/src/php-src/ext/hash/hash_sha.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | +----------------------------------------------------------------------+ |
3 | | | Copyright (c) The PHP Group | |
4 | | +----------------------------------------------------------------------+ |
5 | | | This source file is subject to version 3.01 of the PHP license, | |
6 | | | that is bundled with this package in the file LICENSE, and is | |
7 | | | available through the world-wide-web at the following url: | |
8 | | | https://www.php.net/license/3_01.txt | |
9 | | | If you did not receive a copy of the PHP license and are unable to | |
10 | | | obtain it through the world-wide-web, please send a note to | |
11 | | | license@php.net so we can mail you a copy immediately. | |
12 | | +----------------------------------------------------------------------+ |
13 | | | Authors: Steffan Esser <sesser@php.net> | |
14 | | | Sara Golemon <pollita@php.net> | |
15 | | +----------------------------------------------------------------------+ |
16 | | */ |
17 | | |
18 | | #include "php_hash.h" |
19 | | #include "php_hash_sha.h" |
20 | | #include "Zend/zend_cpuinfo.h" |
21 | | |
22 | | static const unsigned char PADDING[128] = |
23 | | { |
24 | | 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
25 | | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
26 | | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
27 | | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
28 | | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
29 | | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
30 | | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
31 | | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 |
32 | | }; |
33 | | |
34 | | /* {{{ SHAEncode32 |
35 | | Encodes input (uint32_t) into output (unsigned char). Assumes len is |
36 | | a multiple of 4. |
37 | | */ |
38 | | static void SHAEncode32(unsigned char *output, uint32_t *input, unsigned int len) |
39 | 85 | { |
40 | 85 | unsigned int i, j; |
41 | | |
42 | 710 | for (i = 0, j = 0; j < len; i++, j += 4) { |
43 | 625 | output[j] = (unsigned char) ((input[i] >> 24) & 0xff); |
44 | 625 | output[j + 1] = (unsigned char) ((input[i] >> 16) & 0xff); |
45 | 625 | output[j + 2] = (unsigned char) ((input[i] >> 8) & 0xff); |
46 | 625 | output[j + 3] = (unsigned char) (input[i] & 0xff); |
47 | 625 | } |
48 | 85 | } |
49 | | /* }}} */ |
50 | | |
51 | | |
52 | | /* {{{ SHADecode32 |
53 | | Decodes input (unsigned char) into output (uint32_t). Assumes len is |
54 | | a multiple of 4. |
55 | | */ |
56 | | static void SHADecode32(uint32_t *output, const unsigned char *input, unsigned int len) |
57 | 0 | { |
58 | 0 | unsigned int i, j; |
59 | 0 |
|
60 | 0 | for (i = 0, j = 0; j < len; i++, j += 4) |
61 | 0 | output[i] = ((uint32_t) input[j + 3]) | (((uint32_t) input[j + 2]) << 8) | |
62 | 0 | (((uint32_t) input[j + 1]) << 16) | (((uint32_t) input[j]) << 24); |
63 | 0 | } |
64 | | /* }}} */ |
65 | | |
66 | | const php_hash_ops php_hash_sha1_ops = { |
67 | | "sha1", |
68 | | (php_hash_init_func_t) PHP_SHA1InitArgs, |
69 | | (php_hash_update_func_t) PHP_SHA1Update, |
70 | | (php_hash_final_func_t) PHP_SHA1Final, |
71 | | php_hash_copy, |
72 | | php_hash_serialize, |
73 | | php_hash_unserialize, |
74 | | PHP_SHA1_SPEC, |
75 | | 20, |
76 | | 64, |
77 | | sizeof(PHP_SHA1_CTX), |
78 | | 1 |
79 | | }; |
80 | | |
81 | | /* sha224/sha256 */ |
82 | | |
83 | | const php_hash_ops php_hash_sha256_ops = { |
84 | | "sha256", |
85 | | (php_hash_init_func_t) PHP_SHA256InitArgs, |
86 | | (php_hash_update_func_t) PHP_SHA256Update, |
87 | | (php_hash_final_func_t) PHP_SHA256Final, |
88 | | php_hash_copy, |
89 | | php_hash_serialize, |
90 | | php_hash_unserialize, |
91 | | PHP_SHA256_SPEC, |
92 | | 32, |
93 | | 64, |
94 | | sizeof(PHP_SHA256_CTX), |
95 | | 1 |
96 | | }; |
97 | | |
98 | | const php_hash_ops php_hash_sha224_ops = { |
99 | | "sha224", |
100 | | (php_hash_init_func_t) PHP_SHA224InitArgs, |
101 | | (php_hash_update_func_t) PHP_SHA224Update, |
102 | | (php_hash_final_func_t) PHP_SHA224Final, |
103 | | php_hash_copy, |
104 | | php_hash_serialize, |
105 | | php_hash_unserialize, |
106 | | PHP_SHA224_SPEC, |
107 | | 28, |
108 | | 64, |
109 | | sizeof(PHP_SHA224_CTX), |
110 | | 1 |
111 | | }; |
112 | | |
113 | 0 | #define ROTR32(b,x) ((x >> b) | (x << (32 - b))) |
114 | 8.41M | #define ROTR64(b,x) ((x >> b) | (x << (64 - b))) |
115 | 1.46M | #define SHR(b, x) (x >> b) |
116 | | |
117 | | /* Ch */ |
118 | 0 | #define SHA256_F0(x,y,z) (((x) & (y)) ^ ((~(x)) & (z))) |
119 | | /* Maj */ |
120 | 0 | #define SHA256_F1(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) |
121 | | /* SUM0 */ |
122 | 0 | #define SHA256_F2(x) (ROTR32( 2,(x)) ^ ROTR32(13,(x)) ^ ROTR32(22,(x))) |
123 | | /* SUM1 */ |
124 | 0 | #define SHA256_F3(x) (ROTR32( 6,(x)) ^ ROTR32(11,(x)) ^ ROTR32(25,(x))) |
125 | | /* OM0 */ |
126 | 0 | #define SHA256_F4(x) (ROTR32( 7,(x)) ^ ROTR32(18,(x)) ^ SHR( 3,(x))) |
127 | | /* OM1 */ |
128 | 0 | #define SHA256_F5(x) (ROTR32(17,(x)) ^ ROTR32(19,(x)) ^ SHR(10,(x))) |
129 | | |
130 | | static const uint32_t SHA256_K[64] = { |
131 | | 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, |
132 | | 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, |
133 | | 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, |
134 | | 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967, |
135 | | 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, |
136 | | 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070, |
137 | | 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3, |
138 | | 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2 }; |
139 | | |
140 | | /* {{{ PHP_SHA256InitArgs |
141 | | * SHA256 initialization. Begins an SHA256 operation, writing a new context. |
142 | | */ |
143 | | PHP_HASH_API void PHP_SHA256InitArgs(PHP_SHA256_CTX * context, ZEND_ATTRIBUTE_UNUSED HashTable *args) |
144 | 30 | { |
145 | 30 | context->count[0] = context->count[1] = 0; |
146 | | /* Load magic initialization constants. |
147 | | */ |
148 | 30 | context->state[0] = 0x6a09e667; |
149 | 30 | context->state[1] = 0xbb67ae85; |
150 | 30 | context->state[2] = 0x3c6ef372; |
151 | 30 | context->state[3] = 0xa54ff53a; |
152 | 30 | context->state[4] = 0x510e527f; |
153 | 30 | context->state[5] = 0x9b05688c; |
154 | 30 | context->state[6] = 0x1f83d9ab; |
155 | 30 | context->state[7] = 0x5be0cd19; |
156 | 30 | } |
157 | | /* }}} */ |
158 | | |
159 | | /* {{{ SHA256Transform |
160 | | * SHA256 basic transformation. Transforms state based on block. |
161 | | */ |
162 | | static void SHA256Transform(uint32_t state[8], const unsigned char block[64]) |
163 | 43.2k | { |
164 | | #if defined(PHP_HASH_INTRIN_SHA_NATIVE) |
165 | | SHA256_Transform_shani(state, block); |
166 | | return; |
167 | | #elif defined(PHP_HASH_INTRIN_SHA_RESOLVER) |
168 | 43.2k | if (zend_cpu_supports(ZEND_CPU_FEATURE_SSSE3) && zend_cpu_supports(ZEND_CPU_FEATURE_SHA)) { |
169 | 43.2k | SHA256_Transform_shani(state, block); |
170 | 43.2k | return; |
171 | 43.2k | } |
172 | 0 | #endif |
173 | | |
174 | 0 | #if defined(__SSE2__) |
175 | 0 | uint32_t tmp32[72]; |
176 | |
|
177 | 0 | SHA256_Transform_sse2(state, block, &tmp32[0], &tmp32[64]); |
178 | 0 | ZEND_SECURE_ZERO((unsigned char*) tmp32, sizeof(tmp32)); |
179 | 0 | return; |
180 | 0 | #endif |
181 | | |
182 | 0 | uint32_t a = state[0], b = state[1], c = state[2], d = state[3]; |
183 | 0 | uint32_t e = state[4], f = state[5], g = state[6], h = state[7]; |
184 | 0 | uint32_t x[16], T1, T2, W[64]; |
185 | 0 | int i; |
186 | |
|
187 | 0 | SHADecode32(x, block, 64); |
188 | | |
189 | | /* Schedule */ |
190 | 0 | for(i = 0; i < 16; i++) { |
191 | 0 | W[i] = x[i]; |
192 | 0 | } |
193 | 0 | for(i = 16; i < 64; i++) { |
194 | 0 | W[i] = SHA256_F5(W[i-2]) + W[i-7] + SHA256_F4(W[i-15]) + W[i-16]; |
195 | 0 | } |
196 | |
|
197 | 0 | for (i = 0; i < 64; i++) { |
198 | 0 | T1 = h + SHA256_F3(e) + SHA256_F0(e,f,g) + SHA256_K[i] + W[i]; |
199 | 0 | T2 = SHA256_F2(a) + SHA256_F1(a,b,c); |
200 | 0 | h = g; g = f; f = e; e = d + T1; |
201 | 0 | d = c; c = b; b = a; a = T1 + T2; |
202 | 0 | } |
203 | |
|
204 | 0 | state[0] += a; |
205 | 0 | state[1] += b; |
206 | 0 | state[2] += c; |
207 | 0 | state[3] += d; |
208 | 0 | state[4] += e; |
209 | 0 | state[5] += f; |
210 | 0 | state[6] += g; |
211 | 0 | state[7] += h; |
212 | | |
213 | | /* Zeroize sensitive information. */ |
214 | 0 | ZEND_SECURE_ZERO((unsigned char*) x, sizeof(x)); |
215 | 0 | } |
216 | | /* }}} */ |
217 | | |
218 | | /* {{{ PHP_SHA224InitArgs |
219 | | * SHA224 initialization. Begins an SHA224 operation, writing a new context. |
220 | | */ |
221 | | PHP_HASH_API void PHP_SHA224InitArgs(PHP_SHA224_CTX * context, ZEND_ATTRIBUTE_UNUSED HashTable *args) |
222 | 56 | { |
223 | 56 | context->count[0] = context->count[1] = 0; |
224 | | /* Load magic initialization constants. |
225 | | */ |
226 | 56 | context->state[0] = 0xc1059ed8; |
227 | 56 | context->state[1] = 0x367cd507; |
228 | 56 | context->state[2] = 0x3070dd17; |
229 | 56 | context->state[3] = 0xf70e5939; |
230 | 56 | context->state[4] = 0xffc00b31; |
231 | 56 | context->state[5] = 0x68581511; |
232 | 56 | context->state[6] = 0x64f98fa7; |
233 | 56 | context->state[7] = 0xbefa4fa4; |
234 | 56 | } |
235 | | /* }}} */ |
236 | | |
237 | | /* {{{ PHP_SHA224Update |
238 | | SHA224 block update operation. Continues an SHA224 message-digest |
239 | | operation, processing another message block, and updating the |
240 | | context. |
241 | | */ |
242 | | PHP_HASH_API void PHP_SHA224Update(PHP_SHA224_CTX * context, const unsigned char *input, size_t inputLen) |
243 | 165 | { |
244 | 165 | unsigned int index, partLen; |
245 | 165 | size_t i; |
246 | | |
247 | | /* Compute number of bytes mod 64 */ |
248 | 165 | index = (unsigned int) ((context->count[0] >> 3) & 0x3F); |
249 | | |
250 | | /* Update number of bits */ |
251 | 165 | if ((context->count[0] += ((uint32_t) inputLen << 3)) < ((uint32_t) inputLen << 3)) { |
252 | 49 | context->count[1]++; |
253 | 49 | } |
254 | 165 | context->count[1] += (uint32_t) (inputLen >> 29); |
255 | | |
256 | 165 | partLen = 64 - index; |
257 | | |
258 | | /* Transform as many times as possible. |
259 | | */ |
260 | 165 | if (inputLen >= partLen) { |
261 | 136 | memcpy((unsigned char*) & context->buffer[index], (unsigned char*) input, partLen); |
262 | 136 | SHA256Transform(context->state, context->buffer); |
263 | | |
264 | 21.8k | for (i = partLen; i + 63 < inputLen; i += 64) { |
265 | 21.7k | SHA256Transform(context->state, &input[i]); |
266 | 21.7k | } |
267 | | |
268 | 136 | index = 0; |
269 | 136 | } else { |
270 | 29 | i = 0; |
271 | 29 | } |
272 | | |
273 | | /* Buffer remaining input */ |
274 | 165 | memcpy((unsigned char*) & context->buffer[index], (unsigned char*) & input[i], inputLen - i); |
275 | 165 | } |
276 | | /* }}} */ |
277 | | |
278 | | /* {{{ PHP_SHA224Final |
279 | | SHA224 finalization. Ends an SHA224 message-digest operation, writing the |
280 | | the message digest and zeroizing the context. |
281 | | */ |
282 | | PHP_HASH_API void PHP_SHA224Final(unsigned char digest[28], PHP_SHA224_CTX * context) |
283 | 55 | { |
284 | 55 | unsigned char bits[8]; |
285 | 55 | unsigned int index, padLen; |
286 | | |
287 | | /* Save number of bits */ |
288 | 55 | bits[7] = (unsigned char) (context->count[0] & 0xFF); |
289 | 55 | bits[6] = (unsigned char) ((context->count[0] >> 8) & 0xFF); |
290 | 55 | bits[5] = (unsigned char) ((context->count[0] >> 16) & 0xFF); |
291 | 55 | bits[4] = (unsigned char) ((context->count[0] >> 24) & 0xFF); |
292 | 55 | bits[3] = (unsigned char) (context->count[1] & 0xFF); |
293 | 55 | bits[2] = (unsigned char) ((context->count[1] >> 8) & 0xFF); |
294 | 55 | bits[1] = (unsigned char) ((context->count[1] >> 16) & 0xFF); |
295 | 55 | bits[0] = (unsigned char) ((context->count[1] >> 24) & 0xFF); |
296 | | |
297 | | /* Pad out to 56 mod 64. |
298 | | */ |
299 | 55 | index = (unsigned int) ((context->count[0] >> 3) & 0x3f); |
300 | 55 | padLen = (index < 56) ? (56 - index) : (120 - index); |
301 | 55 | PHP_SHA224Update(context, PADDING, padLen); |
302 | | |
303 | | /* Append length (before padding) */ |
304 | 55 | PHP_SHA224Update(context, bits, 8); |
305 | | |
306 | | /* Store state in digest */ |
307 | 55 | SHAEncode32(digest, context->state, 28); |
308 | | |
309 | | /* Zeroize sensitive information. |
310 | | */ |
311 | 55 | ZEND_SECURE_ZERO((unsigned char*) context, sizeof(*context)); |
312 | 55 | } |
313 | | /* }}} */ |
314 | | |
315 | | /* {{{ PHP_SHA256Update |
316 | | SHA256 block update operation. Continues an SHA256 message-digest |
317 | | operation, processing another message block, and updating the |
318 | | context. |
319 | | */ |
320 | | PHP_HASH_API void PHP_SHA256Update(PHP_SHA256_CTX * context, const unsigned char *input, size_t inputLen) |
321 | 90 | { |
322 | 90 | unsigned int index, partLen; |
323 | 90 | size_t i; |
324 | | |
325 | | /* Compute number of bytes mod 64 */ |
326 | 90 | index = (unsigned int) ((context->count[0] >> 3) & 0x3F); |
327 | | |
328 | | /* Update number of bits */ |
329 | 90 | if ((context->count[0] += ((uint32_t) inputLen << 3)) < ((uint32_t) inputLen << 3)) { |
330 | 28 | context->count[1]++; |
331 | 28 | } |
332 | 90 | context->count[1] += (uint32_t) (inputLen >> 29); |
333 | | |
334 | 90 | partLen = 64 - index; |
335 | | |
336 | | /* Transform as many times as possible. |
337 | | */ |
338 | 90 | if (inputLen >= partLen) { |
339 | 61 | memcpy((unsigned char*) & context->buffer[index], (unsigned char*) input, partLen); |
340 | 61 | SHA256Transform(context->state, context->buffer); |
341 | | |
342 | 21.3k | for (i = partLen; i + 63 < inputLen; i += 64) { |
343 | 21.3k | SHA256Transform(context->state, &input[i]); |
344 | 21.3k | } |
345 | | |
346 | 61 | index = 0; |
347 | 61 | } else { |
348 | 29 | i = 0; |
349 | 29 | } |
350 | | |
351 | | /* Buffer remaining input */ |
352 | 90 | memcpy((unsigned char*) & context->buffer[index], (unsigned char*) & input[i], inputLen - i); |
353 | 90 | } |
354 | | /* }}} */ |
355 | | |
356 | | /* {{{ PHP_SHA256Final |
357 | | SHA256 finalization. Ends an SHA256 message-digest operation, writing the |
358 | | the message digest and zeroizing the context. |
359 | | */ |
360 | | PHP_HASH_API void PHP_SHA256Final(unsigned char digest[32], PHP_SHA256_CTX * context) |
361 | 30 | { |
362 | 30 | unsigned char bits[8]; |
363 | 30 | unsigned int index, padLen; |
364 | | |
365 | | /* Save number of bits */ |
366 | 30 | bits[7] = (unsigned char) (context->count[0] & 0xFF); |
367 | 30 | bits[6] = (unsigned char) ((context->count[0] >> 8) & 0xFF); |
368 | 30 | bits[5] = (unsigned char) ((context->count[0] >> 16) & 0xFF); |
369 | 30 | bits[4] = (unsigned char) ((context->count[0] >> 24) & 0xFF); |
370 | 30 | bits[3] = (unsigned char) (context->count[1] & 0xFF); |
371 | 30 | bits[2] = (unsigned char) ((context->count[1] >> 8) & 0xFF); |
372 | 30 | bits[1] = (unsigned char) ((context->count[1] >> 16) & 0xFF); |
373 | 30 | bits[0] = (unsigned char) ((context->count[1] >> 24) & 0xFF); |
374 | | |
375 | | /* Pad out to 56 mod 64. |
376 | | */ |
377 | 30 | index = (unsigned int) ((context->count[0] >> 3) & 0x3f); |
378 | 30 | padLen = (index < 56) ? (56 - index) : (120 - index); |
379 | 30 | PHP_SHA256Update(context, PADDING, padLen); |
380 | | |
381 | | /* Append length (before padding) */ |
382 | 30 | PHP_SHA256Update(context, bits, 8); |
383 | | |
384 | | /* Store state in digest */ |
385 | 30 | SHAEncode32(digest, context->state, 32); |
386 | | |
387 | | /* Zeroize sensitive information. |
388 | | */ |
389 | 30 | ZEND_SECURE_ZERO((unsigned char*) context, sizeof(*context)); |
390 | 30 | } |
391 | | /* }}} */ |
392 | | |
393 | | /* sha384/sha512 */ |
394 | | |
395 | | /* Ch */ |
396 | 914k | #define SHA512_F0(x,y,z) (((x) & (y)) ^ ((~(x)) & (z))) |
397 | | /* Maj */ |
398 | 914k | #define SHA512_F1(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) |
399 | | /* SUM0 */ |
400 | 914k | #define SHA512_F2(x) (ROTR64(28, x) ^ ROTR64(34, x) ^ ROTR64(39, x)) |
401 | | /* SUM1 */ |
402 | 914k | #define SHA512_F3(x) (ROTR64(14, x) ^ ROTR64(18, x) ^ ROTR64(41, x)) |
403 | | /* OM0 */ |
404 | 731k | #define SHA512_F4(x) (ROTR64( 1, x) ^ ROTR64( 8, x) ^ SHR(7, x)) |
405 | | /* OM1 */ |
406 | 731k | #define SHA512_F5(x) (ROTR64(19, x) ^ ROTR64(61, x) ^ SHR(6, x)) |
407 | | |
408 | | static const uint64_t SHA512_K[128] = { |
409 | | L64(0x428a2f98d728ae22), L64(0x7137449123ef65cd), L64(0xb5c0fbcfec4d3b2f), L64(0xe9b5dba58189dbbc), |
410 | | L64(0x3956c25bf348b538), L64(0x59f111f1b605d019), L64(0x923f82a4af194f9b), L64(0xab1c5ed5da6d8118), |
411 | | L64(0xd807aa98a3030242), L64(0x12835b0145706fbe), L64(0x243185be4ee4b28c), L64(0x550c7dc3d5ffb4e2), |
412 | | L64(0x72be5d74f27b896f), L64(0x80deb1fe3b1696b1), L64(0x9bdc06a725c71235), L64(0xc19bf174cf692694), |
413 | | L64(0xe49b69c19ef14ad2), L64(0xefbe4786384f25e3), L64(0x0fc19dc68b8cd5b5), L64(0x240ca1cc77ac9c65), |
414 | | L64(0x2de92c6f592b0275), L64(0x4a7484aa6ea6e483), L64(0x5cb0a9dcbd41fbd4), L64(0x76f988da831153b5), |
415 | | L64(0x983e5152ee66dfab), L64(0xa831c66d2db43210), L64(0xb00327c898fb213f), L64(0xbf597fc7beef0ee4), |
416 | | L64(0xc6e00bf33da88fc2), L64(0xd5a79147930aa725), L64(0x06ca6351e003826f), L64(0x142929670a0e6e70), |
417 | | L64(0x27b70a8546d22ffc), L64(0x2e1b21385c26c926), L64(0x4d2c6dfc5ac42aed), L64(0x53380d139d95b3df), |
418 | | L64(0x650a73548baf63de), L64(0x766a0abb3c77b2a8), L64(0x81c2c92e47edaee6), L64(0x92722c851482353b), |
419 | | L64(0xa2bfe8a14cf10364), L64(0xa81a664bbc423001), L64(0xc24b8b70d0f89791), L64(0xc76c51a30654be30), |
420 | | L64(0xd192e819d6ef5218), L64(0xd69906245565a910), L64(0xf40e35855771202a), L64(0x106aa07032bbd1b8), |
421 | | L64(0x19a4c116b8d2d0c8), L64(0x1e376c085141ab53), L64(0x2748774cdf8eeb99), L64(0x34b0bcb5e19b48a8), |
422 | | L64(0x391c0cb3c5c95a63), L64(0x4ed8aa4ae3418acb), L64(0x5b9cca4f7763e373), L64(0x682e6ff3d6b2b8a3), |
423 | | L64(0x748f82ee5defb2fc), L64(0x78a5636f43172f60), L64(0x84c87814a1f0ab72), L64(0x8cc702081a6439ec), |
424 | | L64(0x90befffa23631e28), L64(0xa4506cebde82bde9), L64(0xbef9a3f7b2c67915), L64(0xc67178f2e372532b), |
425 | | L64(0xca273eceea26619c), L64(0xd186b8c721c0c207), L64(0xeada7dd6cde0eb1e), L64(0xf57d4f7fee6ed178), |
426 | | L64(0x06f067aa72176fba), L64(0x0a637dc5a2c898a6), L64(0x113f9804bef90dae), L64(0x1b710b35131c471b), |
427 | | L64(0x28db77f523047d84), L64(0x32caab7b40c72493), L64(0x3c9ebe0a15c9bebc), L64(0x431d67c49c100d4c), |
428 | | L64(0x4cc5d4becb3e42b6), L64(0x597f299cfc657e2a), L64(0x5fcb6fab3ad6faec), L64(0x6c44198c4a475817) }; |
429 | | |
430 | | /* {{{ SHAEncode64 |
431 | | Encodes input (uint64_t) into output (unsigned char). Assumes len is |
432 | | a multiple of 8. |
433 | | */ |
434 | | static void SHAEncode64(unsigned char *output, uint64_t *input, unsigned int len) |
435 | 311 | { |
436 | 311 | unsigned int i, j; |
437 | | |
438 | 2.52k | for (i = 0, j = 0; j < len; i++, j += 8) { |
439 | 2.21k | output[j] = (unsigned char) ((input[i] >> 56) & 0xff); |
440 | 2.21k | output[j + 1] = (unsigned char) ((input[i] >> 48) & 0xff); |
441 | 2.21k | output[j + 2] = (unsigned char) ((input[i] >> 40) & 0xff); |
442 | 2.21k | output[j + 3] = (unsigned char) ((input[i] >> 32) & 0xff); |
443 | 2.21k | output[j + 4] = (unsigned char) ((input[i] >> 24) & 0xff); |
444 | 2.21k | output[j + 5] = (unsigned char) ((input[i] >> 16) & 0xff); |
445 | 2.21k | output[j + 6] = (unsigned char) ((input[i] >> 8) & 0xff); |
446 | 2.21k | output[j + 7] = (unsigned char) (input[i] & 0xff); |
447 | 2.21k | } |
448 | 311 | } |
449 | | /* }}} */ |
450 | | |
451 | | |
452 | | /* {{{ SHADecode64 |
453 | | Decodes input (unsigned char) into output (uint64_t). Assumes len is |
454 | | a multiple of 8. |
455 | | */ |
456 | | static void SHADecode64(uint64_t *output, const unsigned char *input, unsigned int len) |
457 | 11.4k | { |
458 | 11.4k | unsigned int i, j; |
459 | | |
460 | 194k | for (i = 0, j = 0; j < len; i++, j += 8) |
461 | 182k | output[i] = |
462 | 182k | ((uint64_t) input[j + 7]) | (((uint64_t) input[j + 6]) << 8) | |
463 | 182k | (((uint64_t) input[j + 5]) << 16) | (((uint64_t) input[j + 4]) << 24) | |
464 | 182k | (((uint64_t) input[j + 3]) << 32) | (((uint64_t) input[j + 2]) << 40) | |
465 | 182k | (((uint64_t) input[j + 1]) << 48) | (((uint64_t) input[j]) << 56); |
466 | 11.4k | } |
467 | | /* }}} */ |
468 | | |
469 | | /* {{{ PHP_SHA384InitArgs |
470 | | * SHA384 initialization. Begins an SHA384 operation, writing a new context. |
471 | | */ |
472 | | PHP_HASH_API void PHP_SHA384InitArgs(PHP_SHA384_CTX * context, ZEND_ATTRIBUTE_UNUSED HashTable *args) |
473 | 139 | { |
474 | 139 | context->count[0] = context->count[1] = 0; |
475 | | /* Load magic initialization constants. |
476 | | */ |
477 | 139 | context->state[0] = L64(0xcbbb9d5dc1059ed8); |
478 | 139 | context->state[1] = L64(0x629a292a367cd507); |
479 | 139 | context->state[2] = L64(0x9159015a3070dd17); |
480 | 139 | context->state[3] = L64(0x152fecd8f70e5939); |
481 | 139 | context->state[4] = L64(0x67332667ffc00b31); |
482 | 139 | context->state[5] = L64(0x8eb44a8768581511); |
483 | 139 | context->state[6] = L64(0xdb0c2e0d64f98fa7); |
484 | 139 | context->state[7] = L64(0x47b5481dbefa4fa4); |
485 | 139 | } |
486 | | /* }}} */ |
487 | | |
488 | | /* {{{ SHA512Transform |
489 | | * SHA512 basic transformation. Transforms state based on block. |
490 | | * SHA384 uses the exact same algorithm |
491 | | */ |
492 | | static void SHA512Transform(uint64_t state[8], const unsigned char block[128]) |
493 | 11.4k | { |
494 | 11.4k | uint64_t a = state[0], b = state[1], c = state[2], d = state[3]; |
495 | 11.4k | uint64_t e = state[4], f = state[5], g = state[6], h = state[7]; |
496 | 11.4k | uint64_t x[16], T1, T2, W[80]; |
497 | 11.4k | int i; |
498 | | |
499 | 11.4k | SHADecode64(x, block, 128); |
500 | | |
501 | | /* Schedule */ |
502 | 194k | for(i = 0; i < 16; i++) { |
503 | 182k | W[i] = x[i]; |
504 | 182k | } |
505 | 742k | for(i = 16; i < 80; i++) { |
506 | 731k | W[i] = SHA512_F5(W[i-2]) + W[i-7] + SHA512_F4(W[i-15]) + W[i-16]; |
507 | 731k | } |
508 | | |
509 | 925k | for (i = 0; i < 80; i++) { |
510 | 914k | T1 = h + SHA512_F3(e) + SHA512_F0(e,f,g) + SHA512_K[i] + W[i]; |
511 | 914k | T2 = SHA512_F2(a) + SHA512_F1(a,b,c); |
512 | 914k | h = g; g = f; f = e; e = d + T1; |
513 | 914k | d = c; c = b; b = a; a = T1 + T2; |
514 | 914k | } |
515 | | |
516 | 11.4k | state[0] += a; |
517 | 11.4k | state[1] += b; |
518 | 11.4k | state[2] += c; |
519 | 11.4k | state[3] += d; |
520 | 11.4k | state[4] += e; |
521 | 11.4k | state[5] += f; |
522 | 11.4k | state[6] += g; |
523 | 11.4k | state[7] += h; |
524 | | |
525 | | /* Zeroize sensitive information. */ |
526 | 11.4k | ZEND_SECURE_ZERO((unsigned char*) x, sizeof(x)); |
527 | 11.4k | } |
528 | | /* }}} */ |
529 | | |
530 | | /* {{{ PHP_SHA384Update |
531 | | SHA384 block update operation. Continues an SHA384 message-digest |
532 | | operation, processing another message block, and updating the |
533 | | context. |
534 | | */ |
535 | | PHP_HASH_API void PHP_SHA384Update(PHP_SHA384_CTX * context, const unsigned char *input, size_t inputLen) |
536 | 417 | { |
537 | 417 | unsigned int index, partLen; |
538 | 417 | size_t i = 0; |
539 | | |
540 | | /* Compute number of bytes mod 128 */ |
541 | 417 | index = (unsigned int) ((context->count[0] >> 3) & 0x7F); |
542 | | |
543 | | /* Update number of bits */ |
544 | 417 | if ((context->count[0] += ((uint64_t) inputLen << 3)) < ((uint64_t) inputLen << 3)) { |
545 | 9 | context->count[1]++; |
546 | 9 | } |
547 | | /* The cast may seem unnecessary, but on 32-bit this makes sure the result is 0 without invoking undefined behaviour. */ |
548 | 417 | context->count[1] += (uint64_t) inputLen >> 61; |
549 | | |
550 | 417 | partLen = 128 - index; |
551 | | |
552 | | /* Transform as many times as possible. |
553 | | */ |
554 | 417 | if (inputLen >= partLen) { |
555 | 203 | memcpy((unsigned char*) & context->buffer[index], (unsigned char*) input, partLen); |
556 | 203 | SHA512Transform(context->state, context->buffer); |
557 | | |
558 | 410 | for (i = partLen; i + 127 < inputLen; i += 128) { |
559 | 207 | SHA512Transform(context->state, &input[i]); |
560 | 207 | } |
561 | | |
562 | 203 | index = 0; |
563 | 203 | } |
564 | | |
565 | | /* Buffer remaining input */ |
566 | 417 | memcpy((unsigned char*) & context->buffer[index], (unsigned char*) & input[i], inputLen - i); |
567 | 417 | } |
568 | | /* }}} */ |
569 | | |
570 | | /* {{{ PHP_SHA384Final |
571 | | SHA384 finalization. Ends an SHA384 message-digest operation, writing the |
572 | | the message digest and zeroizing the context. |
573 | | */ |
574 | | PHP_HASH_API void PHP_SHA384Final(unsigned char digest[48], PHP_SHA384_CTX * context) |
575 | 139 | { |
576 | 139 | unsigned char bits[16]; |
577 | 139 | unsigned int index, padLen; |
578 | | |
579 | | /* Save number of bits */ |
580 | 139 | bits[15] = (unsigned char) (context->count[0] & 0xFF); |
581 | 139 | bits[14] = (unsigned char) ((context->count[0] >> 8) & 0xFF); |
582 | 139 | bits[13] = (unsigned char) ((context->count[0] >> 16) & 0xFF); |
583 | 139 | bits[12] = (unsigned char) ((context->count[0] >> 24) & 0xFF); |
584 | 139 | bits[11] = (unsigned char) ((context->count[0] >> 32) & 0xFF); |
585 | 139 | bits[10] = (unsigned char) ((context->count[0] >> 40) & 0xFF); |
586 | 139 | bits[9] = (unsigned char) ((context->count[0] >> 48) & 0xFF); |
587 | 139 | bits[8] = (unsigned char) ((context->count[0] >> 56) & 0xFF); |
588 | 139 | bits[7] = (unsigned char) (context->count[1] & 0xFF); |
589 | 139 | bits[6] = (unsigned char) ((context->count[1] >> 8) & 0xFF); |
590 | 139 | bits[5] = (unsigned char) ((context->count[1] >> 16) & 0xFF); |
591 | 139 | bits[4] = (unsigned char) ((context->count[1] >> 24) & 0xFF); |
592 | 139 | bits[3] = (unsigned char) ((context->count[1] >> 32) & 0xFF); |
593 | 139 | bits[2] = (unsigned char) ((context->count[1] >> 40) & 0xFF); |
594 | 139 | bits[1] = (unsigned char) ((context->count[1] >> 48) & 0xFF); |
595 | 139 | bits[0] = (unsigned char) ((context->count[1] >> 56) & 0xFF); |
596 | | |
597 | | /* Pad out to 112 mod 128. |
598 | | */ |
599 | 139 | index = (unsigned int) ((context->count[0] >> 3) & 0x7f); |
600 | 139 | padLen = (index < 112) ? (112 - index) : (240 - index); |
601 | 139 | PHP_SHA384Update(context, PADDING, padLen); |
602 | | |
603 | | /* Append length (before padding) */ |
604 | 139 | PHP_SHA384Update(context, bits, 16); |
605 | | |
606 | | /* Store state in digest */ |
607 | 139 | SHAEncode64(digest, context->state, 48); |
608 | | |
609 | | /* Zeroize sensitive information. |
610 | | */ |
611 | 139 | ZEND_SECURE_ZERO((unsigned char*) context, sizeof(*context)); |
612 | 139 | } |
613 | | /* }}} */ |
614 | | |
615 | | const php_hash_ops php_hash_sha384_ops = { |
616 | | "sha384", |
617 | | (php_hash_init_func_t) PHP_SHA384InitArgs, |
618 | | (php_hash_update_func_t) PHP_SHA384Update, |
619 | | (php_hash_final_func_t) PHP_SHA384Final, |
620 | | php_hash_copy, |
621 | | php_hash_serialize, |
622 | | php_hash_unserialize, |
623 | | PHP_SHA384_SPEC, |
624 | | 48, |
625 | | 128, |
626 | | sizeof(PHP_SHA384_CTX), |
627 | | 1 |
628 | | }; |
629 | | |
630 | | /* {{{ PHP_SHA512InitArgs |
631 | | * SHA512 initialization. Begins an SHA512 operation, writing a new context. |
632 | | */ |
633 | | PHP_HASH_API void PHP_SHA512InitArgs(PHP_SHA512_CTX * context, ZEND_ATTRIBUTE_UNUSED HashTable *args) |
634 | 171 | { |
635 | 171 | context->count[0] = context->count[1] = 0; |
636 | | /* Load magic initialization constants. |
637 | | */ |
638 | 171 | context->state[0] = L64(0x6a09e667f3bcc908); |
639 | 171 | context->state[1] = L64(0xbb67ae8584caa73b); |
640 | 171 | context->state[2] = L64(0x3c6ef372fe94f82b); |
641 | 171 | context->state[3] = L64(0xa54ff53a5f1d36f1); |
642 | 171 | context->state[4] = L64(0x510e527fade682d1); |
643 | 171 | context->state[5] = L64(0x9b05688c2b3e6c1f); |
644 | 171 | context->state[6] = L64(0x1f83d9abfb41bd6b); |
645 | 171 | context->state[7] = L64(0x5be0cd19137e2179); |
646 | 171 | } |
647 | | /* }}} */ |
648 | | |
649 | | /* {{{ PHP_SHA512_256InitArgs |
650 | | * SHA512/245 initialization. Identical algorithm to SHA512, using alternate initval and truncation |
651 | | */ |
652 | | PHP_HASH_API void PHP_SHA512_256InitArgs(PHP_SHA512_CTX * context, ZEND_ATTRIBUTE_UNUSED HashTable *args) |
653 | 1 | { |
654 | 1 | context->count[0] = context->count[1] = 0; |
655 | | |
656 | 1 | context->state[0] = L64(0x22312194FC2BF72C); |
657 | 1 | context->state[1] = L64(0x9F555FA3C84C64C2); |
658 | 1 | context->state[2] = L64(0x2393B86B6F53B151); |
659 | 1 | context->state[3] = L64(0x963877195940EABD); |
660 | 1 | context->state[4] = L64(0x96283EE2A88EFFE3); |
661 | 1 | context->state[5] = L64(0xBE5E1E2553863992); |
662 | 1 | context->state[6] = L64(0x2B0199FC2C85B8AA); |
663 | 1 | context->state[7] = L64(0x0EB72DDC81C52CA2); |
664 | 1 | } |
665 | | /* }}} */ |
666 | | |
667 | | /* {{{ PHP_SHA512_224InitArgs |
668 | | * SHA512/224 initialization. Identical algorithm to SHA512, using alternate initval and truncation |
669 | | */ |
670 | | PHP_HASH_API void PHP_SHA512_224InitArgs(PHP_SHA512_CTX * context, ZEND_ATTRIBUTE_UNUSED HashTable *args) |
671 | 1 | { |
672 | 1 | context->count[0] = context->count[1] = 0; |
673 | | |
674 | 1 | context->state[0] = L64(0x8C3D37C819544DA2); |
675 | 1 | context->state[1] = L64(0x73E1996689DCD4D6); |
676 | 1 | context->state[2] = L64(0x1DFAB7AE32FF9C82); |
677 | 1 | context->state[3] = L64(0x679DD514582F9FCF); |
678 | 1 | context->state[4] = L64(0x0F6D2B697BD44DA8); |
679 | 1 | context->state[5] = L64(0x77E36F7304C48942); |
680 | 1 | context->state[6] = L64(0x3F9D85A86A1D36C8); |
681 | 1 | context->state[7] = L64(0x1112E6AD91D692A1); |
682 | 1 | } |
683 | | /* }}} */ |
684 | | |
685 | | /* {{{ PHP_SHA512Update |
686 | | SHA512 block update operation. Continues an SHA512 message-digest |
687 | | operation, processing another message block, and updating the |
688 | | context. |
689 | | */ |
690 | | PHP_HASH_API void PHP_SHA512Update(PHP_SHA512_CTX * context, const unsigned char *input, size_t inputLen) |
691 | 516 | { |
692 | 516 | unsigned int index, partLen; |
693 | 516 | size_t i; |
694 | | |
695 | | /* Compute number of bytes mod 128 */ |
696 | 516 | index = (unsigned int) ((context->count[0] >> 3) & 0x7F); |
697 | | |
698 | | /* Update number of bits */ |
699 | 516 | if ((context->count[0] += ((uint64_t) inputLen << 3)) < ((uint64_t) inputLen << 3)) { |
700 | 16 | context->count[1]++; |
701 | 16 | } |
702 | | /* The cast may seem unnecessary, but on 32-bit this makes sure the result is 0 without invoking undefined behaviour. */ |
703 | 516 | context->count[1] += (uint64_t) inputLen >> 61; |
704 | | |
705 | 516 | partLen = 128 - index; |
706 | | |
707 | | /* Transform as many times as possible. |
708 | | */ |
709 | 516 | if (inputLen >= partLen) { |
710 | 297 | memcpy((unsigned char*) & context->buffer[index], (unsigned char*) input, partLen); |
711 | 297 | SHA512Transform(context->state, context->buffer); |
712 | | |
713 | 11.0k | for (i = partLen; i + 127 < inputLen; i += 128) { |
714 | 10.7k | SHA512Transform(context->state, &input[i]); |
715 | 10.7k | } |
716 | | |
717 | 297 | index = 0; |
718 | 297 | } else { |
719 | 219 | i = 0; |
720 | 219 | } |
721 | | |
722 | | /* Buffer remaining input */ |
723 | 516 | memcpy((unsigned char*) & context->buffer[index], (unsigned char*) & input[i], inputLen - i); |
724 | 516 | } |
725 | | /* }}} */ |
726 | | |
727 | | /* {{{ PHP_SHA512Final |
728 | | SHA512 finalization. Ends an SHA512 message-digest operation, writing the |
729 | | the message digest and zeroizing the context. |
730 | | */ |
731 | | PHP_HASH_API void PHP_SHA512Final(unsigned char digest[64], PHP_SHA512_CTX * context) |
732 | 172 | { |
733 | 172 | unsigned char bits[16]; |
734 | 172 | unsigned int index, padLen; |
735 | | |
736 | | /* Save number of bits */ |
737 | 172 | bits[15] = (unsigned char) (context->count[0] & 0xFF); |
738 | 172 | bits[14] = (unsigned char) ((context->count[0] >> 8) & 0xFF); |
739 | 172 | bits[13] = (unsigned char) ((context->count[0] >> 16) & 0xFF); |
740 | 172 | bits[12] = (unsigned char) ((context->count[0] >> 24) & 0xFF); |
741 | 172 | bits[11] = (unsigned char) ((context->count[0] >> 32) & 0xFF); |
742 | 172 | bits[10] = (unsigned char) ((context->count[0] >> 40) & 0xFF); |
743 | 172 | bits[9] = (unsigned char) ((context->count[0] >> 48) & 0xFF); |
744 | 172 | bits[8] = (unsigned char) ((context->count[0] >> 56) & 0xFF); |
745 | 172 | bits[7] = (unsigned char) (context->count[1] & 0xFF); |
746 | 172 | bits[6] = (unsigned char) ((context->count[1] >> 8) & 0xFF); |
747 | 172 | bits[5] = (unsigned char) ((context->count[1] >> 16) & 0xFF); |
748 | 172 | bits[4] = (unsigned char) ((context->count[1] >> 24) & 0xFF); |
749 | 172 | bits[3] = (unsigned char) ((context->count[1] >> 32) & 0xFF); |
750 | 172 | bits[2] = (unsigned char) ((context->count[1] >> 40) & 0xFF); |
751 | 172 | bits[1] = (unsigned char) ((context->count[1] >> 48) & 0xFF); |
752 | 172 | bits[0] = (unsigned char) ((context->count[1] >> 56) & 0xFF); |
753 | | |
754 | | /* Pad out to 112 mod 128. |
755 | | */ |
756 | 172 | index = (unsigned int) ((context->count[0] >> 3) & 0x7f); |
757 | 172 | padLen = (index < 112) ? (112 - index) : (240 - index); |
758 | 172 | PHP_SHA512Update(context, PADDING, padLen); |
759 | | |
760 | | /* Append length (before padding) */ |
761 | 172 | PHP_SHA512Update(context, bits, 16); |
762 | | |
763 | | /* Store state in digest */ |
764 | 172 | SHAEncode64(digest, context->state, 64); |
765 | | |
766 | | /* Zeroize sensitive information. |
767 | | */ |
768 | 172 | ZEND_SECURE_ZERO((unsigned char*) context, sizeof(*context)); |
769 | 172 | } |
770 | | /* }}} */ |
771 | | |
772 | | /* {{{ PHP_SHA512_256Final |
773 | | SHA512/256 finalization. Identical to SHA512Final, but with truncation |
774 | | */ |
775 | | PHP_HASH_API void PHP_SHA512_256Final(unsigned char digest[32], PHP_SHA512_CTX * context) |
776 | 1 | { |
777 | 1 | unsigned char full_digest[64]; |
778 | 1 | PHP_SHA512Final(full_digest, context); |
779 | 1 | memcpy(digest, full_digest, 32); |
780 | 1 | } |
781 | | /* }}} */ |
782 | | |
783 | | /* {{{ PHP_SHA512_224Final |
784 | | SHA512/224 finalization. Identical to SHA512Final, but with truncation |
785 | | */ |
786 | | PHP_HASH_API void PHP_SHA512_224Final(unsigned char digest[28], PHP_SHA512_CTX * context) |
787 | 1 | { |
788 | 1 | unsigned char full_digest[64]; |
789 | 1 | PHP_SHA512Final(full_digest, context); |
790 | 1 | memcpy(digest, full_digest, 28); |
791 | 1 | } |
792 | | /* }}} */ |
793 | | |
794 | | const php_hash_ops php_hash_sha512_ops = { |
795 | | "sha512", |
796 | | (php_hash_init_func_t) PHP_SHA512InitArgs, |
797 | | (php_hash_update_func_t) PHP_SHA512Update, |
798 | | (php_hash_final_func_t) PHP_SHA512Final, |
799 | | php_hash_copy, |
800 | | php_hash_serialize, |
801 | | php_hash_unserialize, |
802 | | PHP_SHA512_SPEC, |
803 | | 64, |
804 | | 128, |
805 | | sizeof(PHP_SHA512_CTX), |
806 | | 1 |
807 | | }; |
808 | | |
809 | | const php_hash_ops php_hash_sha512_256_ops = { |
810 | | "sha512/256", |
811 | | (php_hash_init_func_t) PHP_SHA512_256InitArgs, |
812 | | (php_hash_update_func_t) PHP_SHA512_256Update, |
813 | | (php_hash_final_func_t) PHP_SHA512_256Final, |
814 | | php_hash_copy, |
815 | | php_hash_serialize, |
816 | | php_hash_unserialize, |
817 | | PHP_SHA512_SPEC, |
818 | | 32, |
819 | | 128, |
820 | | sizeof(PHP_SHA512_CTX), |
821 | | 1 |
822 | | }; |
823 | | |
824 | | const php_hash_ops php_hash_sha512_224_ops = { |
825 | | "sha512/224", |
826 | | (php_hash_init_func_t) PHP_SHA512_224InitArgs, |
827 | | (php_hash_update_func_t) PHP_SHA512_224Update, |
828 | | (php_hash_final_func_t) PHP_SHA512_224Final, |
829 | | php_hash_copy, |
830 | | php_hash_serialize, |
831 | | php_hash_unserialize, |
832 | | PHP_SHA512_SPEC, |
833 | | 28, |
834 | | 128, |
835 | | sizeof(PHP_SHA512_CTX), |
836 | | 1 |
837 | | }; |