/src/qtbase/src/3rdparty/rfc6234/sha384-512.c
Line | Count | Source (jump to first uncovered line) |
1 | | /************************* sha384-512.c ************************/ |
2 | | /***************** See RFC 6234 for details. *******************/ |
3 | | /* Copyright (c) 2011 IETF Trust and the persons identified as */ |
4 | | /* authors of the code. All rights reserved. */ |
5 | | /* See sha.h for terms of use and redistribution. */ |
6 | | |
7 | | /* |
8 | | * Description: |
9 | | * This file implements the Secure Hash Algorithms SHA-384 and |
10 | | * SHA-512 as defined in the U.S. National Institute of Standards |
11 | | * and Technology Federal Information Processing Standards |
12 | | * Publication (FIPS PUB) 180-3 published in October 2008 |
13 | | * and formerly defined in its predecessors, FIPS PUB 180-1 |
14 | | * and FIP PUB 180-2. |
15 | | * |
16 | | * A combined document showing all algorithms is available at |
17 | | * http://csrc.nist.gov/publications/fips/ |
18 | | * fips180-3/fips180-3_final.pdf |
19 | | * |
20 | | * The SHA-384 and SHA-512 algorithms produce 384-bit and 512-bit |
21 | | * message digests for a given data stream. It should take about |
22 | | * 2**n steps to find a message with the same digest as a given |
23 | | * message and 2**(n/2) to find any two messages with the same |
24 | | * digest, when n is the digest size in bits. Therefore, this |
25 | | * algorithm can serve as a means of providing a |
26 | | * "fingerprint" for a message. |
27 | | * |
28 | | * Portability Issues: |
29 | | * SHA-384 and SHA-512 are defined in terms of 64-bit "words", |
30 | | * but if USE_32BIT_ONLY is #defined, this code is implemented in |
31 | | * terms of 32-bit "words". This code uses <stdint.h> (included |
32 | | * via "sha.h") to define the 64-, 32- and 8-bit unsigned integer |
33 | | * types. If your C compiler does not support 64-bit unsigned |
34 | | * integers and you do not #define USE_32BIT_ONLY, this code is |
35 | | * not appropriate. |
36 | | * |
37 | | * Caveats: |
38 | | * SHA-384 and SHA-512 are designed to work with messages less |
39 | | * than 2^128 bits long. This implementation uses SHA384/512Input() |
40 | | * to hash the bits that are a multiple of the size of an 8-bit |
41 | | * octet, and then optionally uses SHA384/256FinalBits() |
42 | | * to hash the final few bits of the input. |
43 | | * |
44 | | */ |
45 | | |
46 | | #include "sha.h" |
47 | | |
48 | | #ifdef USE_32BIT_ONLY |
49 | | /* |
50 | | * Define 64-bit arithmetic in terms of 32-bit arithmetic. |
51 | | * Each 64-bit number is represented in a 2-word array. |
52 | | * All macros are defined such that the result is the last parameter. |
53 | | */ |
54 | | |
55 | | /* |
56 | | * Define shift, rotate left, and rotate right functions |
57 | | */ |
58 | | #define SHA512_SHR(bits, word, ret) ( \ |
59 | | /* (((uint64_t)((word))) >> (bits)) */ \ |
60 | | (ret)[0] = (((bits) < 32) && ((bits) >= 0)) ? \ |
61 | | ((word)[0] >> (bits)) : 0, \ |
62 | | (ret)[1] = ((bits) > 32) ? ((word)[0] >> ((bits) - 32)) : \ |
63 | | ((bits) == 32) ? (word)[0] : \ |
64 | | ((bits) >= 0) ? \ |
65 | | (((word)[0] << (32 - (bits))) | \ |
66 | | ((word)[1] >> (bits))) : 0 ) |
67 | | |
68 | | #define SHA512_SHL(bits, word, ret) ( \ |
69 | | /* (((uint64_t)(word)) << (bits)) */ \ |
70 | | (ret)[0] = ((bits) > 32) ? ((word)[1] << ((bits) - 32)) : \ |
71 | | ((bits) == 32) ? (word)[1] : \ |
72 | | ((bits) >= 0) ? \ |
73 | | (((word)[0] << (bits)) | \ |
74 | | ((word)[1] >> (32 - (bits)))) : \ |
75 | | 0, \ |
76 | | (ret)[1] = (((bits) < 32) && ((bits) >= 0)) ? \ |
77 | | ((word)[1] << (bits)) : 0 ) |
78 | | |
79 | | /* |
80 | | * Define 64-bit OR |
81 | | */ |
82 | | #define SHA512_OR(word1, word2, ret) ( \ |
83 | | (ret)[0] = (word1)[0] | (word2)[0], \ |
84 | | (ret)[1] = (word1)[1] | (word2)[1] ) |
85 | | |
86 | | /* |
87 | | * Define 64-bit XOR |
88 | | */ |
89 | | #define SHA512_XOR(word1, word2, ret) ( \ |
90 | | (ret)[0] = (word1)[0] ^ (word2)[0], \ |
91 | | (ret)[1] = (word1)[1] ^ (word2)[1] ) |
92 | | |
93 | | /* |
94 | | * Define 64-bit AND |
95 | | */ |
96 | | #define SHA512_AND(word1, word2, ret) ( \ |
97 | | (ret)[0] = (word1)[0] & (word2)[0], \ |
98 | | (ret)[1] = (word1)[1] & (word2)[1] ) |
99 | | |
100 | | /* |
101 | | * Define 64-bit TILDA |
102 | | */ |
103 | | #define SHA512_TILDA(word, ret) \ |
104 | | ( (ret)[0] = ~(word)[0], (ret)[1] = ~(word)[1] ) |
105 | | |
106 | | /* |
107 | | * Define 64-bit ADD |
108 | | */ |
109 | | #define SHA512_ADD(word1, word2, ret) ( \ |
110 | | (ret)[1] = (word1)[1], (ret)[1] += (word2)[1], \ |
111 | | (ret)[0] = (word1)[0] + (word2)[0] + ((ret)[1] < (word1)[1]) ) |
112 | | |
113 | | /* |
114 | | * Add the 4word value in word2 to word1. |
115 | | */ |
116 | | static uint32_t ADDTO4_temp, ADDTO4_temp2; |
117 | | #define SHA512_ADDTO4(word1, word2) ( \ |
118 | | ADDTO4_temp = (word1)[3], \ |
119 | | (word1)[3] += (word2)[3], \ |
120 | | ADDTO4_temp2 = (word1)[2], \ |
121 | | (word1)[2] += (word2)[2] + ((word1)[3] < ADDTO4_temp), \ |
122 | | ADDTO4_temp = (word1)[1], \ |
123 | | (word1)[1] += (word2)[1] + ((word1)[2] < ADDTO4_temp2), \ |
124 | | (word1)[0] += (word2)[0] + ((word1)[1] < ADDTO4_temp) ) |
125 | | |
126 | | /* |
127 | | * Add the 2word value in word2 to word1. |
128 | | */ |
129 | | static uint32_t ADDTO2_temp; |
130 | | #define SHA512_ADDTO2(word1, word2) ( \ |
131 | | ADDTO2_temp = (word1)[1], \ |
132 | | (word1)[1] += (word2)[1], \ |
133 | | (word1)[0] += (word2)[0] + ((word1)[1] < ADDTO2_temp) ) |
134 | | |
135 | | /* |
136 | | * SHA rotate ((word >> bits) | (word << (64-bits))) |
137 | | */ |
138 | | static uint32_t ROTR_temp1[2], ROTR_temp2[2]; |
139 | | #define SHA512_ROTR(bits, word, ret) ( \ |
140 | | SHA512_SHR((bits), (word), ROTR_temp1), \ |
141 | | SHA512_SHL(64-(bits), (word), ROTR_temp2), \ |
142 | | SHA512_OR(ROTR_temp1, ROTR_temp2, (ret)) ) |
143 | | |
144 | | /* |
145 | | * Define the SHA SIGMA and sigma macros |
146 | | * |
147 | | * SHA512_ROTR(28,word) ^ SHA512_ROTR(34,word) ^ SHA512_ROTR(39,word) |
148 | | */ |
149 | | static uint32_t SIGMA0_temp1[2], SIGMA0_temp2[2], |
150 | | SIGMA0_temp3[2], SIGMA0_temp4[2]; |
151 | | #define SHA512_SIGMA0(word, ret) ( \ |
152 | | SHA512_ROTR(28, (word), SIGMA0_temp1), \ |
153 | | SHA512_ROTR(34, (word), SIGMA0_temp2), \ |
154 | | SHA512_ROTR(39, (word), SIGMA0_temp3), \ |
155 | | SHA512_XOR(SIGMA0_temp2, SIGMA0_temp3, SIGMA0_temp4), \ |
156 | | SHA512_XOR(SIGMA0_temp1, SIGMA0_temp4, (ret)) ) |
157 | | |
158 | | /* |
159 | | * SHA512_ROTR(14,word) ^ SHA512_ROTR(18,word) ^ SHA512_ROTR(41,word) |
160 | | */ |
161 | | static uint32_t SIGMA1_temp1[2], SIGMA1_temp2[2], |
162 | | SIGMA1_temp3[2], SIGMA1_temp4[2]; |
163 | | #define SHA512_SIGMA1(word, ret) ( \ |
164 | | SHA512_ROTR(14, (word), SIGMA1_temp1), \ |
165 | | SHA512_ROTR(18, (word), SIGMA1_temp2), \ |
166 | | SHA512_ROTR(41, (word), SIGMA1_temp3), \ |
167 | | SHA512_XOR(SIGMA1_temp2, SIGMA1_temp3, SIGMA1_temp4), \ |
168 | | SHA512_XOR(SIGMA1_temp1, SIGMA1_temp4, (ret)) ) |
169 | | |
170 | | /* |
171 | | * (SHA512_ROTR( 1,word) ^ SHA512_ROTR( 8,word) ^ SHA512_SHR( 7,word)) |
172 | | */ |
173 | | static uint32_t sigma0_temp1[2], sigma0_temp2[2], |
174 | | sigma0_temp3[2], sigma0_temp4[2]; |
175 | | #define SHA512_sigma0(word, ret) ( \ |
176 | | SHA512_ROTR( 1, (word), sigma0_temp1), \ |
177 | | SHA512_ROTR( 8, (word), sigma0_temp2), \ |
178 | | SHA512_SHR( 7, (word), sigma0_temp3), \ |
179 | | SHA512_XOR(sigma0_temp2, sigma0_temp3, sigma0_temp4), \ |
180 | | SHA512_XOR(sigma0_temp1, sigma0_temp4, (ret)) ) |
181 | | |
182 | | /* |
183 | | * (SHA512_ROTR(19,word) ^ SHA512_ROTR(61,word) ^ SHA512_SHR( 6,word)) |
184 | | */ |
185 | | static uint32_t sigma1_temp1[2], sigma1_temp2[2], |
186 | | sigma1_temp3[2], sigma1_temp4[2]; |
187 | | #define SHA512_sigma1(word, ret) ( \ |
188 | | SHA512_ROTR(19, (word), sigma1_temp1), \ |
189 | | SHA512_ROTR(61, (word), sigma1_temp2), \ |
190 | | SHA512_SHR( 6, (word), sigma1_temp3), \ |
191 | | SHA512_XOR(sigma1_temp2, sigma1_temp3, sigma1_temp4), \ |
192 | | SHA512_XOR(sigma1_temp1, sigma1_temp4, (ret)) ) |
193 | | |
194 | | #ifndef USE_MODIFIED_MACROS |
195 | | /* |
196 | | * These definitions are the ones used in FIPS 180-3, section 4.1.3 |
197 | | * Ch(x,y,z) ((x & y) ^ (~x & z)) |
198 | | */ |
199 | | static uint32_t Ch_temp1[2], Ch_temp2[2], Ch_temp3[2]; |
200 | | #define SHA_Ch(x, y, z, ret) ( \ |
201 | | SHA512_AND(x, y, Ch_temp1), \ |
202 | | SHA512_TILDA(x, Ch_temp2), \ |
203 | | SHA512_AND(Ch_temp2, z, Ch_temp3), \ |
204 | | SHA512_XOR(Ch_temp1, Ch_temp3, (ret)) ) |
205 | | |
206 | | /* |
207 | | * Maj(x,y,z) (((x)&(y)) ^ ((x)&(z)) ^ ((y)&(z))) |
208 | | */ |
209 | | static uint32_t Maj_temp1[2], Maj_temp2[2], |
210 | | Maj_temp3[2], Maj_temp4[2]; |
211 | | #define SHA_Maj(x, y, z, ret) ( \ |
212 | | SHA512_AND(x, y, Maj_temp1), \ |
213 | | SHA512_AND(x, z, Maj_temp2), \ |
214 | | SHA512_AND(y, z, Maj_temp3), \ |
215 | | SHA512_XOR(Maj_temp2, Maj_temp3, Maj_temp4), \ |
216 | | SHA512_XOR(Maj_temp1, Maj_temp4, (ret)) ) |
217 | | #else /* !USE_MODIFIED_MACROS */ |
218 | | /* |
219 | | * These definitions are potentially faster equivalents for the ones |
220 | | * used in FIPS 180-3, section 4.1.3. |
221 | | * ((x & y) ^ (~x & z)) becomes |
222 | | * ((x & (y ^ z)) ^ z) |
223 | | */ |
224 | | #define SHA_Ch(x, y, z, ret) ( \ |
225 | | (ret)[0] = (((x)[0] & ((y)[0] ^ (z)[0])) ^ (z)[0]), \ |
226 | | (ret)[1] = (((x)[1] & ((y)[1] ^ (z)[1])) ^ (z)[1]) ) |
227 | | |
228 | | /* |
229 | | * ((x & y) ^ (x & z) ^ (y & z)) becomes |
230 | | * ((x & (y | z)) | (y & z)) |
231 | | */ |
232 | | #define SHA_Maj(x, y, z, ret) ( \ |
233 | | ret[0] = (((x)[0] & ((y)[0] | (z)[0])) | ((y)[0] & (z)[0])), \ |
234 | | ret[1] = (((x)[1] & ((y)[1] | (z)[1])) | ((y)[1] & (z)[1])) ) |
235 | | #endif /* USE_MODIFIED_MACROS */ |
236 | | |
237 | | /* |
238 | | * Add "length" to the length. |
239 | | * Set Corrupted when overflow has occurred. |
240 | | */ |
241 | | static uint32_t addTemp[4] = { 0, 0, 0, 0 }; |
242 | | #define SHA384_512AddLength(context, length) ( \ |
243 | | addTemp[3] = (length), SHA512_ADDTO4((context)->Length, addTemp), \ |
244 | | (context)->Corrupted = (((context)->Length[3] < (length)) && \ |
245 | | ((context)->Length[2] == 0) && ((context)->Length[1] == 0) && \ |
246 | | ((context)->Length[0] == 0)) ? shaInputTooLong : \ |
247 | | (context)->Corrupted ) |
248 | | |
249 | | /* Local Function Prototypes */ |
250 | | static int SHA384_512Reset(SHA512Context *context, |
251 | | uint32_t H0[SHA512HashSize/4]); |
252 | | static void SHA384_512ProcessMessageBlock(SHA512Context *context); |
253 | | static void SHA384_512Finalize(SHA512Context *context, |
254 | | uint8_t Pad_Byte); |
255 | | static void SHA384_512PadMessage(SHA512Context *context, |
256 | | uint8_t Pad_Byte); |
257 | | static int SHA384_512ResultN( SHA512Context *context, |
258 | | uint8_t Message_Digest[ ], int HashSize); |
259 | | |
260 | | /* Initial Hash Values: FIPS 180-3 sections 5.3.4 and 5.3.5 */ |
261 | | static uint32_t SHA384_H0[SHA512HashSize/4] = { |
262 | | 0xCBBB9D5D, 0xC1059ED8, 0x629A292A, 0x367CD507, 0x9159015A, |
263 | | 0x3070DD17, 0x152FECD8, 0xF70E5939, 0x67332667, 0xFFC00B31, |
264 | | 0x8EB44A87, 0x68581511, 0xDB0C2E0D, 0x64F98FA7, 0x47B5481D, |
265 | | 0xBEFA4FA4 |
266 | | }; |
267 | | static uint32_t SHA512_H0[SHA512HashSize/4] = { |
268 | | 0x6A09E667, 0xF3BCC908, 0xBB67AE85, 0x84CAA73B, 0x3C6EF372, |
269 | | 0xFE94F82B, 0xA54FF53A, 0x5F1D36F1, 0x510E527F, 0xADE682D1, |
270 | | 0x9B05688C, 0x2B3E6C1F, 0x1F83D9AB, 0xFB41BD6B, 0x5BE0CD19, |
271 | | 0x137E2179 |
272 | | }; |
273 | | |
274 | | #else /* !USE_32BIT_ONLY */ |
275 | | |
276 | | #include "sha-private.h" |
277 | | |
278 | | /* Define the SHA shift, rotate left and rotate right macros */ |
279 | 0 | #define SHA512_SHR(bits,word) (((uint64_t)(word)) >> (bits)) |
280 | 0 | #define SHA512_ROTR(bits,word) ((((uint64_t)(word)) >> (bits)) | \ |
281 | 0 | (((uint64_t)(word)) << (64-(bits)))) |
282 | | |
283 | | /* |
284 | | * Define the SHA SIGMA and sigma macros |
285 | | * |
286 | | * SHA512_ROTR(28,word) ^ SHA512_ROTR(34,word) ^ SHA512_ROTR(39,word) |
287 | | */ |
288 | | #define SHA512_SIGMA0(word) \ |
289 | 0 | (SHA512_ROTR(28,word) ^ SHA512_ROTR(34,word) ^ SHA512_ROTR(39,word)) |
290 | | #define SHA512_SIGMA1(word) \ |
291 | 0 | (SHA512_ROTR(14,word) ^ SHA512_ROTR(18,word) ^ SHA512_ROTR(41,word)) |
292 | | #define SHA512_sigma0(word) \ |
293 | 0 | (SHA512_ROTR( 1,word) ^ SHA512_ROTR( 8,word) ^ SHA512_SHR( 7,word)) |
294 | | #define SHA512_sigma1(word) \ |
295 | 0 | (SHA512_ROTR(19,word) ^ SHA512_ROTR(61,word) ^ SHA512_SHR( 6,word)) |
296 | | |
297 | | /* |
298 | | * Add "length" to the length. |
299 | | * Set Corrupted when overflow has occurred. |
300 | | */ |
301 | | /* addTemp commented out by Nokia, static variables are not thread-safe */ |
302 | | /* static uint64_t addTemp; */ |
303 | | /* 'M' appended to Macro name by Nokia */ |
304 | | #define SHA384_512AddLengthM(context, length) \ |
305 | 0 | (addTemp = context->Length_Low, context->Corrupted = \ |
306 | 0 | ((context->Length_Low += length) < addTemp) && \ |
307 | 0 | (++context->Length_High == 0) ? shaInputTooLong : \ |
308 | 0 | (context)->Corrupted) |
309 | | |
310 | | /* Local Function Prototypes */ |
311 | | static int SHA384_512Reset(SHA512Context *context, |
312 | | uint64_t H0[SHA512HashSize/8]); |
313 | | static void SHA384_512ProcessMessageBlock(SHA512Context *context); |
314 | | static void SHA384_512Finalize(SHA512Context *context, |
315 | | uint8_t Pad_Byte); |
316 | | static void SHA384_512PadMessage(SHA512Context *context, |
317 | | uint8_t Pad_Byte); |
318 | | static int SHA384_512ResultN(SHA512Context *context, |
319 | | uint8_t Message_Digest[ ], int HashSize); |
320 | | |
321 | | /* Initial Hash Values: FIPS 180-3 sections 5.3.4 and 5.3.5 */ |
322 | | static uint64_t SHA384_H0[ ] = { |
323 | | 0xCBBB9D5DC1059ED8ull, 0x629A292A367CD507ull, 0x9159015A3070DD17ull, |
324 | | 0x152FECD8F70E5939ull, 0x67332667FFC00B31ull, 0x8EB44A8768581511ull, |
325 | | 0xDB0C2E0D64F98FA7ull, 0x47B5481DBEFA4FA4ull |
326 | | }; |
327 | | static uint64_t SHA512_H0[ ] = { |
328 | | 0x6A09E667F3BCC908ull, 0xBB67AE8584CAA73Bull, 0x3C6EF372FE94F82Bull, |
329 | | 0xA54FF53A5F1D36F1ull, 0x510E527FADE682D1ull, 0x9B05688C2B3E6C1Full, |
330 | | 0x1F83D9ABFB41BD6Bull, 0x5BE0CD19137E2179ull |
331 | | }; |
332 | | |
333 | | #endif /* USE_32BIT_ONLY */ |
334 | | |
335 | | /* |
336 | | * SHA384Reset |
337 | | * |
338 | | * Description: |
339 | | * This function will initialize the SHA384Context in preparation |
340 | | * for computing a new SHA384 message digest. |
341 | | * |
342 | | * Parameters: |
343 | | * context: [in/out] |
344 | | * The context to reset. |
345 | | * |
346 | | * Returns: |
347 | | * sha Error Code. |
348 | | * |
349 | | */ |
350 | | int SHA384Reset(SHA384Context *context) |
351 | 0 | { |
352 | 0 | return SHA384_512Reset(context, SHA384_H0); |
353 | 0 | } |
354 | | |
355 | | /* |
356 | | * SHA384Input |
357 | | * |
358 | | * Description: |
359 | | * This function accepts an array of octets as the next portion |
360 | | * of the message. |
361 | | * |
362 | | * Parameters: |
363 | | * context: [in/out] |
364 | | * The SHA context to update. |
365 | | * message_array[ ]: [in] |
366 | | * An array of octets representing the next portion of |
367 | | * the message. |
368 | | * length: [in] |
369 | | * The length of the message in message_array. |
370 | | * |
371 | | * Returns: |
372 | | * sha Error Code. |
373 | | * |
374 | | */ |
375 | | int SHA384Input(SHA384Context *context, |
376 | | const uint8_t *message_array, unsigned int length) |
377 | 0 | { |
378 | 0 | return SHA512Input(context, message_array, length); |
379 | 0 | } |
380 | | |
381 | | /* |
382 | | * SHA384FinalBits |
383 | | * |
384 | | * Description: |
385 | | * This function will add in any final bits of the message. |
386 | | * |
387 | | * Parameters: |
388 | | * context: [in/out] |
389 | | * The SHA context to update. |
390 | | * message_bits: [in] |
391 | | * The final bits of the message, in the upper portion of the |
392 | | * byte. (Use 0b###00000 instead of 0b00000### to input the |
393 | | * three bits ###.) |
394 | | * length: [in] |
395 | | * The number of bits in message_bits, between 1 and 7. |
396 | | * |
397 | | * Returns: |
398 | | * sha Error Code. |
399 | | * |
400 | | */ |
401 | | int SHA384FinalBits(SHA384Context *context, |
402 | | uint8_t message_bits, unsigned int length) |
403 | 0 | { |
404 | 0 | return SHA512FinalBits(context, message_bits, length); |
405 | 0 | } |
406 | | |
407 | | /* |
408 | | * SHA384Result |
409 | | * |
410 | | * Description: |
411 | | * This function will return the 384-bit message digest |
412 | | * into the Message_Digest array provided by the caller. |
413 | | * NOTE: |
414 | | * The first octet of hash is stored in the element with index 0, |
415 | | * the last octet of hash in the element with index 47. |
416 | | * |
417 | | * Parameters: |
418 | | * context: [in/out] |
419 | | * The context to use to calculate the SHA hash. |
420 | | * Message_Digest[ ]: [out] |
421 | | * Where the digest is returned. |
422 | | * |
423 | | * Returns: |
424 | | * sha Error Code. |
425 | | * |
426 | | */ |
427 | | int SHA384Result(SHA384Context *context, |
428 | | uint8_t Message_Digest[SHA384HashSize]) |
429 | 0 | { |
430 | 0 | return SHA384_512ResultN(context, Message_Digest, SHA384HashSize); |
431 | 0 | } |
432 | | |
433 | | /* |
434 | | * SHA512Reset |
435 | | * |
436 | | * Description: |
437 | | * This function will initialize the SHA512Context in preparation |
438 | | * for computing a new SHA512 message digest. |
439 | | * |
440 | | * Parameters: |
441 | | * context: [in/out] |
442 | | * The context to reset. |
443 | | * |
444 | | * Returns: |
445 | | * sha Error Code. |
446 | | * |
447 | | */ |
448 | | int SHA512Reset(SHA512Context *context) |
449 | 0 | { |
450 | 0 | return SHA384_512Reset(context, SHA512_H0); |
451 | 0 | } |
452 | | |
453 | | /* |
454 | | * SHA512Input |
455 | | * |
456 | | * Description: |
457 | | * This function accepts an array of octets as the next portion |
458 | | * of the message. |
459 | | * |
460 | | * Parameters: |
461 | | * context: [in/out] |
462 | | * The SHA context to update. |
463 | | * message_array[ ]: [in] |
464 | | * An array of octets representing the next portion of |
465 | | * the message. |
466 | | * length: [in] |
467 | | * The length of the message in message_array. |
468 | | * |
469 | | * Returns: |
470 | | * sha Error Code. |
471 | | * |
472 | | */ |
473 | | int SHA512Input(SHA512Context *context, |
474 | | const uint8_t *message_array, |
475 | | unsigned int length) |
476 | 0 | { |
477 | 0 | if (!context) return shaNull; |
478 | 0 | if (!length) return shaSuccess; |
479 | 0 | if (!message_array) return shaNull; |
480 | 0 | if (context->Computed) return context->Corrupted = shaStateError; |
481 | 0 | if (context->Corrupted) return context->Corrupted; |
482 | | |
483 | 0 | while (length--) { |
484 | 0 | context->Message_Block[context->Message_Block_Index++] = |
485 | 0 | *message_array; |
486 | |
|
487 | 0 | if ((SHA384_512AddLength(context, 8) == shaSuccess) && |
488 | 0 | (context->Message_Block_Index == SHA512_Message_Block_Size)) |
489 | 0 | SHA384_512ProcessMessageBlock(context); |
490 | |
|
491 | 0 | message_array++; |
492 | 0 | } |
493 | |
|
494 | 0 | return context->Corrupted; |
495 | 0 | } |
496 | | |
497 | | /* |
498 | | * SHA512FinalBits |
499 | | * |
500 | | * Description: |
501 | | * This function will add in any final bits of the message. |
502 | | * |
503 | | * Parameters: |
504 | | * context: [in/out] |
505 | | * The SHA context to update. |
506 | | * message_bits: [in] |
507 | | * The final bits of the message, in the upper portion of the |
508 | | * byte. (Use 0b###00000 instead of 0b00000### to input the |
509 | | * three bits ###.) |
510 | | * length: [in] |
511 | | * The number of bits in message_bits, between 1 and 7. |
512 | | * |
513 | | * Returns: |
514 | | * sha Error Code. |
515 | | * |
516 | | */ |
517 | | int SHA512FinalBits(SHA512Context *context, |
518 | | uint8_t message_bits, unsigned int length) |
519 | 0 | { |
520 | 0 | static uint8_t masks[8] = { |
521 | 0 | /* 0 0b00000000 */ 0x00, /* 1 0b10000000 */ 0x80, |
522 | 0 | /* 2 0b11000000 */ 0xC0, /* 3 0b11100000 */ 0xE0, |
523 | 0 | /* 4 0b11110000 */ 0xF0, /* 5 0b11111000 */ 0xF8, |
524 | 0 | /* 6 0b11111100 */ 0xFC, /* 7 0b11111110 */ 0xFE |
525 | 0 | }; |
526 | 0 | static uint8_t markbit[8] = { |
527 | 0 | /* 0 0b10000000 */ 0x80, /* 1 0b01000000 */ 0x40, |
528 | 0 | /* 2 0b00100000 */ 0x20, /* 3 0b00010000 */ 0x10, |
529 | 0 | /* 4 0b00001000 */ 0x08, /* 5 0b00000100 */ 0x04, |
530 | 0 | /* 6 0b00000010 */ 0x02, /* 7 0b00000001 */ 0x01 |
531 | 0 | }; |
532 | |
|
533 | 0 | if (!context) return shaNull; |
534 | 0 | if (!length) return shaSuccess; |
535 | 0 | if (context->Corrupted) return context->Corrupted; |
536 | 0 | if (context->Computed) return context->Corrupted = shaStateError; |
537 | 0 | if (length >= 8) return context->Corrupted = shaBadParam; |
538 | | |
539 | 0 | SHA384_512AddLength(context, length); |
540 | 0 | SHA384_512Finalize(context, (uint8_t) |
541 | 0 | ((message_bits & masks[length]) | markbit[length])); |
542 | |
|
543 | 0 | return context->Corrupted; |
544 | 0 | } |
545 | | |
546 | | /* |
547 | | * SHA512Result |
548 | | * |
549 | | * Description: |
550 | | * This function will return the 512-bit message digest |
551 | | * into the Message_Digest array provided by the caller. |
552 | | * NOTE: |
553 | | * The first octet of hash is stored in the element with index 0, |
554 | | * the last octet of hash in the element with index 63. |
555 | | * |
556 | | * Parameters: |
557 | | * context: [in/out] |
558 | | * The context to use to calculate the SHA hash. |
559 | | * Message_Digest[ ]: [out] |
560 | | * Where the digest is returned. |
561 | | * |
562 | | * Returns: |
563 | | * sha Error Code. |
564 | | * |
565 | | */ |
566 | | int SHA512Result(SHA512Context *context, |
567 | | uint8_t Message_Digest[SHA512HashSize]) |
568 | 0 | { |
569 | 0 | return SHA384_512ResultN(context, Message_Digest, SHA512HashSize); |
570 | 0 | } |
571 | | |
572 | | /* |
573 | | * SHA384_512Reset |
574 | | * |
575 | | * Description: |
576 | | * This helper function will initialize the SHA512Context in |
577 | | * preparation for computing a new SHA384 or SHA512 message |
578 | | * digest. |
579 | | * |
580 | | * Parameters: |
581 | | * context: [in/out] |
582 | | * The context to reset. |
583 | | * H0[ ]: [in] |
584 | | * The initial hash value array to use. |
585 | | * |
586 | | * Returns: |
587 | | * sha Error Code. |
588 | | * |
589 | | */ |
590 | | #ifdef USE_32BIT_ONLY |
591 | | static int SHA384_512Reset(SHA512Context *context, |
592 | | uint32_t H0[SHA512HashSize/4]) |
593 | | #else /* !USE_32BIT_ONLY */ |
594 | | static int SHA384_512Reset(SHA512Context *context, |
595 | | uint64_t H0[SHA512HashSize/8]) |
596 | | #endif /* USE_32BIT_ONLY */ |
597 | 0 | { |
598 | 0 | int i; |
599 | 0 | if (!context) return shaNull; |
600 | | |
601 | 0 | context->Message_Block_Index = 0; |
602 | |
|
603 | | #ifdef USE_32BIT_ONLY |
604 | | context->Length[0] = context->Length[1] = |
605 | | context->Length[2] = context->Length[3] = 0; |
606 | | |
607 | | for (i = 0; i < SHA512HashSize/4; i++) |
608 | | context->Intermediate_Hash[i] = H0[i]; |
609 | | #else /* !USE_32BIT_ONLY */ |
610 | 0 | context->Length_High = context->Length_Low = 0; |
611 | |
|
612 | 0 | for (i = 0; i < SHA512HashSize/8; i++) |
613 | 0 | context->Intermediate_Hash[i] = H0[i]; |
614 | 0 | #endif /* USE_32BIT_ONLY */ |
615 | |
|
616 | 0 | context->Computed = 0; |
617 | 0 | context->Corrupted = shaSuccess; |
618 | |
|
619 | 0 | return shaSuccess; |
620 | 0 | } |
621 | | |
622 | | /* |
623 | | * SHA384_512ProcessMessageBlock |
624 | | * |
625 | | * Description: |
626 | | * This helper function will process the next 1024 bits of the |
627 | | * message stored in the Message_Block array. |
628 | | * |
629 | | * Parameters: |
630 | | * context: [in/out] |
631 | | * The SHA context to update. |
632 | | * |
633 | | * Returns: |
634 | | * Nothing. |
635 | | * |
636 | | * Comments: |
637 | | * Many of the variable names in this code, especially the |
638 | | * single character names, were used because those were the |
639 | | * names used in the Secure Hash Standard. |
640 | | * |
641 | | * |
642 | | */ |
643 | | static void SHA384_512ProcessMessageBlock(SHA512Context *context) |
644 | 0 | { |
645 | | #ifdef USE_32BIT_ONLY |
646 | | /* Constants defined in FIPS 180-3, section 4.2.3 */ |
647 | | static const uint32_t K[80*2] = { |
648 | | 0x428A2F98, 0xD728AE22, 0x71374491, 0x23EF65CD, 0xB5C0FBCF, |
649 | | 0xEC4D3B2F, 0xE9B5DBA5, 0x8189DBBC, 0x3956C25B, 0xF348B538, |
650 | | 0x59F111F1, 0xB605D019, 0x923F82A4, 0xAF194F9B, 0xAB1C5ED5, |
651 | | 0xDA6D8118, 0xD807AA98, 0xA3030242, 0x12835B01, 0x45706FBE, |
652 | | 0x243185BE, 0x4EE4B28C, 0x550C7DC3, 0xD5FFB4E2, 0x72BE5D74, |
653 | | 0xF27B896F, 0x80DEB1FE, 0x3B1696B1, 0x9BDC06A7, 0x25C71235, |
654 | | 0xC19BF174, 0xCF692694, 0xE49B69C1, 0x9EF14AD2, 0xEFBE4786, |
655 | | 0x384F25E3, 0x0FC19DC6, 0x8B8CD5B5, 0x240CA1CC, 0x77AC9C65, |
656 | | 0x2DE92C6F, 0x592B0275, 0x4A7484AA, 0x6EA6E483, 0x5CB0A9DC, |
657 | | 0xBD41FBD4, 0x76F988DA, 0x831153B5, 0x983E5152, 0xEE66DFAB, |
658 | | 0xA831C66D, 0x2DB43210, 0xB00327C8, 0x98FB213F, 0xBF597FC7, |
659 | | 0xBEEF0EE4, 0xC6E00BF3, 0x3DA88FC2, 0xD5A79147, 0x930AA725, |
660 | | 0x06CA6351, 0xE003826F, 0x14292967, 0x0A0E6E70, 0x27B70A85, |
661 | | 0x46D22FFC, 0x2E1B2138, 0x5C26C926, 0x4D2C6DFC, 0x5AC42AED, |
662 | | 0x53380D13, 0x9D95B3DF, 0x650A7354, 0x8BAF63DE, 0x766A0ABB, |
663 | | 0x3C77B2A8, 0x81C2C92E, 0x47EDAEE6, 0x92722C85, 0x1482353B, |
664 | | 0xA2BFE8A1, 0x4CF10364, 0xA81A664B, 0xBC423001, 0xC24B8B70, |
665 | | 0xD0F89791, 0xC76C51A3, 0x0654BE30, 0xD192E819, 0xD6EF5218, |
666 | | 0xD6990624, 0x5565A910, 0xF40E3585, 0x5771202A, 0x106AA070, |
667 | | 0x32BBD1B8, 0x19A4C116, 0xB8D2D0C8, 0x1E376C08, 0x5141AB53, |
668 | | 0x2748774C, 0xDF8EEB99, 0x34B0BCB5, 0xE19B48A8, 0x391C0CB3, |
669 | | 0xC5C95A63, 0x4ED8AA4A, 0xE3418ACB, 0x5B9CCA4F, 0x7763E373, |
670 | | 0x682E6FF3, 0xD6B2B8A3, 0x748F82EE, 0x5DEFB2FC, 0x78A5636F, |
671 | | 0x43172F60, 0x84C87814, 0xA1F0AB72, 0x8CC70208, 0x1A6439EC, |
672 | | 0x90BEFFFA, 0x23631E28, 0xA4506CEB, 0xDE82BDE9, 0xBEF9A3F7, |
673 | | 0xB2C67915, 0xC67178F2, 0xE372532B, 0xCA273ECE, 0xEA26619C, |
674 | | 0xD186B8C7, 0x21C0C207, 0xEADA7DD6, 0xCDE0EB1E, 0xF57D4F7F, |
675 | | 0xEE6ED178, 0x06F067AA, 0x72176FBA, 0x0A637DC5, 0xA2C898A6, |
676 | | 0x113F9804, 0xBEF90DAE, 0x1B710B35, 0x131C471B, 0x28DB77F5, |
677 | | 0x23047D84, 0x32CAAB7B, 0x40C72493, 0x3C9EBE0A, 0x15C9BEBC, |
678 | | 0x431D67C4, 0x9C100D4C, 0x4CC5D4BE, 0xCB3E42B6, 0x597F299C, |
679 | | 0xFC657E2A, 0x5FCB6FAB, 0x3AD6FAEC, 0x6C44198C, 0x4A475817 |
680 | | }; |
681 | | int t, t2, t8; /* Loop counter */ |
682 | | uint32_t temp1[2], temp2[2], /* Temporary word values */ |
683 | | temp3[2], temp4[2], temp5[2]; |
684 | | uint32_t W[2*80]; /* Word sequence */ |
685 | | uint32_t A[2], B[2], C[2], D[2], /* Word buffers */ |
686 | | E[2], F[2], G[2], H[2]; |
687 | | |
688 | | /* Initialize the first 16 words in the array W */ |
689 | | for (t = t2 = t8 = 0; t < 16; t++, t8 += 8) { |
690 | | W[t2++] = ((((uint32_t)context->Message_Block[t8 ])) << 24) | |
691 | | ((((uint32_t)context->Message_Block[t8 + 1])) << 16) | |
692 | | ((((uint32_t)context->Message_Block[t8 + 2])) << 8) | |
693 | | ((((uint32_t)context->Message_Block[t8 + 3]))); |
694 | | W[t2++] = ((((uint32_t)context->Message_Block[t8 + 4])) << 24) | |
695 | | ((((uint32_t)context->Message_Block[t8 + 5])) << 16) | |
696 | | ((((uint32_t)context->Message_Block[t8 + 6])) << 8) | |
697 | | ((((uint32_t)context->Message_Block[t8 + 7]))); |
698 | | } |
699 | | |
700 | | for (t = 16; t < 80; t++, t2 += 2) { |
701 | | /* W[t] = SHA512_sigma1(W[t-2]) + W[t-7] + |
702 | | SHA512_sigma0(W[t-15]) + W[t-16]; */ |
703 | | uint32_t *Wt2 = &W[t2-2*2]; |
704 | | uint32_t *Wt7 = &W[t2-7*2]; |
705 | | uint32_t *Wt15 = &W[t2-15*2]; |
706 | | uint32_t *Wt16 = &W[t2-16*2]; |
707 | | SHA512_sigma1(Wt2, temp1); |
708 | | SHA512_ADD(temp1, Wt7, temp2); |
709 | | SHA512_sigma0(Wt15, temp1); |
710 | | SHA512_ADD(temp1, Wt16, temp3); |
711 | | SHA512_ADD(temp2, temp3, &W[t2]); |
712 | | } |
713 | | |
714 | | A[0] = context->Intermediate_Hash[0]; |
715 | | A[1] = context->Intermediate_Hash[1]; |
716 | | B[0] = context->Intermediate_Hash[2]; |
717 | | B[1] = context->Intermediate_Hash[3]; |
718 | | C[0] = context->Intermediate_Hash[4]; |
719 | | C[1] = context->Intermediate_Hash[5]; |
720 | | D[0] = context->Intermediate_Hash[6]; |
721 | | D[1] = context->Intermediate_Hash[7]; |
722 | | E[0] = context->Intermediate_Hash[8]; |
723 | | E[1] = context->Intermediate_Hash[9]; |
724 | | F[0] = context->Intermediate_Hash[10]; |
725 | | F[1] = context->Intermediate_Hash[11]; |
726 | | G[0] = context->Intermediate_Hash[12]; |
727 | | G[1] = context->Intermediate_Hash[13]; |
728 | | H[0] = context->Intermediate_Hash[14]; |
729 | | H[1] = context->Intermediate_Hash[15]; |
730 | | |
731 | | for (t = t2 = 0; t < 80; t++, t2 += 2) { |
732 | | /* |
733 | | * temp1 = H + SHA512_SIGMA1(E) + SHA_Ch(E,F,G) + K[t] + W[t]; |
734 | | */ |
735 | | SHA512_SIGMA1(E,temp1); |
736 | | SHA512_ADD(H, temp1, temp2); |
737 | | SHA_Ch(E,F,G,temp3); |
738 | | SHA512_ADD(temp2, temp3, temp4); |
739 | | SHA512_ADD(&K[t2], &W[t2], temp5); |
740 | | SHA512_ADD(temp4, temp5, temp1); |
741 | | /* |
742 | | * temp2 = SHA512_SIGMA0(A) + SHA_Maj(A,B,C); |
743 | | */ |
744 | | SHA512_SIGMA0(A,temp3); |
745 | | SHA_Maj(A,B,C,temp4); |
746 | | SHA512_ADD(temp3, temp4, temp2); |
747 | | H[0] = G[0]; H[1] = G[1]; |
748 | | G[0] = F[0]; G[1] = F[1]; |
749 | | F[0] = E[0]; F[1] = E[1]; |
750 | | SHA512_ADD(D, temp1, E); |
751 | | D[0] = C[0]; D[1] = C[1]; |
752 | | C[0] = B[0]; C[1] = B[1]; |
753 | | B[0] = A[0]; B[1] = A[1]; |
754 | | SHA512_ADD(temp1, temp2, A); |
755 | | } |
756 | | |
757 | | SHA512_ADDTO2(&context->Intermediate_Hash[0], A); |
758 | | SHA512_ADDTO2(&context->Intermediate_Hash[2], B); |
759 | | SHA512_ADDTO2(&context->Intermediate_Hash[4], C); |
760 | | SHA512_ADDTO2(&context->Intermediate_Hash[6], D); |
761 | | SHA512_ADDTO2(&context->Intermediate_Hash[8], E); |
762 | | SHA512_ADDTO2(&context->Intermediate_Hash[10], F); |
763 | | SHA512_ADDTO2(&context->Intermediate_Hash[12], G); |
764 | | SHA512_ADDTO2(&context->Intermediate_Hash[14], H); |
765 | | |
766 | | #else /* !USE_32BIT_ONLY */ |
767 | | /* Constants defined in FIPS 180-3, section 4.2.3 */ |
768 | 0 | static const uint64_t K[80] = { |
769 | 0 | 0x428A2F98D728AE22ull, 0x7137449123EF65CDull, 0xB5C0FBCFEC4D3B2Full, |
770 | 0 | 0xE9B5DBA58189DBBCull, 0x3956C25BF348B538ull, 0x59F111F1B605D019ull, |
771 | 0 | 0x923F82A4AF194F9Bull, 0xAB1C5ED5DA6D8118ull, 0xD807AA98A3030242ull, |
772 | 0 | 0x12835B0145706FBEull, 0x243185BE4EE4B28Cull, 0x550C7DC3D5FFB4E2ull, |
773 | 0 | 0x72BE5D74F27B896Full, 0x80DEB1FE3B1696B1ull, 0x9BDC06A725C71235ull, |
774 | 0 | 0xC19BF174CF692694ull, 0xE49B69C19EF14AD2ull, 0xEFBE4786384F25E3ull, |
775 | 0 | 0x0FC19DC68B8CD5B5ull, 0x240CA1CC77AC9C65ull, 0x2DE92C6F592B0275ull, |
776 | 0 | 0x4A7484AA6EA6E483ull, 0x5CB0A9DCBD41FBD4ull, 0x76F988DA831153B5ull, |
777 | 0 | 0x983E5152EE66DFABull, 0xA831C66D2DB43210ull, 0xB00327C898FB213Full, |
778 | 0 | 0xBF597FC7BEEF0EE4ull, 0xC6E00BF33DA88FC2ull, 0xD5A79147930AA725ull, |
779 | 0 | 0x06CA6351E003826Full, 0x142929670A0E6E70ull, 0x27B70A8546D22FFCull, |
780 | 0 | 0x2E1B21385C26C926ull, 0x4D2C6DFC5AC42AEDull, 0x53380D139D95B3DFull, |
781 | 0 | 0x650A73548BAF63DEull, 0x766A0ABB3C77B2A8ull, 0x81C2C92E47EDAEE6ull, |
782 | 0 | 0x92722C851482353Bull, 0xA2BFE8A14CF10364ull, 0xA81A664BBC423001ull, |
783 | 0 | 0xC24B8B70D0F89791ull, 0xC76C51A30654BE30ull, 0xD192E819D6EF5218ull, |
784 | 0 | 0xD69906245565A910ull, 0xF40E35855771202Aull, 0x106AA07032BBD1B8ull, |
785 | 0 | 0x19A4C116B8D2D0C8ull, 0x1E376C085141AB53ull, 0x2748774CDF8EEB99ull, |
786 | 0 | 0x34B0BCB5E19B48A8ull, 0x391C0CB3C5C95A63ull, 0x4ED8AA4AE3418ACBull, |
787 | 0 | 0x5B9CCA4F7763E373ull, 0x682E6FF3D6B2B8A3ull, 0x748F82EE5DEFB2FCull, |
788 | 0 | 0x78A5636F43172F60ull, 0x84C87814A1F0AB72ull, 0x8CC702081A6439ECull, |
789 | 0 | 0x90BEFFFA23631E28ull, 0xA4506CEBDE82BDE9ull, 0xBEF9A3F7B2C67915ull, |
790 | 0 | 0xC67178F2E372532Bull, 0xCA273ECEEA26619Cull, 0xD186B8C721C0C207ull, |
791 | 0 | 0xEADA7DD6CDE0EB1Eull, 0xF57D4F7FEE6ED178ull, 0x06F067AA72176FBAull, |
792 | 0 | 0x0A637DC5A2C898A6ull, 0x113F9804BEF90DAEull, 0x1B710B35131C471Bull, |
793 | 0 | 0x28DB77F523047D84ull, 0x32CAAB7B40C72493ull, 0x3C9EBE0A15C9BEBCull, |
794 | 0 | 0x431D67C49C100D4Cull, 0x4CC5D4BECB3E42B6ull, 0x597F299CFC657E2Aull, |
795 | 0 | 0x5FCB6FAB3AD6FAECull, 0x6C44198C4A475817ull |
796 | 0 | }; |
797 | 0 | int t, t8; /* Loop counter */ |
798 | 0 | uint64_t temp1, temp2; /* Temporary word value */ |
799 | 0 | uint64_t W[80]; /* Word sequence */ |
800 | 0 | uint64_t A, B, C, D, E, F, G, H; /* Word buffers */ |
801 | | |
802 | | /* |
803 | | * Initialize the first 16 words in the array W |
804 | | */ |
805 | 0 | for (t = t8 = 0; t < 16; t++, t8 += 8) |
806 | 0 | W[t] = ((uint64_t)(context->Message_Block[t8 ]) << 56) | |
807 | 0 | ((uint64_t)(context->Message_Block[t8 + 1]) << 48) | |
808 | 0 | ((uint64_t)(context->Message_Block[t8 + 2]) << 40) | |
809 | 0 | ((uint64_t)(context->Message_Block[t8 + 3]) << 32) | |
810 | 0 | ((uint64_t)(context->Message_Block[t8 + 4]) << 24) | |
811 | 0 | ((uint64_t)(context->Message_Block[t8 + 5]) << 16) | |
812 | 0 | ((uint64_t)(context->Message_Block[t8 + 6]) << 8) | |
813 | 0 | ((uint64_t)(context->Message_Block[t8 + 7])); |
814 | |
|
815 | 0 | for (t = 16; t < 80; t++) |
816 | 0 | W[t] = SHA512_sigma1(W[t-2]) + W[t-7] + |
817 | 0 | SHA512_sigma0(W[t-15]) + W[t-16]; |
818 | 0 | A = context->Intermediate_Hash[0]; |
819 | 0 | B = context->Intermediate_Hash[1]; |
820 | 0 | C = context->Intermediate_Hash[2]; |
821 | 0 | D = context->Intermediate_Hash[3]; |
822 | 0 | E = context->Intermediate_Hash[4]; |
823 | 0 | F = context->Intermediate_Hash[5]; |
824 | 0 | G = context->Intermediate_Hash[6]; |
825 | 0 | H = context->Intermediate_Hash[7]; |
826 | |
|
827 | 0 | for (t = 0; t < 80; t++) { |
828 | 0 | temp1 = H + SHA512_SIGMA1(E) + SHA_Ch(E,F,G) + K[t] + W[t]; |
829 | 0 | temp2 = SHA512_SIGMA0(A) + SHA_Maj(A,B,C); |
830 | 0 | H = G; |
831 | 0 | G = F; |
832 | 0 | F = E; |
833 | 0 | E = D + temp1; |
834 | 0 | D = C; |
835 | 0 | C = B; |
836 | 0 | B = A; |
837 | 0 | A = temp1 + temp2; |
838 | 0 | } |
839 | |
|
840 | 0 | context->Intermediate_Hash[0] += A; |
841 | 0 | context->Intermediate_Hash[1] += B; |
842 | 0 | context->Intermediate_Hash[2] += C; |
843 | 0 | context->Intermediate_Hash[3] += D; |
844 | 0 | context->Intermediate_Hash[4] += E; |
845 | 0 | context->Intermediate_Hash[5] += F; |
846 | 0 | context->Intermediate_Hash[6] += G; |
847 | 0 | context->Intermediate_Hash[7] += H; |
848 | 0 | #endif /* USE_32BIT_ONLY */ |
849 | |
|
850 | 0 | context->Message_Block_Index = 0; |
851 | 0 | } |
852 | | |
853 | | /* |
854 | | * SHA384_512Finalize |
855 | | * |
856 | | * Description: |
857 | | * This helper function finishes off the digest calculations. |
858 | | * |
859 | | * Parameters: |
860 | | * context: [in/out] |
861 | | * The SHA context to update. |
862 | | * Pad_Byte: [in] |
863 | | * The last byte to add to the message block before the 0-padding |
864 | | * and length. This will contain the last bits of the message |
865 | | * followed by another single bit. If the message was an |
866 | | * exact multiple of 8-bits long, Pad_Byte will be 0x80. |
867 | | * |
868 | | * Returns: |
869 | | * sha Error Code. |
870 | | * |
871 | | */ |
872 | | static void SHA384_512Finalize(SHA512Context *context, |
873 | | uint8_t Pad_Byte) |
874 | 0 | { |
875 | 0 | int_least16_t i; |
876 | 0 | SHA384_512PadMessage(context, Pad_Byte); |
877 | | /* message may be sensitive, clear it out */ |
878 | 0 | for (i = 0; i < SHA512_Message_Block_Size; ++i) |
879 | 0 | context->Message_Block[i] = 0; |
880 | | #ifdef USE_32BIT_ONLY /* and clear length */ |
881 | | context->Length[0] = context->Length[1] = 0; |
882 | | context->Length[2] = context->Length[3] = 0; |
883 | | #else /* !USE_32BIT_ONLY */ |
884 | 0 | context->Length_High = context->Length_Low = 0; |
885 | 0 | #endif /* USE_32BIT_ONLY */ |
886 | 0 | context->Computed = 1; |
887 | 0 | } |
888 | | |
889 | | /* |
890 | | * SHA384_512PadMessage |
891 | | * |
892 | | * Description: |
893 | | * According to the standard, the message must be padded to the next |
894 | | * even multiple of 1024 bits. The first padding bit must be a '1'. |
895 | | * The last 128 bits represent the length of the original message. |
896 | | * All bits in between should be 0. This helper function will |
897 | | * pad the message according to those rules by filling the |
898 | | * Message_Block array accordingly. When it returns, it can be |
899 | | * assumed that the message digest has been computed. |
900 | | * |
901 | | * Parameters: |
902 | | * context: [in/out] |
903 | | * The context to pad. |
904 | | * Pad_Byte: [in] |
905 | | * The last byte to add to the message block before the 0-padding |
906 | | * and length. This will contain the last bits of the message |
907 | | * followed by another single bit. If the message was an |
908 | | * exact multiple of 8-bits long, Pad_Byte will be 0x80. |
909 | | * |
910 | | * Returns: |
911 | | * Nothing. |
912 | | * |
913 | | */ |
914 | | static void SHA384_512PadMessage(SHA512Context *context, |
915 | | uint8_t Pad_Byte) |
916 | 0 | { |
917 | | /* |
918 | | * Check to see if the current message block is too small to hold |
919 | | * the initial padding bits and length. If so, we will pad the |
920 | | * block, process it, and then continue padding into a second |
921 | | * block. |
922 | | */ |
923 | 0 | if (context->Message_Block_Index >= (SHA512_Message_Block_Size-16)) { |
924 | 0 | context->Message_Block[context->Message_Block_Index++] = Pad_Byte; |
925 | 0 | while (context->Message_Block_Index < SHA512_Message_Block_Size) |
926 | 0 | context->Message_Block[context->Message_Block_Index++] = 0; |
927 | |
|
928 | 0 | SHA384_512ProcessMessageBlock(context); |
929 | 0 | } else |
930 | 0 | context->Message_Block[context->Message_Block_Index++] = Pad_Byte; |
931 | |
|
932 | 0 | while (context->Message_Block_Index < (SHA512_Message_Block_Size-16)) |
933 | 0 | context->Message_Block[context->Message_Block_Index++] = 0; |
934 | | |
935 | | /* |
936 | | * Store the message length as the last 16 octets |
937 | | */ |
938 | | #ifdef USE_32BIT_ONLY |
939 | | context->Message_Block[112] = (uint8_t)(context->Length[0] >> 24); |
940 | | context->Message_Block[113] = (uint8_t)(context->Length[0] >> 16); |
941 | | context->Message_Block[114] = (uint8_t)(context->Length[0] >> 8); |
942 | | context->Message_Block[115] = (uint8_t)(context->Length[0]); |
943 | | context->Message_Block[116] = (uint8_t)(context->Length[1] >> 24); |
944 | | context->Message_Block[117] = (uint8_t)(context->Length[1] >> 16); |
945 | | context->Message_Block[118] = (uint8_t)(context->Length[1] >> 8); |
946 | | context->Message_Block[119] = (uint8_t)(context->Length[1]); |
947 | | |
948 | | context->Message_Block[120] = (uint8_t)(context->Length[2] >> 24); |
949 | | context->Message_Block[121] = (uint8_t)(context->Length[2] >> 16); |
950 | | context->Message_Block[122] = (uint8_t)(context->Length[2] >> 8); |
951 | | context->Message_Block[123] = (uint8_t)(context->Length[2]); |
952 | | context->Message_Block[124] = (uint8_t)(context->Length[3] >> 24); |
953 | | context->Message_Block[125] = (uint8_t)(context->Length[3] >> 16); |
954 | | context->Message_Block[126] = (uint8_t)(context->Length[3] >> 8); |
955 | | context->Message_Block[127] = (uint8_t)(context->Length[3]); |
956 | | #else /* !USE_32BIT_ONLY */ |
957 | 0 | context->Message_Block[112] = (uint8_t)(context->Length_High >> 56); |
958 | 0 | context->Message_Block[113] = (uint8_t)(context->Length_High >> 48); |
959 | 0 | context->Message_Block[114] = (uint8_t)(context->Length_High >> 40); |
960 | 0 | context->Message_Block[115] = (uint8_t)(context->Length_High >> 32); |
961 | 0 | context->Message_Block[116] = (uint8_t)(context->Length_High >> 24); |
962 | 0 | context->Message_Block[117] = (uint8_t)(context->Length_High >> 16); |
963 | 0 | context->Message_Block[118] = (uint8_t)(context->Length_High >> 8); |
964 | 0 | context->Message_Block[119] = (uint8_t)(context->Length_High); |
965 | |
|
966 | 0 | context->Message_Block[120] = (uint8_t)(context->Length_Low >> 56); |
967 | 0 | context->Message_Block[121] = (uint8_t)(context->Length_Low >> 48); |
968 | 0 | context->Message_Block[122] = (uint8_t)(context->Length_Low >> 40); |
969 | 0 | context->Message_Block[123] = (uint8_t)(context->Length_Low >> 32); |
970 | 0 | context->Message_Block[124] = (uint8_t)(context->Length_Low >> 24); |
971 | 0 | context->Message_Block[125] = (uint8_t)(context->Length_Low >> 16); |
972 | 0 | context->Message_Block[126] = (uint8_t)(context->Length_Low >> 8); |
973 | 0 | context->Message_Block[127] = (uint8_t)(context->Length_Low); |
974 | 0 | #endif /* USE_32BIT_ONLY */ |
975 | |
|
976 | 0 | SHA384_512ProcessMessageBlock(context); |
977 | 0 | } |
978 | | |
979 | | /* |
980 | | * SHA384_512ResultN |
981 | | * |
982 | | * Description: |
983 | | * This helper function will return the 384-bit or 512-bit message |
984 | | * digest into the Message_Digest array provided by the caller. |
985 | | * NOTE: |
986 | | * The first octet of hash is stored in the element with index 0, |
987 | | * the last octet of hash in the element with index 47/63. |
988 | | * |
989 | | * Parameters: |
990 | | * context: [in/out] |
991 | | * The context to use to calculate the SHA hash. |
992 | | * Message_Digest[ ]: [out] |
993 | | * Where the digest is returned. |
994 | | * HashSize: [in] |
995 | | * The size of the hash, either 48 or 64. |
996 | | * |
997 | | * Returns: |
998 | | * sha Error Code. |
999 | | * |
1000 | | */ |
1001 | | static int SHA384_512ResultN(SHA512Context *context, |
1002 | | uint8_t Message_Digest[ ], int HashSize) |
1003 | 0 | { |
1004 | 0 | int i; |
1005 | | #ifdef USE_32BIT_ONLY |
1006 | | int i2; |
1007 | | #endif /* USE_32BIT_ONLY */ |
1008 | |
|
1009 | 0 | if (!context) return shaNull; |
1010 | 0 | if (!Message_Digest) return shaNull; |
1011 | 0 | if (context->Corrupted) return context->Corrupted; |
1012 | | |
1013 | 0 | if (!context->Computed) |
1014 | 0 | SHA384_512Finalize(context, 0x80); |
1015 | |
|
1016 | | #ifdef USE_32BIT_ONLY |
1017 | | for (i = i2 = 0; i < HashSize; ) { |
1018 | | Message_Digest[i++]=(uint8_t)(context->Intermediate_Hash[i2]>>24); |
1019 | | Message_Digest[i++]=(uint8_t)(context->Intermediate_Hash[i2]>>16); |
1020 | | Message_Digest[i++]=(uint8_t)(context->Intermediate_Hash[i2]>>8); |
1021 | | Message_Digest[i++]=(uint8_t)(context->Intermediate_Hash[i2++]); |
1022 | | Message_Digest[i++]=(uint8_t)(context->Intermediate_Hash[i2]>>24); |
1023 | | Message_Digest[i++]=(uint8_t)(context->Intermediate_Hash[i2]>>16); |
1024 | | Message_Digest[i++]=(uint8_t)(context->Intermediate_Hash[i2]>>8); |
1025 | | Message_Digest[i++]=(uint8_t)(context->Intermediate_Hash[i2++]); |
1026 | | } |
1027 | | #else /* !USE_32BIT_ONLY */ |
1028 | 0 | for (i = 0; i < HashSize; ++i) |
1029 | 0 | Message_Digest[i] = (uint8_t) |
1030 | 0 | (context->Intermediate_Hash[i>>3] >> 8 * ( 7 - ( i % 8 ) )); |
1031 | 0 | #endif /* USE_32BIT_ONLY */ |
1032 | |
|
1033 | 0 | return shaSuccess; |
1034 | 0 | } |