a(i) T[(0-i)&7]
! 112: #define b(i) T[(1-i)&7]
! 113: #define c(i) T[(2-i)&7]
! 114: #define d(i) T[(3-i)&7]
! 115: #define e(i) T[(4-i)&7]
! 116: #define f(i) T[(5-i)&7]
! 117: #define g(i) T[(6-i)&7]
! 118: #define h(i) T[(7-i)&7]
! 119:
! 120: extern void zero_bytes(volatile void *, size_t);
! 121:
! 122: void
! 123: SHA224Init(SHA2_CTX *ctx)
! 124: {
! 125: memset(ctx, 0, sizeof(*ctx));
! 126: ctx->state.st32[0] = 0xc1059ed8UL;
! 127: ctx->state.st32[1] = 0x367cd507UL;
! 128: ctx->state.st32[2] = 0x3070dd17UL;
! 129: ctx->state.st32[3] = 0xf70e5939UL;
! 130: ctx->state.st32[4] = 0xffc00b31UL;
! 131: ctx->state.st32[5] = 0x68581511UL;
! 132: ctx->state.st32[6] = 0x64f98fa7UL;
! 133: ctx->state.st32[7] = 0xbefa4fa4UL;
! 134: }
! 135:
! 136: void
! 137: SHA224Transform(uint32_t state[8], const uint8_t buffer[SHA224_BLOCK_LENGTH])
! 138: {
! 139: SHA256Transform(state, buffer);
! 140: }
! 141:
! 142: void
! 143: SHA224Update(SHA2_CTX *ctx, const uint8_t *data, size_t len)
! 144: {
! 145: SHA256Update(ctx, data, len);
! 146: }
! 147:
! 148: void
! 149: SHA224Pad(SHA2_CTX *ctx)
! 150: {
! 151: SHA256Pad(ctx);
! 152: }
! 153:
! 154: void
! 155: SHA224Final(uint8_t digest[SHA224_DIGEST_LENGTH], SHA2_CTX *ctx)
! 156: {
! 157: SHA256Pad(ctx);
! 158: if (digest != NULL) {
! 159: #if BYTE_ORDER == BIG_ENDIAN
! 160: memcpy(digest, ctx->state.st32, SHA224_DIGEST_LENGTH);
! 161: #else
! 162: unsigned int i;
! 163:
! 164: for (i = 0; i < 7; i++)
! 165: BE32TO8(digest + (i * 4), ctx->state.st32[i]);
! 166: #endif
! 167: memset(ctx, 0, sizeof(*ctx));
! 168: }
! 169: }
! 170:
! 171: static const uint32_t SHA256_K[64] = {
! 172: 0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL,
! 173: 0x3956c25bUL, 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL,
! 174: 0xd807aa98UL, 0x12835b01UL, 0x243185beUL, 0x550c7dc3UL,
! 175: 0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL, 0xc19bf174UL,
! 176: 0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL,
! 177: 0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL,
! 178: 0x983e5152UL, 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL,
! 179: 0xc6e00bf3UL, 0xd5a79147UL, 0x06ca6351UL, 0x14292967UL,
! 180: 0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL, 0x53380d13UL,
! 181: 0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL,
! 182: 0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL,
! 183: 0xd192e819UL, 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL,
! 184: 0x19a4c116UL, 0x1e376c08UL, 0x2748774cUL, 0x34b0bcb5UL,
! 185: 0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL, 0x682e6ff3UL,
! 186: 0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL,
! 187: 0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL
! 188: };
! 189:
! 190: void
! 191: SHA256Init(SHA2_CTX *ctx)
! 192: {
! 193: memset(ctx, 0, sizeof(*ctx));
! 194: ctx->state.st32[0] = 0x6a09e667UL;
! 195: ctx->state.st32[1] = 0xbb67ae85UL;
! 196: ctx->state.st32[2] = 0x3c6ef372UL;
! 197: ctx->state.st32[3] = 0xa54ff53aUL;
! 198: ctx->state.st32[4] = 0x510e527fUL;
! 199: ctx->state.st32[5] = 0x9b05688cUL;
! 200: ctx->state.st32[6] = 0x1f83d9abUL;
! 201: ctx->state.st32[7] = 0x5be0cd19UL;
! 202: }
! 203:
! 204: /* Round macros for SHA256 */
! 205: #define R(i) do { \
! 206: h(i)+=S1(e(i))+Ch(e(i),f(i),g(i))+SHA256_K[i+j]+(j?blk2(i):blk0(i)); \
! 207: d(i)+=h(i); \
! 208: h(i)+=S0(a(i))+Maj(a(i),b(i),c(i)); \
! 209: } while (0)
! 210:
! 211: #define S0(x) (rotrFixed(x,2)^rotrFixed(x,13)^rotrFixed(x,22))
! 212: #define S1(x) (rotrFixed(x,6)^rotrFixed(x,11)^rotrFixed(x,25))
! 213: #define s0(x) (rotrFixed(x,7)^rotrFixed(x,18)^(x>>3))
! 214: #define s1(x) (rotrFixed(x,17)^rotrFixed(x,19)^(x>>10))
! 215:
! 216: void
! 217: SHA256Transform(uint32_t state[8], const uint8_t data[SHA256_BLOCK_LENGTH])
! 218: {
! 219: uint32_t W[16];
! 220: uint32_t T[8];
! 221: unsigned int j;
! 222:
! 223: /* Copy context state to working vars. */
! 224: memcpy(T, state, sizeof(T));
! 225: /* Copy data to W in big endian format. */
! 226: #if BYTE_ORDER == BIG_ENDIAN
! 227: memcpy(W, data, sizeof(W));
! 228: #else
! 229: for (j = 0; j < 16; j++) {
! 230: BE8TO32(W[j], data);
! 231: data += 4;
! 232: }
! 233: #endif
! 234: /* 64 operations, partially loop unrolled. */
! 235: for (j = 0; j < 64; j += 16)
! 236: {
! 237: R( 0); R( 1); R( 2); R( 3);
! 238: R( 4); R( 5); R( 6); R( 7);
! 239: R( 8); R( 9); R(10); R(11);
! 240: R(12); R(13); R(14); R(15);
! 241: }
! 242: /* Add the working vars back into context state. */
! 243: state[0] += a(0);
! 244: state[1] += b(0);
! 245: state[2] += c(0);
! 246: state[3] += d(0);
! 247: state[4] += e(0);
! 248: state[5] += f(0);
! 249: state[6] += g(0);
! 250: state[7] += h(0);
! 251: /* Cleanup */
! 252: zero_bytes(T, sizeof(T));
! 253: zero_bytes(W, sizeof(W));
! 254: }
! 255:
! 256: #undef S0
! 257: #undef S1
! 258: #undef s0
! 259: #undef s1
! 260: #undef R
! 261:
! 262: void
! 263: SHA256Update(SHA2_CTX *ctx, const uint8_t *data, size_t len)
! 264: {
! 265: size_t i = 0, j;
! 266:
! 267: j = (size_t)((ctx->count[0] >> 3) & (SHA256_BLOCK_LENGTH - 1));
! 268: ctx->count[0] += (len << 3);
! 269: if ((j + len) > SHA256_BLOCK_LENGTH - 1) {
! 270: memcpy(&ctx->buffer[j], data, (i = SHA256_BLOCK_LENGTH - j));
! 271: SHA256Transform(ctx->state.st32, ctx->buffer);
! 272: for ( ; i + SHA256_BLOCK_LENGTH - 1 < len; i += SHA256_BLOCK_LENGTH)
! 273: SHA256Transform(ctx->state.st32, (uint8_t *)&data[i]);
! 274: j = 0;
! 275: }
! 276: memcpy(&ctx->buffer[j], &data[i], len - i);
! 277: }
! 278:
! 279: void
! 280: SHA256Pad(SHA2_CTX *ctx)
! 281: {
! 282: uint8_t finalcount[8];
! 283:
! 284: /* Store unpadded message length in bits in big endian format. */
! 285: BE64TO8(finalcount, ctx->count[0]);
! 286:
! 287: /* Append a '1' bit (0x80) to the message. */
! 288: SHA256Update(ctx, (uint8_t *)"\200", 1);
! 289:
! 290: /* Pad message such that the resulting length modulo 512 is 448. */
! 291: while ((ctx->count[0] & 504) != 448)
! 292: SHA256Update(ctx, (uint8_t *)"\0", 1);
! 293:
! 294: /* Append length of message in bits and do final SHA256Transform(). */
! 295: SHA256Update(ctx, finalcount, sizeof(finalcount));
! 296: }
! 297:
! 298: void
! 299: SHA256Final(uint8_t digest[SHA256_DIGEST_LENGTH], SHA2_CTX *ctx)
! 300: {
! 301: SHA256Pad(ctx);
! 302: if (digest != NULL) {
! 303: #if BYTE_ORDER == BIG_ENDIAN
! 304: memcpy(digest, ctx->state.st32, SHA256_DIGEST_LENGTH);
! 305: #else
! 306: unsigned int i;
! 307:
! 308: for (i = 0; i < 8; i++)
! 309: BE32TO8(digest + (i * 4), ctx->state.st32[i]);
! 310: #endif
! 311: memset(ctx, 0, sizeof(*ctx));
! 312: }
! 313: }
! 314:
! 315: void
! 316: SHA384Init(SHA2_CTX *ctx)
! 317: {
! 318: memset(ctx, 0, sizeof(*ctx));
! 319: ctx->state.st64[0] = 0xcbbb9d5dc1059ed8ULL;
! 320: ctx->state.st64[1] = 0x629a292a367cd507ULL;
! 321: ctx->state.st64[2] = 0x9159015a3070dd17ULL;
! 322: ctx->state.st64[3] = 0x152fecd8f70e5939ULL;
! 323: ctx->state.st64[4] = 0x67332667ffc00b31ULL;
! 324: ctx->state.st64[5] = 0x8eb44a8768581511ULL;
! 325: ctx->state.st64[6] = 0xdb0c2e0d64f98fa7ULL;
! 326: ctx->state.st64[7] = 0x47b5481dbefa4fa4ULL;
! 327: }
! 328:
! 329: void
! 330: SHA384Transform(uint64_t state[8], const uint8_t data[SHA384_BLOCK_LENGTH])
! 331: {
! 332: SHA512Transform(state, data);
! 333: }
! 334:
! 335: void
! 336: SHA384Update(SHA2_CTX *ctx, const uint8_t *data, size_t len)
! 337: {
! 338: SHA512Update(ctx, data, len);
! 339: }
! 340:
! 341: void
! 342: SHA384Pad(SHA2_CTX *ctx)
! 343: {
! 344: SHA512Pad(ctx);
! 345: }
! 346:
! 347: void
! 348: SHA384Final(uint8_t digest[SHA384_DIGEST_LENGTH], SHA2_CTX *ctx)
! 349: {
! 350: SHA384Pad(ctx);
! 351: if (digest != NULL) {
! 352: #if BYTE_ORDER == BIG_ENDIAN
! 353: memcpy(digest, ctx->state.st64, SHA384_DIGEST_LENGTH);
! 354: #else
! 355: unsigned int i;
! 356:
! 357: for (i = 0; i < 6; i++)
! 358: BE64TO8(digest + (i * 8), ctx->state.st64[i]);
! 359: #endif
! 360: memset(ctx, 0, sizeof(*ctx));
! 361: }
! 362: }
! 363:
! 364: static const uint64_t SHA512_K[80] = {
! 365: 0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL,
! 366: 0xb5c0fbcfec4d3b2fULL, 0xe9b5dba58189dbbcULL,
! 367: 0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL,
! 368: 0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL,
! 369: 0xd807aa98a3030242ULL, 0x12835b0145706fbeULL,
! 370: 0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL,
! 371: 0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL,
! 372: 0x9bdc06a725c71235ULL, 0xc19bf174cf692694ULL,
! 373: 0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL,
! 374: 0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL,
! 375: 0x2de92c6f592b0275ULL, 0x4a7484aa6ea6e483ULL,
! 376: 0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL,
! 377: 0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL,
! 378: 0xb00327c898fb213fULL, 0xbf597fc7beef0ee4ULL,
! 379: 0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL,
! 380: 0x06ca6351e003826fULL, 0x142929670a0e6e70ULL,
! 381: 0x27b70a8546d22ffcULL, 0x2e1b21385c26c926ULL,
! 382: 0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL,
! 383: 0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL,
! 384: 0x81c2c92e47edaee6ULL, 0x92722c851482353bULL,
! 385: 0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL,
! 386: 0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL,
! 387: 0xd192e819d6ef5218ULL, 0xd69906245565a910ULL,
! 388: 0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL,
! 389: 0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL,
! 390: 0x2748774cdf8eeb99ULL, 0x34b0bcb5e19b48a8ULL,
! 391: 0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL,
! 392: 0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL,
! 393: 0x748f82ee5defb2fcULL, 0x78a5636f43172f60ULL,
! 394: 0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL,
! 395: 0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL,
! 396: 0xbef9a3f7b2c67915ULL, 0xc67178f2e372532bULL,
! 397: 0xca273eceea26619cULL, 0xd186b8c721c0c207ULL,
! 398: 0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL,
! 399: 0x06f067aa72176fbaULL, 0x0a637dc5a2c898a6ULL,
! 400: 0x113f9804bef90daeULL, 0x1b710b35131c471bULL,
! 401: 0x28db77f523047d84ULL, 0x32caab7b40c72493ULL,
! 402: 0x3c9ebe0a15c9bebcULL, 0x431d67c49c100d4cULL,
! 403: 0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL,
! 404: 0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL
! 405: };
! 406:
! 407: void
! 408: SHA512Init(SHA2_CTX *ctx)
! 409: {
! 410: memset(ctx, 0, sizeof(*ctx));
! 411: ctx->state.st64[0] = 0x6a09e667f3bcc908ULL;
! 412: ctx->state.st64[1] = 0xbb67ae8584caa73bULL;
! 413: ctx->state.st64[2] = 0x3c6ef372fe94f82bULL;
! 414: ctx->state.st64[3] = 0xa54ff53a5f1d36f1ULL;
! 415: ctx->state.st64[4] = 0x510e527fade682d1ULL;
! 416: ctx->state.st64[5] = 0x9b05688c2b3e6c1fULL;
! 417: ctx->state.st64[6] = 0x1f83d9abfb41bd6bULL;
! 418: ctx->state.st64[7] = 0x5be0cd19137e2179ULL;
! 419: }
! 420:
! 421: /* Round macros for SHA512 */
! 422: #define R(i) do { \
! 423: h(i)+=S1(e(i))+Ch(e(i),f(i),g(i))+SHA512_K[i+j]+(j?blk2(i):blk0(i)); \
! 424: d(i)+=h(i); \
! 425: h(i)+=S0(a(i))+Maj(a(i),b(i),c(i)); \
! 426: } while (0)
! 427:
! 428: #define S0(x) (rotrFixed(x,28)^rotrFixed(x,34)^rotrFixed(x,39))
! 429: #define S1(x) (rotrFixed(x,14)^rotrFixed(x,18)^rotrFixed(x,41))
! 430: #define s0(x) (rotrFixed(x,1)^rotrFixed(x,8)^(x>>7))
! 431: #define s1(x) (rotrFixed(x,19)^rotrFixed(x,61)^(x>>6))
! 432:
! 433: void
! 434: SHA512Transform(uint64_t state[8], const uint8_t data[SHA512_BLOCK_LENGTH])
! 435: {
! 436: uint64_t W[16];
! 437: uint64_t T[8];
! 438: unsigned int j;
! 439:
! 440: /* Copy context state to working vars. */
! 441: memcpy(T, state, sizeof(T));
! 442: /* Copy data to W in big endian format. */
! 443: #if BYTE_ORDER == BIG_ENDIAN
! 444: memcpy(W, data, sizeof(W));
! 445: #else
! 446: for (j = 0; j < 16; j++) {
! 447: BE8TO64(W[j], data);
! 448: data += 8;
! 449: }
! 450: #endif
! 451: /* 80 operations, partially loop unrolled. */
! 452: for (j = 0; j < 80; j += 16)
! 453: {
! 454: R( 0); R( 1); R( 2); R( 3);
! 455: R( 4); R( 5); R( 6); R( 7);
! 456: R( 8); R( 9); R(10); R(11);
! 457: R(12); R(13); R(14); R(15);
! 458: }
! 459: /* Add the working vars back into context state. */
! 460: state[0] += a(0);
! 461: state[1] += b(0);
! 462: state[2] += c(0);
! 463: state[3] += d(0);
! 464: state[4] += e(0);
! 465: state[5] += f(0);
! 466: state[6] += g(0);
! 467: state[7] += h(0);
! 468: /* Cleanup. */
! 469: zero_bytes(T, sizeof(T));
! 470: zero_bytes(W, sizeof(W));
! 471: }
! 472:
! 473: void
! 474: SHA512Update(SHA2_CTX *ctx, const uint8_t *data, size_t len)
! 475: {
! 476: size_t i = 0, j;
! 477:
! 478: j = (size_t)((ctx->count[0] >> 3) & (SHA512_BLOCK_LENGTH - 1));
! 479: ctx->count[0] += (len << 3);
! 480: if (ctx->count[0] < (len << 3))
! 481: ctx->count[1]++;
! 482: if ((j + len) > SHA512_BLOCK_LENGTH - 1) {
! 483: memcpy(&ctx->buffer[j], data, (i = SHA512_BLOCK_LENGTH - j));
! 484: SHA512Transform(ctx->state.st64, ctx->buffer);
! 485: for ( ; i + SHA512_BLOCK_LENGTH - 1 < len; i += SHA512_BLOCK_LENGTH)
! 486: SHA512Transform(ctx->state.st64, (uint8_t *)&data[i]);
! 487: j = 0;
! 488: }
! 489: memcpy(&ctx->buffer[j], &data[i], len - i);
! 490: }
! 491:
! 492: void
! 493: SHA512Pad(SHA2_CTX *ctx)
! 494: {
! 495: uint8_t finalcount[16];
! 496:
! 497: /* Store unpadded message length in bits in big endian format. */
! 498: BE64TO8(finalcount, ctx->count[1]);
! 499: BE64TO8(finalcount + 8, ctx->count[0]);
! 500:
! 501: /* Append a '1' bit (0x80) to the message. */
! 502: SHA512Update(ctx, (uint8_t *)"\200", 1);
! 503:
! 504: /* Pad message such that the resulting length modulo 1024 is 896. */
! 505: while ((ctx->count[0] & 1008) != 896)
! 506: SHA512Update(ctx, (uint8_t *)"\0", 1);
! 507:
! 508: /* Append length of message in bits and do final SHA512Transform(). */
! 509: SHA512Update(ctx, finalcount, sizeof(finalcount));
! 510: }
! 511:
! 512: void
! 513: SHA512Final(uint8_t digest[SHA512_DIGEST_LENGTH], SHA2_CTX *ctx)
! 514: {
! 515: SHA512Pad(ctx);
! 516: if (digest != NULL) {
! 517: #if BYTE_ORDER == BIG_ENDIAN
! 518: memcpy(digest, ctx->state.st64, SHA512_DIGEST_LENGTH);
! 519: #else
! 520: unsigned int i;
! 521:
! 522: for (i = 0; i < 8; i++)
! 523: BE64TO8(digest + (i * 8), ctx->state.st64[i]);
! 524: #endif
! 525: memset(ctx, 0, sizeof(*ctx));
! 526: }
! 527: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>