1 /*
2 * FIPS 180-2 SHA-224/256/384/512 implementation
3 * Last update: 02/02/2007
4 * Issue date: 04/30/2005
5 *
6 * Copyright (C) 2005, 2007 Olivier Gay <olivier.gay@a3.epfl.ch>
7 * All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the project nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #include "lib.h"
35 #include "sha2.h"
36
37 #define SHFR(x, n) (x >> n)
38 #define ROTR(x, n) ((x >> n) | (x << ((sizeof(x) << 3) - n)))
39 #define ROTL(x, n) ((x << n) | (x >> ((sizeof(x) << 3) - n)))
40 #define CH(x, y, z) ((x & y) ^ (~x & z))
41 #define MAJ(x, y, z) ((x & y) ^ (x & z) ^ (y & z))
42
43 #define SHA256_F1(x) (ROTR(x, 2) ^ ROTR(x, 13) ^ ROTR(x, 22))
44 #define SHA256_F2(x) (ROTR(x, 6) ^ ROTR(x, 11) ^ ROTR(x, 25))
45 #define SHA256_F3(x) (ROTR(x, 7) ^ ROTR(x, 18) ^ SHFR(x, 3))
46 #define SHA256_F4(x) (ROTR(x, 17) ^ ROTR(x, 19) ^ SHFR(x, 10))
47
48 #define SHA384_F1(x) (ROTR(x, 28) ^ ROTR(x, 34) ^ ROTR(x, 39))
49 #define SHA384_F2(x) (ROTR(x, 14) ^ ROTR(x, 18) ^ ROTR(x, 41))
50 #define SHA384_F3(x) (ROTR(x, 1) ^ ROTR(x, 8) ^ SHFR(x, 7))
51 #define SHA384_F4(x) (ROTR(x, 19) ^ ROTR(x, 61) ^ SHFR(x, 6))
52
53 #define SHA512_F1(x) (ROTR(x, 28) ^ ROTR(x, 34) ^ ROTR(x, 39))
54 #define SHA512_F2(x) (ROTR(x, 14) ^ ROTR(x, 18) ^ ROTR(x, 41))
55 #define SHA512_F3(x) (ROTR(x, 1) ^ ROTR(x, 8) ^ SHFR(x, 7))
56 #define SHA512_F4(x) (ROTR(x, 19) ^ ROTR(x, 61) ^ SHFR(x, 6))
57
58 #define UNPACK32(x, str) \
59 { \
60 *((str) + 3) = (uint8_t) ((x) ); \
61 *((str) + 2) = (uint8_t) ((x) >> 8); \
62 *((str) + 1) = (uint8_t) ((x) >> 16); \
63 *((str) + 0) = (uint8_t) ((x) >> 24); \
64 }
65
66 #define PACK32(str, x) \
67 { \
68 *(x) = ((uint32_t) *((str) + 3) ) \
69 | ((uint32_t) *((str) + 2) << 8) \
70 | ((uint32_t) *((str) + 1) << 16) \
71 | ((uint32_t) *((str) + 0) << 24); \
72 }
73
74 #define UNPACK64(x, str) \
75 { \
76 *((str) + 7) = (uint8_t) ((x) ); \
77 *((str) + 6) = (uint8_t) ((x) >> 8); \
78 *((str) + 5) = (uint8_t) ((x) >> 16); \
79 *((str) + 4) = (uint8_t) ((x) >> 24); \
80 *((str) + 3) = (uint8_t) ((x) >> 32); \
81 *((str) + 2) = (uint8_t) ((x) >> 40); \
82 *((str) + 1) = (uint8_t) ((x) >> 48); \
83 *((str) + 0) = (uint8_t) ((x) >> 56); \
84 }
85
86 #define PACK64(str, x) \
87 { \
88 *(x) = ((uint64_t) *((str) + 7) ) \
89 | ((uint64_t) *((str) + 6) << 8) \
90 | ((uint64_t) *((str) + 5) << 16) \
91 | ((uint64_t) *((str) + 4) << 24) \
92 | ((uint64_t) *((str) + 3) << 32) \
93 | ((uint64_t) *((str) + 2) << 40) \
94 | ((uint64_t) *((str) + 1) << 48) \
95 | ((uint64_t) *((str) + 0) << 56); \
96 }
97
98 #define SHA256_SCR(i) \
99 { \
100 w[i] = SHA256_F4(w[i - 2]) + w[i - 7] \
101 + SHA256_F3(w[i - 15]) + w[i - 16]; \
102 }
103
104 #define SHA384_SCR(i) \
105 { \
106 w[i] = SHA512_F4(w[i - 2]) + w[i - 7] \
107 + SHA512_F3(w[i - 15]) + w[i - 16]; \
108 }
109
110 #define SHA512_SCR(i) \
111 { \
112 w[i] = SHA512_F4(w[i - 2]) + w[i - 7] \
113 + SHA512_F3(w[i - 15]) + w[i - 16]; \
114 }
115
116 static const uint32_t sha256_h0[8] =
117 {0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a,
118 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19};
119
120 static const uint64_t sha384_h0[8] =
121 {0xcbbb9d5dc1059ed8ULL, 0x629a292a367cd507ULL,
122 0x9159015a3070dd17ULL, 0x152fecd8f70e5939ULL,
123 0x67332667ffc00b31ULL, 0x8eb44a8768581511ULL,
124 0xdb0c2e0d64f98fa7ULL, 0x47b5481dbefa4fa4ULL};
125
126 static const uint64_t sha512_h0[8] =
127 {0x6a09e667f3bcc908ULL, 0xbb67ae8584caa73bULL,
128 0x3c6ef372fe94f82bULL, 0xa54ff53a5f1d36f1ULL,
129 0x510e527fade682d1ULL, 0x9b05688c2b3e6c1fULL,
130 0x1f83d9abfb41bd6bULL, 0x5be0cd19137e2179ULL};
131
132 static const uint32_t sha256_k[64] =
133 {0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5,
134 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
135 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,
136 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
137 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc,
138 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
139 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7,
140 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
141 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13,
142 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
143 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3,
144 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
145 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5,
146 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
147 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208,
148 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2};
149
150 static const uint64_t sha512_k[80] =
151 {0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL,
152 0xb5c0fbcfec4d3b2fULL, 0xe9b5dba58189dbbcULL,
153 0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL,
154 0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL,
155 0xd807aa98a3030242ULL, 0x12835b0145706fbeULL,
156 0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL,
157 0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL,
158 0x9bdc06a725c71235ULL, 0xc19bf174cf692694ULL,
159 0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL,
160 0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL,
161 0x2de92c6f592b0275ULL, 0x4a7484aa6ea6e483ULL,
162 0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL,
163 0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL,
164 0xb00327c898fb213fULL, 0xbf597fc7beef0ee4ULL,
165 0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL,
166 0x06ca6351e003826fULL, 0x142929670a0e6e70ULL,
167 0x27b70a8546d22ffcULL, 0x2e1b21385c26c926ULL,
168 0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL,
169 0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL,
170 0x81c2c92e47edaee6ULL, 0x92722c851482353bULL,
171 0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL,
172 0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL,
173 0xd192e819d6ef5218ULL, 0xd69906245565a910ULL,
174 0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL,
175 0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL,
176 0x2748774cdf8eeb99ULL, 0x34b0bcb5e19b48a8ULL,
177 0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL,
178 0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL,
179 0x748f82ee5defb2fcULL, 0x78a5636f43172f60ULL,
180 0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL,
181 0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL,
182 0xbef9a3f7b2c67915ULL, 0xc67178f2e372532bULL,
183 0xca273eceea26619cULL, 0xd186b8c721c0c207ULL,
184 0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL,
185 0x06f067aa72176fbaULL, 0x0a637dc5a2c898a6ULL,
186 0x113f9804bef90daeULL, 0x1b710b35131c471bULL,
187 0x28db77f523047d84ULL, 0x32caab7b40c72493ULL,
188 0x3c9ebe0a15c9bebcULL, 0x431d67c49c100d4cULL,
189 0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL,
190 0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL};
191
192
193 /* SHA-256 functions */
194
195 static void ATTR_UNSIGNED_WRAPS
sha256_transf(struct sha256_ctx * ctx,const unsigned char * data,size_t block_nb)196 sha256_transf(struct sha256_ctx *ctx, const unsigned char *data,
197 size_t block_nb)
198 {
199 uint32_t w[64];
200 uint32_t wv[8];
201 uint32_t t1, t2;
202 const unsigned char *sub_block;
203 int i,j;
204
205
206 for (i = 0; i < (int) block_nb; i++) {
207 sub_block = data + (i << 6);
208
209 for (j = 0; j < 16; j++) {
210 PACK32(&sub_block[j << 2], &w[j]);
211 }
212
213 for (j = 16; j < 64; j++) {
214 SHA256_SCR(j);
215 }
216
217 for (j = 0; j < 8; j++) {
218 wv[j] = ctx->h[j];
219 }
220
221 for (j = 0; j < 64; j++) {
222 t1 = wv[7] + SHA256_F2(wv[4]) + CH(wv[4], wv[5], wv[6])
223 + sha256_k[j] + w[j];
224 t2 = SHA256_F1(wv[0]) + MAJ(wv[0], wv[1], wv[2]);
225 wv[7] = wv[6];
226 wv[6] = wv[5];
227 wv[5] = wv[4];
228 wv[4] = wv[3] + t1;
229 wv[3] = wv[2];
230 wv[2] = wv[1];
231 wv[1] = wv[0];
232 wv[0] = t1 + t2;
233 }
234
235 for (j = 0; j < 8; j++) {
236 ctx->h[j] += wv[j];
237 }
238 }
239 }
240
sha256_init(struct sha256_ctx * ctx)241 void sha256_init(struct sha256_ctx *ctx)
242 {
243 int i;
244
245 for (i = 0; i < 8; i++) {
246 ctx->h[i] = sha256_h0[i];
247 }
248
249 ctx->len = 0;
250 ctx->tot_len = 0;
251 }
252
sha256_loop(struct sha256_ctx * ctx,const void * data,size_t len)253 void sha256_loop(struct sha256_ctx *ctx, const void *data,
254 size_t len)
255 {
256 const unsigned char *shifted_message;
257 size_t block_nb;
258 size_t new_len, rem_len, tmp_len;
259
260 tmp_len = SHA256_BLOCK_SIZE - ctx->len;
261 rem_len = len < tmp_len ? len : tmp_len;
262
263 memcpy(&ctx->block[ctx->len], data, rem_len);
264
265 if (ctx->len + len < SHA256_BLOCK_SIZE) {
266 ctx->len += len;
267 return;
268 }
269
270 new_len = len - rem_len;
271 block_nb = new_len / SHA256_BLOCK_SIZE;
272
273 shifted_message = CONST_PTR_OFFSET(data, rem_len);
274
275 sha256_transf(ctx, ctx->block, 1);
276 sha256_transf(ctx, shifted_message, block_nb);
277
278 rem_len = new_len % SHA256_BLOCK_SIZE;
279 memcpy(ctx->block, &shifted_message[block_nb << 6], rem_len);
280
281 ctx->len = rem_len;
282 ctx->tot_len += (block_nb + 1) << 6;
283 }
284
sha256_result(struct sha256_ctx * ctx,unsigned char digest[STATIC_ARRAY SHA256_RESULTLEN])285 void sha256_result(struct sha256_ctx *ctx,
286 unsigned char digest[STATIC_ARRAY SHA256_RESULTLEN])
287 {
288 size_t block_nb;
289 size_t pm_len;
290 size_t len_b;
291 int i;
292
293 block_nb = (1 + ((SHA256_BLOCK_SIZE - 9)
294 < (ctx->len % SHA256_BLOCK_SIZE)));
295
296 len_b = (ctx->tot_len + ctx->len) << 3;
297 pm_len = block_nb << 6;
298
299 memset(ctx->block + ctx->len, 0, pm_len - ctx->len);
300 ctx->block[ctx->len] = 0x80;
301 UNPACK32(len_b, ctx->block + pm_len - 4);
302
303 sha256_transf(ctx, ctx->block, block_nb);
304
305 for (i = 0 ; i < 8; i++) {
306 UNPACK32(ctx->h[i], &digest[i << 2]);
307 }
308 }
309
sha256_get_digest(const void * data,size_t size,unsigned char digest[STATIC_ARRAY SHA256_RESULTLEN])310 void sha256_get_digest(const void *data, size_t size,
311 unsigned char digest[STATIC_ARRAY SHA256_RESULTLEN])
312 {
313 struct sha256_ctx ctx;
314
315 sha256_init(&ctx);
316 sha256_loop(&ctx, data, size);
317 sha256_result(&ctx, digest);
318 }
319
320 /* SHA-384 functions */
321
322 static void ATTR_UNSIGNED_WRAPS
sha384_transf(struct sha384_ctx * ctx,const unsigned char * data,size_t block_nb)323 sha384_transf(struct sha384_ctx *ctx, const unsigned char *data,
324 size_t block_nb)
325 {
326 uint64_t w[80];
327 uint64_t wv[8];
328 uint64_t t1, t2;
329 const unsigned char *sub_block;
330 int i, j;
331
332 for (i = 0; i < (int) block_nb; i++) {
333 sub_block = data + (i << 7);
334
335 for (j = 0; j < 16; j++) {
336 PACK64(&sub_block[j << 3], &w[j]);
337 }
338
339 for (j = 16; j < 80; j++) {
340 SHA384_SCR(j);
341 }
342
343 for (j = 0; j < 8; j++) {
344 wv[j] = ctx->h[j];
345 }
346
347 for (j = 0; j < 80; j++) {
348 /* sha384_k is same as sha512_k */
349 t1 = wv[7] + SHA384_F2(wv[4]) + CH(wv[4], wv[5], wv[6])
350 + sha512_k[j] + w[j];
351 t2 = SHA384_F1(wv[0]) + MAJ(wv[0], wv[1], wv[2]);
352 wv[7] = wv[6];
353 wv[6] = wv[5];
354 wv[5] = wv[4];
355 wv[4] = wv[3] + t1;
356 wv[3] = wv[2];
357 wv[2] = wv[1];
358 wv[1] = wv[0];
359 wv[0] = t1 + t2;
360 }
361
362 for (j = 0; j < 8; j++) {
363 ctx->h[j] += wv[j];
364 }
365 }
366 }
367
sha384_init(struct sha384_ctx * ctx)368 void sha384_init(struct sha384_ctx *ctx)
369 {
370 int i;
371
372 for (i = 0; i < 8; i++) {
373 ctx->h[i] = sha384_h0[i];
374 }
375
376 ctx->len = 0;
377 ctx->tot_len = 0;
378 }
379
sha384_loop(struct sha384_ctx * ctx,const void * data,size_t len)380 void sha384_loop(struct sha384_ctx *ctx, const void *data,
381 size_t len)
382 {
383 const unsigned char *shifted_message;
384 size_t block_nb;
385 size_t new_len, rem_len, tmp_len;
386
387 tmp_len = SHA384_BLOCK_SIZE - ctx->len;
388 rem_len = len < tmp_len ? len : tmp_len;
389
390 memcpy(&ctx->block[ctx->len], data, rem_len);
391
392 if (ctx->len + len < SHA384_BLOCK_SIZE) {
393 ctx->len += len;
394 return;
395 }
396
397 new_len = len - rem_len;
398 block_nb = new_len / SHA384_BLOCK_SIZE;
399
400 shifted_message = CONST_PTR_OFFSET(data, rem_len);
401
402 sha384_transf(ctx, ctx->block, 1);
403 sha384_transf(ctx, shifted_message, block_nb);
404
405 rem_len = new_len % SHA384_BLOCK_SIZE;
406 memcpy(ctx->block, &shifted_message[block_nb << 7], rem_len);
407
408 ctx->len = rem_len;
409 ctx->tot_len += (block_nb + 1) << 7;
410 }
411
sha384_result(struct sha384_ctx * ctx,unsigned char digest[STATIC_ARRAY SHA384_RESULTLEN])412 void sha384_result(struct sha384_ctx *ctx,
413 unsigned char digest[STATIC_ARRAY SHA384_RESULTLEN])
414 {
415 unsigned int block_nb;
416 unsigned int pm_len;
417 size_t len_b;
418 int i;
419
420 block_nb = 1 + ((SHA384_BLOCK_SIZE - 17)
421 < (ctx->len % SHA384_BLOCK_SIZE));
422
423 len_b = (ctx->tot_len + ctx->len) << 3;
424 pm_len = block_nb << 7;
425
426 memset(ctx->block + ctx->len, 0, pm_len - ctx->len);
427 ctx->block[ctx->len] = 0x80;
428 UNPACK32(len_b, ctx->block + pm_len - 4);
429
430 sha384_transf(ctx, ctx->block, block_nb);
431
432 for (i = 0 ; i < 6; i++) {
433 UNPACK64(ctx->h[i], &digest[i << 3]);
434 }
435 }
436
sha384_get_digest(const void * data,size_t size,unsigned char digest[STATIC_ARRAY SHA384_RESULTLEN])437 void sha384_get_digest(const void *data, size_t size,
438 unsigned char digest[STATIC_ARRAY SHA384_RESULTLEN])
439 {
440 struct sha384_ctx ctx;
441
442 sha384_init(&ctx);
443 sha384_loop(&ctx, data, size);
444 sha384_result(&ctx, digest);
445 }
446
447
448 /* SHA-512 functions */
449
450 static void ATTR_UNSIGNED_WRAPS
sha512_transf(struct sha512_ctx * ctx,const unsigned char * data,size_t block_nb)451 sha512_transf(struct sha512_ctx *ctx, const unsigned char *data,
452 size_t block_nb)
453 {
454 uint64_t w[80];
455 uint64_t wv[8];
456 uint64_t t1, t2;
457 const unsigned char *sub_block;
458 int i, j;
459
460 for (i = 0; i < (int) block_nb; i++) {
461 sub_block = data + (i << 7);
462
463 for (j = 0; j < 16; j++) {
464 PACK64(&sub_block[j << 3], &w[j]);
465 }
466
467 for (j = 16; j < 80; j++) {
468 SHA512_SCR(j);
469 }
470
471 for (j = 0; j < 8; j++) {
472 wv[j] = ctx->h[j];
473 }
474
475 for (j = 0; j < 80; j++) {
476 t1 = wv[7] + SHA512_F2(wv[4]) + CH(wv[4], wv[5], wv[6])
477 + sha512_k[j] + w[j];
478 t2 = SHA512_F1(wv[0]) + MAJ(wv[0], wv[1], wv[2]);
479 wv[7] = wv[6];
480 wv[6] = wv[5];
481 wv[5] = wv[4];
482 wv[4] = wv[3] + t1;
483 wv[3] = wv[2];
484 wv[2] = wv[1];
485 wv[1] = wv[0];
486 wv[0] = t1 + t2;
487 }
488
489 for (j = 0; j < 8; j++) {
490 ctx->h[j] += wv[j];
491 }
492 }
493 }
494
sha512_init(struct sha512_ctx * ctx)495 void sha512_init(struct sha512_ctx *ctx)
496 {
497 int i;
498
499 for (i = 0; i < 8; i++) {
500 ctx->h[i] = sha512_h0[i];
501 }
502
503 ctx->len = 0;
504 ctx->tot_len = 0;
505 }
506
sha512_loop(struct sha512_ctx * ctx,const void * data,size_t len)507 void sha512_loop(struct sha512_ctx *ctx, const void *data,
508 size_t len)
509 {
510 const unsigned char *shifted_message;
511 size_t block_nb;
512 size_t new_len, rem_len, tmp_len;
513
514 tmp_len = SHA512_BLOCK_SIZE - ctx->len;
515 rem_len = len < tmp_len ? len : tmp_len;
516
517 memcpy(&ctx->block[ctx->len], data, rem_len);
518
519 if (ctx->len + len < SHA512_BLOCK_SIZE) {
520 ctx->len += len;
521 return;
522 }
523
524 new_len = len - rem_len;
525 block_nb = new_len / SHA512_BLOCK_SIZE;
526
527 shifted_message = CONST_PTR_OFFSET(data, rem_len);
528
529 sha512_transf(ctx, ctx->block, 1);
530 sha512_transf(ctx, shifted_message, block_nb);
531
532 rem_len = new_len % SHA512_BLOCK_SIZE;
533 memcpy(ctx->block, &shifted_message[block_nb << 7], rem_len);
534
535 ctx->len = rem_len;
536 ctx->tot_len += (block_nb + 1) << 7;
537 }
538
sha512_result(struct sha512_ctx * ctx,unsigned char digest[STATIC_ARRAY SHA512_RESULTLEN])539 void sha512_result(struct sha512_ctx *ctx,
540 unsigned char digest[STATIC_ARRAY SHA512_RESULTLEN])
541 {
542 unsigned int block_nb;
543 unsigned int pm_len;
544 size_t len_b;
545 int i;
546
547 block_nb = 1 + ((SHA512_BLOCK_SIZE - 17)
548 < (ctx->len % SHA512_BLOCK_SIZE));
549
550 len_b = (ctx->tot_len + ctx->len) << 3;
551 pm_len = block_nb << 7;
552
553 memset(ctx->block + ctx->len, 0, pm_len - ctx->len);
554 ctx->block[ctx->len] = 0x80;
555 UNPACK32(len_b, ctx->block + pm_len - 4);
556
557 sha512_transf(ctx, ctx->block, block_nb);
558
559 for (i = 0 ; i < 8; i++) {
560 UNPACK64(ctx->h[i], &digest[i << 3]);
561 }
562 }
563
sha512_get_digest(const void * data,size_t size,unsigned char digest[STATIC_ARRAY SHA512_RESULTLEN])564 void sha512_get_digest(const void *data, size_t size,
565 unsigned char digest[STATIC_ARRAY SHA512_RESULTLEN])
566 {
567 struct sha512_ctx ctx;
568
569 sha512_init(&ctx);
570 sha512_loop(&ctx, data, size);
571 sha512_result(&ctx, digest);
572 }
573
hash_method_init_sha256(void * context)574 static void hash_method_init_sha256(void *context)
575 {
576 sha256_init(context);
577 }
hash_method_loop_sha256(void * context,const void * data,size_t size)578 static void hash_method_loop_sha256(void *context, const void *data, size_t size)
579 {
580 sha256_loop(context, data, size);
581 }
582
hash_method_result_sha256(void * context,unsigned char * result_r)583 static void hash_method_result_sha256(void *context, unsigned char *result_r)
584 {
585 sha256_result(context, result_r);
586 }
587
588 const struct hash_method hash_method_sha256 = {
589 .name = "sha256",
590 .block_size = SHA256_BLOCK_SIZE,
591 .context_size = sizeof(struct sha256_ctx),
592 .digest_size = SHA256_RESULTLEN,
593
594 .init = hash_method_init_sha256,
595 .loop = hash_method_loop_sha256,
596 .result = hash_method_result_sha256,
597 };
598
hash_method_init_sha384(void * context)599 static void hash_method_init_sha384(void *context)
600 {
601 sha384_init(context);
602 }
hash_method_loop_sha384(void * context,const void * data,size_t size)603 static void hash_method_loop_sha384(void *context, const void *data, size_t size)
604 {
605 sha384_loop(context, data, size);
606 }
607
hash_method_result_sha384(void * context,unsigned char * result_r)608 static void hash_method_result_sha384(void *context, unsigned char *result_r)
609 {
610 sha384_result(context, result_r);
611 }
612
613 const struct hash_method hash_method_sha384 = {
614 .name = "sha384",
615 .block_size = SHA384_BLOCK_SIZE,
616 .context_size = sizeof(struct sha384_ctx),
617 .digest_size = SHA384_RESULTLEN,
618
619 .init = hash_method_init_sha384,
620 .loop = hash_method_loop_sha384,
621 .result = hash_method_result_sha384,
622 };
623
hash_method_init_sha512(void * context)624 static void hash_method_init_sha512(void *context)
625 {
626 sha512_init(context);
627 }
hash_method_loop_sha512(void * context,const void * data,size_t size)628 static void hash_method_loop_sha512(void *context, const void *data, size_t size)
629 {
630 sha512_loop(context, data, size);
631 }
632
hash_method_result_sha512(void * context,unsigned char * result_r)633 static void hash_method_result_sha512(void *context, unsigned char *result_r)
634 {
635 sha512_result(context, result_r);
636 }
637
638 const struct hash_method hash_method_sha512 = {
639 .name = "sha512",
640 .block_size = SHA512_BLOCK_SIZE,
641 .context_size = sizeof(struct sha512_ctx),
642 .digest_size = SHA512_RESULTLEN,
643
644 .init = hash_method_init_sha512,
645 .loop = hash_method_loop_sha512,
646 .result = hash_method_result_sha512,
647 };
648