aboutsummaryrefslogtreecommitdiffstats
path: root/lib
diff options
context:
space:
mode:
authorLeo Liu2011-06-21 16:45:39 +0800
committerLeo Liu2011-06-21 16:45:39 +0800
commit3ce9d0d41be2eb2050c73727dac0154109333755 (patch)
tree2c951b040775dfa8826956dc3ebc32eff13f930c /lib
parent327c8fb10ae31b2733e94333e04d1a30fcc2c0f2 (diff)
downloademacs-3ce9d0d41be2eb2050c73727dac0154109333755.tar.gz
emacs-3ce9d0d41be2eb2050c73727dac0154109333755.zip
Add crypto/sha256 and crypto/sha512 modules from gnulib
Diffstat (limited to 'lib')
-rw-r--r--lib/gnulib.mk25
-rw-r--r--lib/makefile.w32-in20
-rw-r--r--lib/sha256.c569
-rw-r--r--lib/sha256.h91
-rw-r--r--lib/sha512.c619
-rw-r--r--lib/sha512.h95
-rw-r--r--lib/u64.h158
7 files changed, 1576 insertions, 1 deletions
diff --git a/lib/gnulib.mk b/lib/gnulib.mk
index 284d273b266..5987138fafb 100644
--- a/lib/gnulib.mk
+++ b/lib/gnulib.mk
@@ -9,7 +9,7 @@
9# the same distribution terms as the rest of that program. 9# the same distribution terms as the rest of that program.
10# 10#
11# Generated by gnulib-tool. 11# Generated by gnulib-tool.
12# Reproduce by: gnulib-tool --import --dir=. --lib=libgnu --source-base=lib --m4-base=m4 --doc-base=doc --tests-base=tests --aux-dir=. --makefile-name=gnulib.mk --conditional-dependencies --no-libtool --macro-prefix=gl --no-vc-files careadlinkat crypto/md5 crypto/sha1 dtoastr filemode getloadavg getopt-gnu ignore-value intprops lstat mktime readlink socklen stdarg stdio strftime strtoumax symlink sys_stat 12# Reproduce by: gnulib-tool --import --dir=. --lib=libgnu --source-base=lib --m4-base=m4 --doc-base=doc --tests-base=tests --aux-dir=. --makefile-name=gnulib.mk --conditional-dependencies --no-libtool --macro-prefix=gl --no-vc-files careadlinkat crypto/md5 crypto/sha1 crypto/sha256 crypto/sha512 dtoastr filemode getloadavg getopt-gnu ignore-value intprops lstat mktime readlink socklen stdarg stdio strftime strtoumax symlink sys_stat
13 13
14 14
15MOSTLYCLEANFILES += core *.stackdump 15MOSTLYCLEANFILES += core *.stackdump
@@ -101,6 +101,22 @@ EXTRA_DIST += sha1.h
101 101
102## end gnulib module crypto/sha1 102## end gnulib module crypto/sha1
103 103
104## begin gnulib module crypto/sha256
105
106libgnu_a_SOURCES += sha256.c
107
108EXTRA_DIST += sha256.h
109
110## end gnulib module crypto/sha256
111
112## begin gnulib module crypto/sha512
113
114libgnu_a_SOURCES += sha512.c
115
116EXTRA_DIST += sha512.h
117
118## end gnulib module crypto/sha512
119
104## begin gnulib module dosname 120## begin gnulib module dosname
105 121
106if gl_GNULIB_ENABLED_dosname 122if gl_GNULIB_ENABLED_dosname
@@ -759,6 +775,13 @@ EXTRA_libgnu_a_SOURCES += time_r.c
759 775
760## end gnulib module time_r 776## end gnulib module time_r
761 777
778## begin gnulib module u64
779
780
781EXTRA_DIST += u64.h
782
783## end gnulib module u64
784
762## begin gnulib module unistd 785## begin gnulib module unistd
763 786
764BUILT_SOURCES += unistd.h 787BUILT_SOURCES += unistd.h
diff --git a/lib/makefile.w32-in b/lib/makefile.w32-in
index 1f543f1bc21..df7f8e274f0 100644
--- a/lib/makefile.w32-in
+++ b/lib/makefile.w32-in
@@ -30,6 +30,8 @@ GNULIBOBJS = $(BLD)/dtoastr.$(O) \
30 $(BLD)/time_r.$(O) \ 30 $(BLD)/time_r.$(O) \
31 $(BLD)/md5.$(O) \ 31 $(BLD)/md5.$(O) \
32 $(BLD)/sha1.$(O) \ 32 $(BLD)/sha1.$(O) \
33 $(BLD)/sha256.$(O) \
34 $(BLD)/sha512.$(O) \
33 $(BLD)/filemode.$(O) 35 $(BLD)/filemode.$(O)
34 36
35# 37#
@@ -120,6 +122,24 @@ $(BLD)/sha1.$(O) : \
120 $(EMACS_ROOT)/src/m/intel386.h \ 122 $(EMACS_ROOT)/src/m/intel386.h \
121 $(EMACS_ROOT)/src/config.h 123 $(EMACS_ROOT)/src/config.h
122 124
125$(BLD)/sha256.$(O) : \
126 $(SRC)/sha256.c \
127 $(SRC)/sha256.h \
128 $(EMACS_ROOT)/nt/inc/stdint.h \
129 $(EMACS_ROOT)/nt/inc/sys/stat.h \
130 $(EMACS_ROOT)/src/s/ms-w32.h \
131 $(EMACS_ROOT)/src/m/intel386.h \
132 $(EMACS_ROOT)/src/config.h
133
134$(BLD)/sha512.$(O) : \
135 $(SRC)/sha512.c \
136 $(SRC)/sha512.h \
137 $(EMACS_ROOT)/nt/inc/stdint.h \
138 $(EMACS_ROOT)/nt/inc/sys/stat.h \
139 $(EMACS_ROOT)/src/s/ms-w32.h \
140 $(EMACS_ROOT)/src/m/intel386.h \
141 $(EMACS_ROOT)/src/config.h
142
123$(BLD)/filemode.$(O) : \ 143$(BLD)/filemode.$(O) : \
124 $(SRC)/filemode.c \ 144 $(SRC)/filemode.c \
125 $(SRC)/filemode.h \ 145 $(SRC)/filemode.h \
diff --git a/lib/sha256.c b/lib/sha256.c
new file mode 100644
index 00000000000..c125542248b
--- /dev/null
+++ b/lib/sha256.c
@@ -0,0 +1,569 @@
1/* sha256.c - Functions to compute SHA256 and SHA224 message digest of files or
2 memory blocks according to the NIST specification FIPS-180-2.
3
4 Copyright (C) 2005-2006, 2008-2011 Free Software Foundation, Inc.
5
6 This program is free software: you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation, either version 3 of the License, or
9 (at your option) any later version.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>. */
18
19/* Written by David Madore, considerably copypasting from
20 Scott G. Miller's sha1.c
21*/
22
23#include <config.h>
24
25#include "sha256.h"
26
27#include <stddef.h>
28#include <stdlib.h>
29#include <string.h>
30
31#if USE_UNLOCKED_IO
32# include "unlocked-io.h"
33#endif
34
35#ifdef WORDS_BIGENDIAN
36# define SWAP(n) (n)
37#else
38# define SWAP(n) \
39 (((n) << 24) | (((n) & 0xff00) << 8) | (((n) >> 8) & 0xff00) | ((n) >> 24))
40#endif
41
42#define BLOCKSIZE 32768
43#if BLOCKSIZE % 64 != 0
44# error "invalid BLOCKSIZE"
45#endif
46
47/* This array contains the bytes used to pad the buffer to the next
48 64-byte boundary. */
49static const unsigned char fillbuf[64] = { 0x80, 0 /* , 0, 0, ... */ };
50
51
52/*
53 Takes a pointer to a 256 bit block of data (eight 32 bit ints) and
54 intializes it to the start constants of the SHA256 algorithm. This
55 must be called before using hash in the call to sha256_hash
56*/
57void
58sha256_init_ctx (struct sha256_ctx *ctx)
59{
60 ctx->state[0] = 0x6a09e667UL;
61 ctx->state[1] = 0xbb67ae85UL;
62 ctx->state[2] = 0x3c6ef372UL;
63 ctx->state[3] = 0xa54ff53aUL;
64 ctx->state[4] = 0x510e527fUL;
65 ctx->state[5] = 0x9b05688cUL;
66 ctx->state[6] = 0x1f83d9abUL;
67 ctx->state[7] = 0x5be0cd19UL;
68
69 ctx->total[0] = ctx->total[1] = 0;
70 ctx->buflen = 0;
71}
72
73void
74sha224_init_ctx (struct sha256_ctx *ctx)
75{
76 ctx->state[0] = 0xc1059ed8UL;
77 ctx->state[1] = 0x367cd507UL;
78 ctx->state[2] = 0x3070dd17UL;
79 ctx->state[3] = 0xf70e5939UL;
80 ctx->state[4] = 0xffc00b31UL;
81 ctx->state[5] = 0x68581511UL;
82 ctx->state[6] = 0x64f98fa7UL;
83 ctx->state[7] = 0xbefa4fa4UL;
84
85 ctx->total[0] = ctx->total[1] = 0;
86 ctx->buflen = 0;
87}
88
89/* Copy the value from v into the memory location pointed to by *cp,
90 If your architecture allows unaligned access this is equivalent to
91 * (uint32_t *) cp = v */
92static inline void
93set_uint32 (char *cp, uint32_t v)
94{
95 memcpy (cp, &v, sizeof v);
96}
97
98/* Put result from CTX in first 32 bytes following RESBUF. The result
99 must be in little endian byte order. */
100void *
101sha256_read_ctx (const struct sha256_ctx *ctx, void *resbuf)
102{
103 int i;
104 char *r = resbuf;
105
106 for (i = 0; i < 8; i++)
107 set_uint32 (r + i * sizeof ctx->state[0], SWAP (ctx->state[i]));
108
109 return resbuf;
110}
111
112void *
113sha224_read_ctx (const struct sha256_ctx *ctx, void *resbuf)
114{
115 int i;
116 char *r = resbuf;
117
118 for (i = 0; i < 7; i++)
119 set_uint32 (r + i * sizeof ctx->state[0], SWAP (ctx->state[i]));
120
121 return resbuf;
122}
123
124/* Process the remaining bytes in the internal buffer and the usual
125 prolog according to the standard and write the result to RESBUF. */
126static void
127sha256_conclude_ctx (struct sha256_ctx *ctx)
128{
129 /* Take yet unprocessed bytes into account. */
130 size_t bytes = ctx->buflen;
131 size_t size = (bytes < 56) ? 64 / 4 : 64 * 2 / 4;
132
133 /* Now count remaining bytes. */
134 ctx->total[0] += bytes;
135 if (ctx->total[0] < bytes)
136 ++ctx->total[1];
137
138 /* Put the 64-bit file length in *bits* at the end of the buffer.
139 Use set_uint32 rather than a simple assignment, to avoid risk of
140 unaligned access. */
141 set_uint32 ((char *) &ctx->buffer[size - 2],
142 SWAP ((ctx->total[1] << 3) | (ctx->total[0] >> 29)));
143 set_uint32 ((char *) &ctx->buffer[size - 1],
144 SWAP (ctx->total[0] << 3));
145
146 memcpy (&((char *) ctx->buffer)[bytes], fillbuf, (size - 2) * 4 - bytes);
147
148 /* Process last bytes. */
149 sha256_process_block (ctx->buffer, size * 4, ctx);
150}
151
152void *
153sha256_finish_ctx (struct sha256_ctx *ctx, void *resbuf)
154{
155 sha256_conclude_ctx (ctx);
156 return sha256_read_ctx (ctx, resbuf);
157}
158
159void *
160sha224_finish_ctx (struct sha256_ctx *ctx, void *resbuf)
161{
162 sha256_conclude_ctx (ctx);
163 return sha224_read_ctx (ctx, resbuf);
164}
165
166/* Compute SHA256 message digest for bytes read from STREAM. The
167 resulting message digest number will be written into the 32 bytes
168 beginning at RESBLOCK. */
169int
170sha256_stream (FILE *stream, void *resblock)
171{
172 struct sha256_ctx ctx;
173 size_t sum;
174
175 char *buffer = malloc (BLOCKSIZE + 72);
176 if (!buffer)
177 return 1;
178
179 /* Initialize the computation context. */
180 sha256_init_ctx (&ctx);
181
182 /* Iterate over full file contents. */
183 while (1)
184 {
185 /* We read the file in blocks of BLOCKSIZE bytes. One call of the
186 computation function processes the whole buffer so that with the
187 next round of the loop another block can be read. */
188 size_t n;
189 sum = 0;
190
191 /* Read block. Take care for partial reads. */
192 while (1)
193 {
194 n = fread (buffer + sum, 1, BLOCKSIZE - sum, stream);
195
196 sum += n;
197
198 if (sum == BLOCKSIZE)
199 break;
200
201 if (n == 0)
202 {
203 /* Check for the error flag IFF N == 0, so that we don't
204 exit the loop after a partial read due to e.g., EAGAIN
205 or EWOULDBLOCK. */
206 if (ferror (stream))
207 {
208 free (buffer);
209 return 1;
210 }
211 goto process_partial_block;
212 }
213
214 /* We've read at least one byte, so ignore errors. But always
215 check for EOF, since feof may be true even though N > 0.
216 Otherwise, we could end up calling fread after EOF. */
217 if (feof (stream))
218 goto process_partial_block;
219 }
220
221 /* Process buffer with BLOCKSIZE bytes. Note that
222 BLOCKSIZE % 64 == 0
223 */
224 sha256_process_block (buffer, BLOCKSIZE, &ctx);
225 }
226
227 process_partial_block:;
228
229 /* Process any remaining bytes. */
230 if (sum > 0)
231 sha256_process_bytes (buffer, sum, &ctx);
232
233 /* Construct result in desired memory. */
234 sha256_finish_ctx (&ctx, resblock);
235 free (buffer);
236 return 0;
237}
238
239/* FIXME: Avoid code duplication */
240int
241sha224_stream (FILE *stream, void *resblock)
242{
243 struct sha256_ctx ctx;
244 size_t sum;
245
246 char *buffer = malloc (BLOCKSIZE + 72);
247 if (!buffer)
248 return 1;
249
250 /* Initialize the computation context. */
251 sha224_init_ctx (&ctx);
252
253 /* Iterate over full file contents. */
254 while (1)
255 {
256 /* We read the file in blocks of BLOCKSIZE bytes. One call of the
257 computation function processes the whole buffer so that with the
258 next round of the loop another block can be read. */
259 size_t n;
260 sum = 0;
261
262 /* Read block. Take care for partial reads. */
263 while (1)
264 {
265 n = fread (buffer + sum, 1, BLOCKSIZE - sum, stream);
266
267 sum += n;
268
269 if (sum == BLOCKSIZE)
270 break;
271
272 if (n == 0)
273 {
274 /* Check for the error flag IFF N == 0, so that we don't
275 exit the loop after a partial read due to e.g., EAGAIN
276 or EWOULDBLOCK. */
277 if (ferror (stream))
278 {
279 free (buffer);
280 return 1;
281 }
282 goto process_partial_block;
283 }
284
285 /* We've read at least one byte, so ignore errors. But always
286 check for EOF, since feof may be true even though N > 0.
287 Otherwise, we could end up calling fread after EOF. */
288 if (feof (stream))
289 goto process_partial_block;
290 }
291
292 /* Process buffer with BLOCKSIZE bytes. Note that
293 BLOCKSIZE % 64 == 0
294 */
295 sha256_process_block (buffer, BLOCKSIZE, &ctx);
296 }
297
298 process_partial_block:;
299
300 /* Process any remaining bytes. */
301 if (sum > 0)
302 sha256_process_bytes (buffer, sum, &ctx);
303
304 /* Construct result in desired memory. */
305 sha224_finish_ctx (&ctx, resblock);
306 free (buffer);
307 return 0;
308}
309
310/* Compute SHA512 message digest for LEN bytes beginning at BUFFER. The
311 result is always in little endian byte order, so that a byte-wise
312 output yields to the wanted ASCII representation of the message
313 digest. */
314void *
315sha256_buffer (const char *buffer, size_t len, void *resblock)
316{
317 struct sha256_ctx ctx;
318
319 /* Initialize the computation context. */
320 sha256_init_ctx (&ctx);
321
322 /* Process whole buffer but last len % 64 bytes. */
323 sha256_process_bytes (buffer, len, &ctx);
324
325 /* Put result in desired memory area. */
326 return sha256_finish_ctx (&ctx, resblock);
327}
328
329void *
330sha224_buffer (const char *buffer, size_t len, void *resblock)
331{
332 struct sha256_ctx ctx;
333
334 /* Initialize the computation context. */
335 sha224_init_ctx (&ctx);
336
337 /* Process whole buffer but last len % 64 bytes. */
338 sha256_process_bytes (buffer, len, &ctx);
339
340 /* Put result in desired memory area. */
341 return sha224_finish_ctx (&ctx, resblock);
342}
343
344void
345sha256_process_bytes (const void *buffer, size_t len, struct sha256_ctx *ctx)
346{
347 /* When we already have some bits in our internal buffer concatenate
348 both inputs first. */
349 if (ctx->buflen != 0)
350 {
351 size_t left_over = ctx->buflen;
352 size_t add = 128 - left_over > len ? len : 128 - left_over;
353
354 memcpy (&((char *) ctx->buffer)[left_over], buffer, add);
355 ctx->buflen += add;
356
357 if (ctx->buflen > 64)
358 {
359 sha256_process_block (ctx->buffer, ctx->buflen & ~63, ctx);
360
361 ctx->buflen &= 63;
362 /* The regions in the following copy operation cannot overlap. */
363 memcpy (ctx->buffer,
364 &((char *) ctx->buffer)[(left_over + add) & ~63],
365 ctx->buflen);
366 }
367
368 buffer = (const char *) buffer + add;
369 len -= add;
370 }
371
372 /* Process available complete blocks. */
373 if (len >= 64)
374 {
375#if !_STRING_ARCH_unaligned
376# define alignof(type) offsetof (struct { char c; type x; }, x)
377# define UNALIGNED_P(p) (((size_t) p) % alignof (uint32_t) != 0)
378 if (UNALIGNED_P (buffer))
379 while (len > 64)
380 {
381 sha256_process_block (memcpy (ctx->buffer, buffer, 64), 64, ctx);
382 buffer = (const char *) buffer + 64;
383 len -= 64;
384 }
385 else
386#endif
387 {
388 sha256_process_block (buffer, len & ~63, ctx);
389 buffer = (const char *) buffer + (len & ~63);
390 len &= 63;
391 }
392 }
393
394 /* Move remaining bytes in internal buffer. */
395 if (len > 0)
396 {
397 size_t left_over = ctx->buflen;
398
399 memcpy (&((char *) ctx->buffer)[left_over], buffer, len);
400 left_over += len;
401 if (left_over >= 64)
402 {
403 sha256_process_block (ctx->buffer, 64, ctx);
404 left_over -= 64;
405 memcpy (ctx->buffer, &ctx->buffer[16], left_over);
406 }
407 ctx->buflen = left_over;
408 }
409}
410
411/* --- Code below is the primary difference between sha1.c and sha256.c --- */
412
413/* SHA256 round constants */
414#define K(I) sha256_round_constants[I]
415static const uint32_t sha256_round_constants[64] = {
416 0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL,
417 0x3956c25bUL, 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL,
418 0xd807aa98UL, 0x12835b01UL, 0x243185beUL, 0x550c7dc3UL,
419 0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL, 0xc19bf174UL,
420 0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL,
421 0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL,
422 0x983e5152UL, 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL,
423 0xc6e00bf3UL, 0xd5a79147UL, 0x06ca6351UL, 0x14292967UL,
424 0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL, 0x53380d13UL,
425 0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL,
426 0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL,
427 0xd192e819UL, 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL,
428 0x19a4c116UL, 0x1e376c08UL, 0x2748774cUL, 0x34b0bcb5UL,
429 0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL, 0x682e6ff3UL,
430 0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL,
431 0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL,
432};
433
434/* Round functions. */
435#define F2(A,B,C) ( ( A & B ) | ( C & ( A | B ) ) )
436#define F1(E,F,G) ( G ^ ( E & ( F ^ G ) ) )
437
438/* Process LEN bytes of BUFFER, accumulating context into CTX.
439 It is assumed that LEN % 64 == 0.
440 Most of this code comes from GnuPG's cipher/sha1.c. */
441
442void
443sha256_process_block (const void *buffer, size_t len, struct sha256_ctx *ctx)
444{
445 const uint32_t *words = buffer;
446 size_t nwords = len / sizeof (uint32_t);
447 const uint32_t *endp = words + nwords;
448 uint32_t x[16];
449 uint32_t a = ctx->state[0];
450 uint32_t b = ctx->state[1];
451 uint32_t c = ctx->state[2];
452 uint32_t d = ctx->state[3];
453 uint32_t e = ctx->state[4];
454 uint32_t f = ctx->state[5];
455 uint32_t g = ctx->state[6];
456 uint32_t h = ctx->state[7];
457
458 /* First increment the byte count. FIPS PUB 180-2 specifies the possible
459 length of the file up to 2^64 bits. Here we only compute the
460 number of bytes. Do a double word increment. */
461 ctx->total[0] += len;
462 if (ctx->total[0] < len)
463 ++ctx->total[1];
464
465#define rol(x, n) (((x) << (n)) | ((x) >> (32 - (n))))
466#define S0(x) (rol(x,25)^rol(x,14)^(x>>3))
467#define S1(x) (rol(x,15)^rol(x,13)^(x>>10))
468#define SS0(x) (rol(x,30)^rol(x,19)^rol(x,10))
469#define SS1(x) (rol(x,26)^rol(x,21)^rol(x,7))
470
471#define M(I) ( tm = S1(x[(I-2)&0x0f]) + x[(I-7)&0x0f] \
472 + S0(x[(I-15)&0x0f]) + x[I&0x0f] \
473 , x[I&0x0f] = tm )
474
475#define R(A,B,C,D,E,F,G,H,K,M) do { t0 = SS0(A) + F2(A,B,C); \
476 t1 = H + SS1(E) \
477 + F1(E,F,G) \
478 + K \
479 + M; \
480 D += t1; H = t0 + t1; \
481 } while(0)
482
483 while (words < endp)
484 {
485 uint32_t tm;
486 uint32_t t0, t1;
487 int t;
488 /* FIXME: see sha1.c for a better implementation. */
489 for (t = 0; t < 16; t++)
490 {
491 x[t] = SWAP (*words);
492 words++;
493 }
494
495 R( a, b, c, d, e, f, g, h, K( 0), x[ 0] );
496 R( h, a, b, c, d, e, f, g, K( 1), x[ 1] );
497 R( g, h, a, b, c, d, e, f, K( 2), x[ 2] );
498 R( f, g, h, a, b, c, d, e, K( 3), x[ 3] );
499 R( e, f, g, h, a, b, c, d, K( 4), x[ 4] );
500 R( d, e, f, g, h, a, b, c, K( 5), x[ 5] );
501 R( c, d, e, f, g, h, a, b, K( 6), x[ 6] );
502 R( b, c, d, e, f, g, h, a, K( 7), x[ 7] );
503 R( a, b, c, d, e, f, g, h, K( 8), x[ 8] );
504 R( h, a, b, c, d, e, f, g, K( 9), x[ 9] );
505 R( g, h, a, b, c, d, e, f, K(10), x[10] );
506 R( f, g, h, a, b, c, d, e, K(11), x[11] );
507 R( e, f, g, h, a, b, c, d, K(12), x[12] );
508 R( d, e, f, g, h, a, b, c, K(13), x[13] );
509 R( c, d, e, f, g, h, a, b, K(14), x[14] );
510 R( b, c, d, e, f, g, h, a, K(15), x[15] );
511 R( a, b, c, d, e, f, g, h, K(16), M(16) );
512 R( h, a, b, c, d, e, f, g, K(17), M(17) );
513 R( g, h, a, b, c, d, e, f, K(18), M(18) );
514 R( f, g, h, a, b, c, d, e, K(19), M(19) );
515 R( e, f, g, h, a, b, c, d, K(20), M(20) );
516 R( d, e, f, g, h, a, b, c, K(21), M(21) );
517 R( c, d, e, f, g, h, a, b, K(22), M(22) );
518 R( b, c, d, e, f, g, h, a, K(23), M(23) );
519 R( a, b, c, d, e, f, g, h, K(24), M(24) );
520 R( h, a, b, c, d, e, f, g, K(25), M(25) );
521 R( g, h, a, b, c, d, e, f, K(26), M(26) );
522 R( f, g, h, a, b, c, d, e, K(27), M(27) );
523 R( e, f, g, h, a, b, c, d, K(28), M(28) );
524 R( d, e, f, g, h, a, b, c, K(29), M(29) );
525 R( c, d, e, f, g, h, a, b, K(30), M(30) );
526 R( b, c, d, e, f, g, h, a, K(31), M(31) );
527 R( a, b, c, d, e, f, g, h, K(32), M(32) );
528 R( h, a, b, c, d, e, f, g, K(33), M(33) );
529 R( g, h, a, b, c, d, e, f, K(34), M(34) );
530 R( f, g, h, a, b, c, d, e, K(35), M(35) );
531 R( e, f, g, h, a, b, c, d, K(36), M(36) );
532 R( d, e, f, g, h, a, b, c, K(37), M(37) );
533 R( c, d, e, f, g, h, a, b, K(38), M(38) );
534 R( b, c, d, e, f, g, h, a, K(39), M(39) );
535 R( a, b, c, d, e, f, g, h, K(40), M(40) );
536 R( h, a, b, c, d, e, f, g, K(41), M(41) );
537 R( g, h, a, b, c, d, e, f, K(42), M(42) );
538 R( f, g, h, a, b, c, d, e, K(43), M(43) );
539 R( e, f, g, h, a, b, c, d, K(44), M(44) );
540 R( d, e, f, g, h, a, b, c, K(45), M(45) );
541 R( c, d, e, f, g, h, a, b, K(46), M(46) );
542 R( b, c, d, e, f, g, h, a, K(47), M(47) );
543 R( a, b, c, d, e, f, g, h, K(48), M(48) );
544 R( h, a, b, c, d, e, f, g, K(49), M(49) );
545 R( g, h, a, b, c, d, e, f, K(50), M(50) );
546 R( f, g, h, a, b, c, d, e, K(51), M(51) );
547 R( e, f, g, h, a, b, c, d, K(52), M(52) );
548 R( d, e, f, g, h, a, b, c, K(53), M(53) );
549 R( c, d, e, f, g, h, a, b, K(54), M(54) );
550 R( b, c, d, e, f, g, h, a, K(55), M(55) );
551 R( a, b, c, d, e, f, g, h, K(56), M(56) );
552 R( h, a, b, c, d, e, f, g, K(57), M(57) );
553 R( g, h, a, b, c, d, e, f, K(58), M(58) );
554 R( f, g, h, a, b, c, d, e, K(59), M(59) );
555 R( e, f, g, h, a, b, c, d, K(60), M(60) );
556 R( d, e, f, g, h, a, b, c, K(61), M(61) );
557 R( c, d, e, f, g, h, a, b, K(62), M(62) );
558 R( b, c, d, e, f, g, h, a, K(63), M(63) );
559
560 a = ctx->state[0] += a;
561 b = ctx->state[1] += b;
562 c = ctx->state[2] += c;
563 d = ctx->state[3] += d;
564 e = ctx->state[4] += e;
565 f = ctx->state[5] += f;
566 g = ctx->state[6] += g;
567 h = ctx->state[7] += h;
568 }
569}
diff --git a/lib/sha256.h b/lib/sha256.h
new file mode 100644
index 00000000000..9f6bf14bf0c
--- /dev/null
+++ b/lib/sha256.h
@@ -0,0 +1,91 @@
1/* Declarations of functions and data types used for SHA256 and SHA224 sum
2 library functions.
3 Copyright (C) 2005-2006, 2008-2011 Free Software Foundation, Inc.
4
5 This program is free software: you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation, either version 3 of the License, or
8 (at your option) any later version.
9
10 This program is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 GNU General Public License for more details.
14
15 You should have received a copy of the GNU General Public License
16 along with this program. If not, see <http://www.gnu.org/licenses/>. */
17
18#ifndef SHA256_H
19# define SHA256_H 1
20
21# include <stdio.h>
22# include <stdint.h>
23
24# ifdef __cplusplus
25extern "C" {
26# endif
27
28/* Structure to save state of computation between the single steps. */
29struct sha256_ctx
30{
31 uint32_t state[8];
32
33 uint32_t total[2];
34 size_t buflen;
35 uint32_t buffer[32];
36};
37
38enum { SHA224_DIGEST_SIZE = 224 / 8 };
39enum { SHA256_DIGEST_SIZE = 256 / 8 };
40
41/* Initialize structure containing state of computation. */
42extern void sha256_init_ctx (struct sha256_ctx *ctx);
43extern void sha224_init_ctx (struct sha256_ctx *ctx);
44
45/* Starting with the result of former calls of this function (or the
46 initialization function update the context for the next LEN bytes
47 starting at BUFFER.
48 It is necessary that LEN is a multiple of 64!!! */
49extern void sha256_process_block (const void *buffer, size_t len,
50 struct sha256_ctx *ctx);
51
52/* Starting with the result of former calls of this function (or the
53 initialization function update the context for the next LEN bytes
54 starting at BUFFER.
55 It is NOT required that LEN is a multiple of 64. */
56extern void sha256_process_bytes (const void *buffer, size_t len,
57 struct sha256_ctx *ctx);
58
59/* Process the remaining bytes in the buffer and put result from CTX
60 in first 32 (28) bytes following RESBUF. The result is always in little
61 endian byte order, so that a byte-wise output yields to the wanted
62 ASCII representation of the message digest. */
63extern void *sha256_finish_ctx (struct sha256_ctx *ctx, void *resbuf);
64extern void *sha224_finish_ctx (struct sha256_ctx *ctx, void *resbuf);
65
66
67/* Put result from CTX in first 32 (28) bytes following RESBUF. The result is
68 always in little endian byte order, so that a byte-wise output yields
69 to the wanted ASCII representation of the message digest. */
70extern void *sha256_read_ctx (const struct sha256_ctx *ctx, void *resbuf);
71extern void *sha224_read_ctx (const struct sha256_ctx *ctx, void *resbuf);
72
73
74/* Compute SHA256 (SHA224) message digest for bytes read from STREAM. The
75 resulting message digest number will be written into the 32 (28) bytes
76 beginning at RESBLOCK. */
77extern int sha256_stream (FILE *stream, void *resblock);
78extern int sha224_stream (FILE *stream, void *resblock);
79
80/* Compute SHA256 (SHA224) message digest for LEN bytes beginning at BUFFER. The
81 result is always in little endian byte order, so that a byte-wise
82 output yields to the wanted ASCII representation of the message
83 digest. */
84extern void *sha256_buffer (const char *buffer, size_t len, void *resblock);
85extern void *sha224_buffer (const char *buffer, size_t len, void *resblock);
86
87# ifdef __cplusplus
88}
89# endif
90
91#endif
diff --git a/lib/sha512.c b/lib/sha512.c
new file mode 100644
index 00000000000..c0bed95758f
--- /dev/null
+++ b/lib/sha512.c
@@ -0,0 +1,619 @@
1/* sha512.c - Functions to compute SHA512 and SHA384 message digest of files or
2 memory blocks according to the NIST specification FIPS-180-2.
3
4 Copyright (C) 2005-2006, 2008-2011 Free Software Foundation, Inc.
5
6 This program is free software: you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation, either version 3 of the License, or
9 (at your option) any later version.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>. */
18
19/* Written by David Madore, considerably copypasting from
20 Scott G. Miller's sha1.c
21*/
22
23#include <config.h>
24
25#include "sha512.h"
26
27#include <stddef.h>
28#include <stdlib.h>
29#include <string.h>
30
31#if USE_UNLOCKED_IO
32# include "unlocked-io.h"
33#endif
34
35#ifdef WORDS_BIGENDIAN
36# define SWAP(n) (n)
37#else
38# define SWAP(n) \
39 u64or (u64or (u64or (u64shl (n, 56), \
40 u64shl (u64and (n, u64lo (0x0000ff00)), 40)), \
41 u64or (u64shl (u64and (n, u64lo (0x00ff0000)), 24), \
42 u64shl (u64and (n, u64lo (0xff000000)), 8))), \
43 u64or (u64or (u64and (u64shr (n, 8), u64lo (0xff000000)), \
44 u64and (u64shr (n, 24), u64lo (0x00ff0000))), \
45 u64or (u64and (u64shr (n, 40), u64lo (0x0000ff00)), \
46 u64shr (n, 56))))
47#endif
48
49#define BLOCKSIZE 32768
50#if BLOCKSIZE % 128 != 0
51# error "invalid BLOCKSIZE"
52#endif
53
54/* This array contains the bytes used to pad the buffer to the next
55 128-byte boundary. */
56static const unsigned char fillbuf[128] = { 0x80, 0 /* , 0, 0, ... */ };
57
58
59/*
60 Takes a pointer to a 512 bit block of data (eight 64 bit ints) and
61 intializes it to the start constants of the SHA512 algorithm. This
62 must be called before using hash in the call to sha512_hash
63*/
64void
65sha512_init_ctx (struct sha512_ctx *ctx)
66{
67 ctx->state[0] = u64hilo (0x6a09e667, 0xf3bcc908);
68 ctx->state[1] = u64hilo (0xbb67ae85, 0x84caa73b);
69 ctx->state[2] = u64hilo (0x3c6ef372, 0xfe94f82b);
70 ctx->state[3] = u64hilo (0xa54ff53a, 0x5f1d36f1);
71 ctx->state[4] = u64hilo (0x510e527f, 0xade682d1);
72 ctx->state[5] = u64hilo (0x9b05688c, 0x2b3e6c1f);
73 ctx->state[6] = u64hilo (0x1f83d9ab, 0xfb41bd6b);
74 ctx->state[7] = u64hilo (0x5be0cd19, 0x137e2179);
75
76 ctx->total[0] = ctx->total[1] = u64lo (0);
77 ctx->buflen = 0;
78}
79
80void
81sha384_init_ctx (struct sha512_ctx *ctx)
82{
83 ctx->state[0] = u64hilo (0xcbbb9d5d, 0xc1059ed8);
84 ctx->state[1] = u64hilo (0x629a292a, 0x367cd507);
85 ctx->state[2] = u64hilo (0x9159015a, 0x3070dd17);
86 ctx->state[3] = u64hilo (0x152fecd8, 0xf70e5939);
87 ctx->state[4] = u64hilo (0x67332667, 0xffc00b31);
88 ctx->state[5] = u64hilo (0x8eb44a87, 0x68581511);
89 ctx->state[6] = u64hilo (0xdb0c2e0d, 0x64f98fa7);
90 ctx->state[7] = u64hilo (0x47b5481d, 0xbefa4fa4);
91
92 ctx->total[0] = ctx->total[1] = u64lo (0);
93 ctx->buflen = 0;
94}
95
96/* Copy the value from V into the memory location pointed to by *CP,
97 If your architecture allows unaligned access, this is equivalent to
98 * (__typeof__ (v) *) cp = v */
99static inline void
100set_uint64 (char *cp, u64 v)
101{
102 memcpy (cp, &v, sizeof v);
103}
104
105/* Put result from CTX in first 64 bytes following RESBUF.
106 The result must be in little endian byte order. */
107void *
108sha512_read_ctx (const struct sha512_ctx *ctx, void *resbuf)
109{
110 int i;
111 char *r = resbuf;
112
113 for (i = 0; i < 8; i++)
114 set_uint64 (r + i * sizeof ctx->state[0], SWAP (ctx->state[i]));
115
116 return resbuf;
117}
118
119void *
120sha384_read_ctx (const struct sha512_ctx *ctx, void *resbuf)
121{
122 int i;
123 char *r = resbuf;
124
125 for (i = 0; i < 6; i++)
126 set_uint64 (r + i * sizeof ctx->state[0], SWAP (ctx->state[i]));
127
128 return resbuf;
129}
130
131/* Process the remaining bytes in the internal buffer and the usual
132 prolog according to the standard and write the result to RESBUF. */
133static void
134sha512_conclude_ctx (struct sha512_ctx *ctx)
135{
136 /* Take yet unprocessed bytes into account. */
137 size_t bytes = ctx->buflen;
138 size_t size = (bytes < 112) ? 128 / 8 : 128 * 2 / 8;
139
140 /* Now count remaining bytes. */
141 ctx->total[0] = u64plus (ctx->total[0], u64lo (bytes));
142 if (u64lt (ctx->total[0], u64lo (bytes)))
143 ctx->total[1] = u64plus (ctx->total[1], u64lo (1));
144
145 /* Put the 128-bit file length in *bits* at the end of the buffer.
146 Use set_uint64 rather than a simple assignment, to avoid risk of
147 unaligned access. */
148 set_uint64 ((char *) &ctx->buffer[size - 2],
149 SWAP (u64or (u64shl (ctx->total[1], 3),
150 u64shr (ctx->total[0], 61))));
151 set_uint64 ((char *) &ctx->buffer[size - 1],
152 SWAP (u64shl (ctx->total[0], 3)));
153
154 memcpy (&((char *) ctx->buffer)[bytes], fillbuf, (size - 2) * 8 - bytes);
155
156 /* Process last bytes. */
157 sha512_process_block (ctx->buffer, size * 8, ctx);
158}
159
160void *
161sha512_finish_ctx (struct sha512_ctx *ctx, void *resbuf)
162{
163 sha512_conclude_ctx (ctx);
164 return sha512_read_ctx (ctx, resbuf);
165}
166
167void *
168sha384_finish_ctx (struct sha512_ctx *ctx, void *resbuf)
169{
170 sha512_conclude_ctx (ctx);
171 return sha384_read_ctx (ctx, resbuf);
172}
173
174/* Compute SHA512 message digest for bytes read from STREAM. The
175 resulting message digest number will be written into the 64 bytes
176 beginning at RESBLOCK. */
177int
178sha512_stream (FILE *stream, void *resblock)
179{
180 struct sha512_ctx ctx;
181 size_t sum;
182
183 char *buffer = malloc (BLOCKSIZE + 72);
184 if (!buffer)
185 return 1;
186
187 /* Initialize the computation context. */
188 sha512_init_ctx (&ctx);
189
190 /* Iterate over full file contents. */
191 while (1)
192 {
193 /* We read the file in blocks of BLOCKSIZE bytes. One call of the
194 computation function processes the whole buffer so that with the
195 next round of the loop another block can be read. */
196 size_t n;
197 sum = 0;
198
199 /* Read block. Take care for partial reads. */
200 while (1)
201 {
202 n = fread (buffer + sum, 1, BLOCKSIZE - sum, stream);
203
204 sum += n;
205
206 if (sum == BLOCKSIZE)
207 break;
208
209 if (n == 0)
210 {
211 /* Check for the error flag IFF N == 0, so that we don't
212 exit the loop after a partial read due to e.g., EAGAIN
213 or EWOULDBLOCK. */
214 if (ferror (stream))
215 {
216 free (buffer);
217 return 1;
218 }
219 goto process_partial_block;
220 }
221
222 /* We've read at least one byte, so ignore errors. But always
223 check for EOF, since feof may be true even though N > 0.
224 Otherwise, we could end up calling fread after EOF. */
225 if (feof (stream))
226 goto process_partial_block;
227 }
228
229 /* Process buffer with BLOCKSIZE bytes. Note that
230 BLOCKSIZE % 128 == 0
231 */
232 sha512_process_block (buffer, BLOCKSIZE, &ctx);
233 }
234
235 process_partial_block:;
236
237 /* Process any remaining bytes. */
238 if (sum > 0)
239 sha512_process_bytes (buffer, sum, &ctx);
240
241 /* Construct result in desired memory. */
242 sha512_finish_ctx (&ctx, resblock);
243 free (buffer);
244 return 0;
245}
246
247/* FIXME: Avoid code duplication */
248int
249sha384_stream (FILE *stream, void *resblock)
250{
251 struct sha512_ctx ctx;
252 size_t sum;
253
254 char *buffer = malloc (BLOCKSIZE + 72);
255 if (!buffer)
256 return 1;
257
258 /* Initialize the computation context. */
259 sha384_init_ctx (&ctx);
260
261 /* Iterate over full file contents. */
262 while (1)
263 {
264 /* We read the file in blocks of BLOCKSIZE bytes. One call of the
265 computation function processes the whole buffer so that with the
266 next round of the loop another block can be read. */
267 size_t n;
268 sum = 0;
269
270 /* Read block. Take care for partial reads. */
271 while (1)
272 {
273 n = fread (buffer + sum, 1, BLOCKSIZE - sum, stream);
274
275 sum += n;
276
277 if (sum == BLOCKSIZE)
278 break;
279
280 if (n == 0)
281 {
282 /* Check for the error flag IFF N == 0, so that we don't
283 exit the loop after a partial read due to e.g., EAGAIN
284 or EWOULDBLOCK. */
285 if (ferror (stream))
286 {
287 free (buffer);
288 return 1;
289 }
290 goto process_partial_block;
291 }
292
293 /* We've read at least one byte, so ignore errors. But always
294 check for EOF, since feof may be true even though N > 0.
295 Otherwise, we could end up calling fread after EOF. */
296 if (feof (stream))
297 goto process_partial_block;
298 }
299
300 /* Process buffer with BLOCKSIZE bytes. Note that
301 BLOCKSIZE % 128 == 0
302 */
303 sha512_process_block (buffer, BLOCKSIZE, &ctx);
304 }
305
306 process_partial_block:;
307
308 /* Process any remaining bytes. */
309 if (sum > 0)
310 sha512_process_bytes (buffer, sum, &ctx);
311
312 /* Construct result in desired memory. */
313 sha384_finish_ctx (&ctx, resblock);
314 free (buffer);
315 return 0;
316}
317
318/* Compute SHA512 message digest for LEN bytes beginning at BUFFER. The
319 result is always in little endian byte order, so that a byte-wise
320 output yields to the wanted ASCII representation of the message
321 digest. */
322void *
323sha512_buffer (const char *buffer, size_t len, void *resblock)
324{
325 struct sha512_ctx ctx;
326
327 /* Initialize the computation context. */
328 sha512_init_ctx (&ctx);
329
330 /* Process whole buffer but last len % 128 bytes. */
331 sha512_process_bytes (buffer, len, &ctx);
332
333 /* Put result in desired memory area. */
334 return sha512_finish_ctx (&ctx, resblock);
335}
336
337void *
338sha384_buffer (const char *buffer, size_t len, void *resblock)
339{
340 struct sha512_ctx ctx;
341
342 /* Initialize the computation context. */
343 sha384_init_ctx (&ctx);
344
345 /* Process whole buffer but last len % 128 bytes. */
346 sha512_process_bytes (buffer, len, &ctx);
347
348 /* Put result in desired memory area. */
349 return sha384_finish_ctx (&ctx, resblock);
350}
351
352void
353sha512_process_bytes (const void *buffer, size_t len, struct sha512_ctx *ctx)
354{
355 /* When we already have some bits in our internal buffer concatenate
356 both inputs first. */
357 if (ctx->buflen != 0)
358 {
359 size_t left_over = ctx->buflen;
360 size_t add = 256 - left_over > len ? len : 256 - left_over;
361
362 memcpy (&((char *) ctx->buffer)[left_over], buffer, add);
363 ctx->buflen += add;
364
365 if (ctx->buflen > 128)
366 {
367 sha512_process_block (ctx->buffer, ctx->buflen & ~127, ctx);
368
369 ctx->buflen &= 127;
370 /* The regions in the following copy operation cannot overlap. */
371 memcpy (ctx->buffer,
372 &((char *) ctx->buffer)[(left_over + add) & ~127],
373 ctx->buflen);
374 }
375
376 buffer = (const char *) buffer + add;
377 len -= add;
378 }
379
380 /* Process available complete blocks. */
381 if (len >= 128)
382 {
383#if !_STRING_ARCH_unaligned
384# define alignof(type) offsetof (struct { char c; type x; }, x)
385# define UNALIGNED_P(p) (((size_t) p) % alignof (u64) != 0)
386 if (UNALIGNED_P (buffer))
387 while (len > 128)
388 {
389 sha512_process_block (memcpy (ctx->buffer, buffer, 128), 128, ctx);
390 buffer = (const char *) buffer + 128;
391 len -= 128;
392 }
393 else
394#endif
395 {
396 sha512_process_block (buffer, len & ~127, ctx);
397 buffer = (const char *) buffer + (len & ~127);
398 len &= 127;
399 }
400 }
401
402 /* Move remaining bytes in internal buffer. */
403 if (len > 0)
404 {
405 size_t left_over = ctx->buflen;
406
407 memcpy (&((char *) ctx->buffer)[left_over], buffer, len);
408 left_over += len;
409 if (left_over >= 128)
410 {
411 sha512_process_block (ctx->buffer, 128, ctx);
412 left_over -= 128;
413 memcpy (ctx->buffer, &ctx->buffer[16], left_over);
414 }
415 ctx->buflen = left_over;
416 }
417}
418
419/* --- Code below is the primary difference between sha1.c and sha512.c --- */
420
421/* SHA512 round constants */
422#define K(I) sha512_round_constants[I]
423static u64 const sha512_round_constants[80] = {
424 u64init (0x428a2f98, 0xd728ae22), u64init (0x71374491, 0x23ef65cd),
425 u64init (0xb5c0fbcf, 0xec4d3b2f), u64init (0xe9b5dba5, 0x8189dbbc),
426 u64init (0x3956c25b, 0xf348b538), u64init (0x59f111f1, 0xb605d019),
427 u64init (0x923f82a4, 0xaf194f9b), u64init (0xab1c5ed5, 0xda6d8118),
428 u64init (0xd807aa98, 0xa3030242), u64init (0x12835b01, 0x45706fbe),
429 u64init (0x243185be, 0x4ee4b28c), u64init (0x550c7dc3, 0xd5ffb4e2),
430 u64init (0x72be5d74, 0xf27b896f), u64init (0x80deb1fe, 0x3b1696b1),
431 u64init (0x9bdc06a7, 0x25c71235), u64init (0xc19bf174, 0xcf692694),
432 u64init (0xe49b69c1, 0x9ef14ad2), u64init (0xefbe4786, 0x384f25e3),
433 u64init (0x0fc19dc6, 0x8b8cd5b5), u64init (0x240ca1cc, 0x77ac9c65),
434 u64init (0x2de92c6f, 0x592b0275), u64init (0x4a7484aa, 0x6ea6e483),
435 u64init (0x5cb0a9dc, 0xbd41fbd4), u64init (0x76f988da, 0x831153b5),
436 u64init (0x983e5152, 0xee66dfab), u64init (0xa831c66d, 0x2db43210),
437 u64init (0xb00327c8, 0x98fb213f), u64init (0xbf597fc7, 0xbeef0ee4),
438 u64init (0xc6e00bf3, 0x3da88fc2), u64init (0xd5a79147, 0x930aa725),
439 u64init (0x06ca6351, 0xe003826f), u64init (0x14292967, 0x0a0e6e70),
440 u64init (0x27b70a85, 0x46d22ffc), u64init (0x2e1b2138, 0x5c26c926),
441 u64init (0x4d2c6dfc, 0x5ac42aed), u64init (0x53380d13, 0x9d95b3df),
442 u64init (0x650a7354, 0x8baf63de), u64init (0x766a0abb, 0x3c77b2a8),
443 u64init (0x81c2c92e, 0x47edaee6), u64init (0x92722c85, 0x1482353b),
444 u64init (0xa2bfe8a1, 0x4cf10364), u64init (0xa81a664b, 0xbc423001),
445 u64init (0xc24b8b70, 0xd0f89791), u64init (0xc76c51a3, 0x0654be30),
446 u64init (0xd192e819, 0xd6ef5218), u64init (0xd6990624, 0x5565a910),
447 u64init (0xf40e3585, 0x5771202a), u64init (0x106aa070, 0x32bbd1b8),
448 u64init (0x19a4c116, 0xb8d2d0c8), u64init (0x1e376c08, 0x5141ab53),
449 u64init (0x2748774c, 0xdf8eeb99), u64init (0x34b0bcb5, 0xe19b48a8),
450 u64init (0x391c0cb3, 0xc5c95a63), u64init (0x4ed8aa4a, 0xe3418acb),
451 u64init (0x5b9cca4f, 0x7763e373), u64init (0x682e6ff3, 0xd6b2b8a3),
452 u64init (0x748f82ee, 0x5defb2fc), u64init (0x78a5636f, 0x43172f60),
453 u64init (0x84c87814, 0xa1f0ab72), u64init (0x8cc70208, 0x1a6439ec),
454 u64init (0x90befffa, 0x23631e28), u64init (0xa4506ceb, 0xde82bde9),
455 u64init (0xbef9a3f7, 0xb2c67915), u64init (0xc67178f2, 0xe372532b),
456 u64init (0xca273ece, 0xea26619c), u64init (0xd186b8c7, 0x21c0c207),
457 u64init (0xeada7dd6, 0xcde0eb1e), u64init (0xf57d4f7f, 0xee6ed178),
458 u64init (0x06f067aa, 0x72176fba), u64init (0x0a637dc5, 0xa2c898a6),
459 u64init (0x113f9804, 0xbef90dae), u64init (0x1b710b35, 0x131c471b),
460 u64init (0x28db77f5, 0x23047d84), u64init (0x32caab7b, 0x40c72493),
461 u64init (0x3c9ebe0a, 0x15c9bebc), u64init (0x431d67c4, 0x9c100d4c),
462 u64init (0x4cc5d4be, 0xcb3e42b6), u64init (0x597f299c, 0xfc657e2a),
463 u64init (0x5fcb6fab, 0x3ad6faec), u64init (0x6c44198c, 0x4a475817),
464};
465
466/* Round functions. */
467#define F2(A, B, C) u64or (u64and (A, B), u64and (C, u64or (A, B)))
468#define F1(E, F, G) u64xor (G, u64and (E, u64xor (F, G)))
469
470/* Process LEN bytes of BUFFER, accumulating context into CTX.
471 It is assumed that LEN % 128 == 0.
472 Most of this code comes from GnuPG's cipher/sha1.c. */
473
474void
475sha512_process_block (const void *buffer, size_t len, struct sha512_ctx *ctx)
476{
477 u64 const *words = buffer;
478 u64 const *endp = words + len / sizeof (u64);
479 u64 x[16];
480 u64 a = ctx->state[0];
481 u64 b = ctx->state[1];
482 u64 c = ctx->state[2];
483 u64 d = ctx->state[3];
484 u64 e = ctx->state[4];
485 u64 f = ctx->state[5];
486 u64 g = ctx->state[6];
487 u64 h = ctx->state[7];
488
489 /* First increment the byte count. FIPS PUB 180-2 specifies the possible
490 length of the file up to 2^128 bits. Here we only compute the
491 number of bytes. Do a double word increment. */
492 ctx->total[0] = u64plus (ctx->total[0], u64lo (len));
493 if (u64lt (ctx->total[0], u64lo (len)))
494 ctx->total[1] = u64plus (ctx->total[1], u64lo (1));
495
496#define S0(x) u64xor (u64rol(x, 63), u64xor (u64rol (x, 56), u64shr (x, 7)))
497#define S1(x) u64xor (u64rol (x, 45), u64xor (u64rol (x, 3), u64shr (x, 6)))
498#define SS0(x) u64xor (u64rol (x, 36), u64xor (u64rol (x, 30), u64rol (x, 25)))
499#define SS1(x) u64xor (u64rol(x, 50), u64xor (u64rol (x, 46), u64rol (x, 23)))
500
501#define M(I) (x[(I) & 15] \
502 = u64plus (x[(I) & 15], \
503 u64plus (S1 (x[((I) - 2) & 15]), \
504 u64plus (x[((I) - 7) & 15], \
505 S0 (x[((I) - 15) & 15])))))
506
507#define R(A, B, C, D, E, F, G, H, K, M) \
508 do \
509 { \
510 u64 t0 = u64plus (SS0 (A), F2 (A, B, C)); \
511 u64 t1 = \
512 u64plus (H, u64plus (SS1 (E), \
513 u64plus (F1 (E, F, G), u64plus (K, M)))); \
514 D = u64plus (D, t1); \
515 H = u64plus (t0, t1); \
516 } \
517 while (0)
518
519 while (words < endp)
520 {
521 int t;
522 /* FIXME: see sha1.c for a better implementation. */
523 for (t = 0; t < 16; t++)
524 {
525 x[t] = SWAP (*words);
526 words++;
527 }
528
529 R( a, b, c, d, e, f, g, h, K( 0), x[ 0] );
530 R( h, a, b, c, d, e, f, g, K( 1), x[ 1] );
531 R( g, h, a, b, c, d, e, f, K( 2), x[ 2] );
532 R( f, g, h, a, b, c, d, e, K( 3), x[ 3] );
533 R( e, f, g, h, a, b, c, d, K( 4), x[ 4] );
534 R( d, e, f, g, h, a, b, c, K( 5), x[ 5] );
535 R( c, d, e, f, g, h, a, b, K( 6), x[ 6] );
536 R( b, c, d, e, f, g, h, a, K( 7), x[ 7] );
537 R( a, b, c, d, e, f, g, h, K( 8), x[ 8] );
538 R( h, a, b, c, d, e, f, g, K( 9), x[ 9] );
539 R( g, h, a, b, c, d, e, f, K(10), x[10] );
540 R( f, g, h, a, b, c, d, e, K(11), x[11] );
541 R( e, f, g, h, a, b, c, d, K(12), x[12] );
542 R( d, e, f, g, h, a, b, c, K(13), x[13] );
543 R( c, d, e, f, g, h, a, b, K(14), x[14] );
544 R( b, c, d, e, f, g, h, a, K(15), x[15] );
545 R( a, b, c, d, e, f, g, h, K(16), M(16) );
546 R( h, a, b, c, d, e, f, g, K(17), M(17) );
547 R( g, h, a, b, c, d, e, f, K(18), M(18) );
548 R( f, g, h, a, b, c, d, e, K(19), M(19) );
549 R( e, f, g, h, a, b, c, d, K(20), M(20) );
550 R( d, e, f, g, h, a, b, c, K(21), M(21) );
551 R( c, d, e, f, g, h, a, b, K(22), M(22) );
552 R( b, c, d, e, f, g, h, a, K(23), M(23) );
553 R( a, b, c, d, e, f, g, h, K(24), M(24) );
554 R( h, a, b, c, d, e, f, g, K(25), M(25) );
555 R( g, h, a, b, c, d, e, f, K(26), M(26) );
556 R( f, g, h, a, b, c, d, e, K(27), M(27) );
557 R( e, f, g, h, a, b, c, d, K(28), M(28) );
558 R( d, e, f, g, h, a, b, c, K(29), M(29) );
559 R( c, d, e, f, g, h, a, b, K(30), M(30) );
560 R( b, c, d, e, f, g, h, a, K(31), M(31) );
561 R( a, b, c, d, e, f, g, h, K(32), M(32) );
562 R( h, a, b, c, d, e, f, g, K(33), M(33) );
563 R( g, h, a, b, c, d, e, f, K(34), M(34) );
564 R( f, g, h, a, b, c, d, e, K(35), M(35) );
565 R( e, f, g, h, a, b, c, d, K(36), M(36) );
566 R( d, e, f, g, h, a, b, c, K(37), M(37) );
567 R( c, d, e, f, g, h, a, b, K(38), M(38) );
568 R( b, c, d, e, f, g, h, a, K(39), M(39) );
569 R( a, b, c, d, e, f, g, h, K(40), M(40) );
570 R( h, a, b, c, d, e, f, g, K(41), M(41) );
571 R( g, h, a, b, c, d, e, f, K(42), M(42) );
572 R( f, g, h, a, b, c, d, e, K(43), M(43) );
573 R( e, f, g, h, a, b, c, d, K(44), M(44) );
574 R( d, e, f, g, h, a, b, c, K(45), M(45) );
575 R( c, d, e, f, g, h, a, b, K(46), M(46) );
576 R( b, c, d, e, f, g, h, a, K(47), M(47) );
577 R( a, b, c, d, e, f, g, h, K(48), M(48) );
578 R( h, a, b, c, d, e, f, g, K(49), M(49) );
579 R( g, h, a, b, c, d, e, f, K(50), M(50) );
580 R( f, g, h, a, b, c, d, e, K(51), M(51) );
581 R( e, f, g, h, a, b, c, d, K(52), M(52) );
582 R( d, e, f, g, h, a, b, c, K(53), M(53) );
583 R( c, d, e, f, g, h, a, b, K(54), M(54) );
584 R( b, c, d, e, f, g, h, a, K(55), M(55) );
585 R( a, b, c, d, e, f, g, h, K(56), M(56) );
586 R( h, a, b, c, d, e, f, g, K(57), M(57) );
587 R( g, h, a, b, c, d, e, f, K(58), M(58) );
588 R( f, g, h, a, b, c, d, e, K(59), M(59) );
589 R( e, f, g, h, a, b, c, d, K(60), M(60) );
590 R( d, e, f, g, h, a, b, c, K(61), M(61) );
591 R( c, d, e, f, g, h, a, b, K(62), M(62) );
592 R( b, c, d, e, f, g, h, a, K(63), M(63) );
593 R( a, b, c, d, e, f, g, h, K(64), M(64) );
594 R( h, a, b, c, d, e, f, g, K(65), M(65) );
595 R( g, h, a, b, c, d, e, f, K(66), M(66) );
596 R( f, g, h, a, b, c, d, e, K(67), M(67) );
597 R( e, f, g, h, a, b, c, d, K(68), M(68) );
598 R( d, e, f, g, h, a, b, c, K(69), M(69) );
599 R( c, d, e, f, g, h, a, b, K(70), M(70) );
600 R( b, c, d, e, f, g, h, a, K(71), M(71) );
601 R( a, b, c, d, e, f, g, h, K(72), M(72) );
602 R( h, a, b, c, d, e, f, g, K(73), M(73) );
603 R( g, h, a, b, c, d, e, f, K(74), M(74) );
604 R( f, g, h, a, b, c, d, e, K(75), M(75) );
605 R( e, f, g, h, a, b, c, d, K(76), M(76) );
606 R( d, e, f, g, h, a, b, c, K(77), M(77) );
607 R( c, d, e, f, g, h, a, b, K(78), M(78) );
608 R( b, c, d, e, f, g, h, a, K(79), M(79) );
609
610 a = ctx->state[0] = u64plus (ctx->state[0], a);
611 b = ctx->state[1] = u64plus (ctx->state[1], b);
612 c = ctx->state[2] = u64plus (ctx->state[2], c);
613 d = ctx->state[3] = u64plus (ctx->state[3], d);
614 e = ctx->state[4] = u64plus (ctx->state[4], e);
615 f = ctx->state[5] = u64plus (ctx->state[5], f);
616 g = ctx->state[6] = u64plus (ctx->state[6], g);
617 h = ctx->state[7] = u64plus (ctx->state[7], h);
618 }
619}
diff --git a/lib/sha512.h b/lib/sha512.h
new file mode 100644
index 00000000000..af8b354ebd0
--- /dev/null
+++ b/lib/sha512.h
@@ -0,0 +1,95 @@
1/* Declarations of functions and data types used for SHA512 and SHA384 sum
2 library functions.
3 Copyright (C) 2005-2006, 2008-2011 Free Software Foundation, Inc.
4
5 This program is free software: you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation, either version 3 of the License, or
8 (at your option) any later version.
9
10 This program is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 GNU General Public License for more details.
14
15 You should have received a copy of the GNU General Public License
16 along with this program. If not, see <http://www.gnu.org/licenses/>. */
17
18#ifndef SHA512_H
19# define SHA512_H 1
20
21# include <stdio.h>
22
23# include "u64.h"
24
25# ifdef __cplusplus
26extern "C" {
27# endif
28
29/* Structure to save state of computation between the single steps. */
30struct sha512_ctx
31{
32 u64 state[8];
33
34 u64 total[2];
35 size_t buflen;
36 u64 buffer[32];
37};
38
39enum { SHA384_DIGEST_SIZE = 384 / 8 };
40enum { SHA512_DIGEST_SIZE = 512 / 8 };
41
42/* Initialize structure containing state of computation. */
43extern void sha512_init_ctx (struct sha512_ctx *ctx);
44extern void sha384_init_ctx (struct sha512_ctx *ctx);
45
46/* Starting with the result of former calls of this function (or the
47 initialization function update the context for the next LEN bytes
48 starting at BUFFER.
49 It is necessary that LEN is a multiple of 128!!! */
50extern void sha512_process_block (const void *buffer, size_t len,
51 struct sha512_ctx *ctx);
52
53/* Starting with the result of former calls of this function (or the
54 initialization function update the context for the next LEN bytes
55 starting at BUFFER.
56 It is NOT required that LEN is a multiple of 128. */
57extern void sha512_process_bytes (const void *buffer, size_t len,
58 struct sha512_ctx *ctx);
59
60/* Process the remaining bytes in the buffer and put result from CTX
61 in first 64 (48) bytes following RESBUF. The result is always in little
62 endian byte order, so that a byte-wise output yields to the wanted
63 ASCII representation of the message digest. */
64extern void *sha512_finish_ctx (struct sha512_ctx *ctx, void *resbuf);
65extern void *sha384_finish_ctx (struct sha512_ctx *ctx, void *resbuf);
66
67
68/* Put result from CTX in first 64 (48) bytes following RESBUF. The result is
69 always in little endian byte order, so that a byte-wise output yields
70 to the wanted ASCII representation of the message digest.
71
72 IMPORTANT: On some systems it is required that RESBUF is correctly
73 aligned for a 32 bits value. */
74extern void *sha512_read_ctx (const struct sha512_ctx *ctx, void *resbuf);
75extern void *sha384_read_ctx (const struct sha512_ctx *ctx, void *resbuf);
76
77
78/* Compute SHA512 (SHA384) message digest for bytes read from STREAM. The
79 resulting message digest number will be written into the 64 (48) bytes
80 beginning at RESBLOCK. */
81extern int sha512_stream (FILE *stream, void *resblock);
82extern int sha384_stream (FILE *stream, void *resblock);
83
84/* Compute SHA512 (SHA384) message digest for LEN bytes beginning at BUFFER. The
85 result is always in little endian byte order, so that a byte-wise
86 output yields to the wanted ASCII representation of the message
87 digest. */
88extern void *sha512_buffer (const char *buffer, size_t len, void *resblock);
89extern void *sha384_buffer (const char *buffer, size_t len, void *resblock);
90
91# ifdef __cplusplus
92}
93# endif
94
95#endif
diff --git a/lib/u64.h b/lib/u64.h
new file mode 100644
index 00000000000..182d64955aa
--- /dev/null
+++ b/lib/u64.h
@@ -0,0 +1,158 @@
1/* uint64_t-like operations that work even on hosts lacking uint64_t
2
3 Copyright (C) 2006, 2009-2011 Free Software Foundation, Inc.
4
5 This program is free software: you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation, either version 3 of the License, or
8 (at your option) any later version.
9
10 This program is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 GNU General Public License for more details.
14
15 You should have received a copy of the GNU General Public License
16 along with this program. If not, see <http://www.gnu.org/licenses/>. */
17
18/* Written by Paul Eggert. */
19
20#include <stdint.h>
21
22/* Return X rotated left by N bits, where 0 < N < 64. */
23#define u64rol(x, n) u64or (u64shl (x, n), u64shr (x, 64 - n))
24
25#ifdef UINT64_MAX
26
27/* Native implementations are trivial. See below for comments on what
28 these operations do. */
29typedef uint64_t u64;
30# define u64hilo(hi, lo) ((u64) (((u64) (hi) << 32) + (lo)))
31# define u64init(hi, lo) u64hilo (hi, lo)
32# define u64lo(x) ((u64) (x))
33# define u64lt(x, y) ((x) < (y))
34# define u64and(x, y) ((x) & (y))
35# define u64or(x, y) ((x) | (y))
36# define u64xor(x, y) ((x) ^ (y))
37# define u64plus(x, y) ((x) + (y))
38# define u64shl(x, n) ((x) << (n))
39# define u64shr(x, n) ((x) >> (n))
40
41#else
42
43/* u64 is a 64-bit unsigned integer value.
44 u64init (HI, LO), is like u64hilo (HI, LO), but for use in
45 initializer contexts. */
46# ifdef WORDS_BIGENDIAN
47typedef struct { uint32_t hi, lo; } u64;
48# define u64init(hi, lo) { hi, lo }
49# else
50typedef struct { uint32_t lo, hi; } u64;
51# define u64init(hi, lo) { lo, hi }
52# endif
53
54/* Given the high and low-order 32-bit quantities HI and LO, return a u64
55 value representing (HI << 32) + LO. */
56static inline u64
57u64hilo (uint32_t hi, uint32_t lo)
58{
59 u64 r;
60 r.hi = hi;
61 r.lo = lo;
62 return r;
63}
64
65/* Return a u64 value representing LO. */
66static inline u64
67u64lo (uint32_t lo)
68{
69 u64 r;
70 r.hi = 0;
71 r.lo = lo;
72 return r;
73}
74
75/* Return X < Y. */
76static inline int
77u64lt (u64 x, u64 y)
78{
79 return x.hi < y.hi || (x.hi == y.hi && x.lo < y.lo);
80}
81
82/* Return X & Y. */
83static inline u64
84u64and (u64 x, u64 y)
85{
86 u64 r;
87 r.hi = x.hi & y.hi;
88 r.lo = x.lo & y.lo;
89 return r;
90}
91
92/* Return X | Y. */
93static inline u64
94u64or (u64 x, u64 y)
95{
96 u64 r;
97 r.hi = x.hi | y.hi;
98 r.lo = x.lo | y.lo;
99 return r;
100}
101
102/* Return X ^ Y. */
103static inline u64
104u64xor (u64 x, u64 y)
105{
106 u64 r;
107 r.hi = x.hi ^ y.hi;
108 r.lo = x.lo ^ y.lo;
109 return r;
110}
111
112/* Return X + Y. */
113static inline u64
114u64plus (u64 x, u64 y)
115{
116 u64 r;
117 r.lo = x.lo + y.lo;
118 r.hi = x.hi + y.hi + (r.lo < x.lo);
119 return r;
120}
121
122/* Return X << N. */
123static inline u64
124u64shl (u64 x, int n)
125{
126 u64 r;
127 if (n < 32)
128 {
129 r.hi = (x.hi << n) | (x.lo >> (32 - n));
130 r.lo = x.lo << n;
131 }
132 else
133 {
134 r.hi = x.lo << (n - 32);
135 r.lo = 0;
136 }
137 return r;
138}
139
140/* Return X >> N. */
141static inline u64
142u64shr (u64 x, int n)
143{
144 u64 r;
145 if (n < 32)
146 {
147 r.hi = x.hi >> n;
148 r.lo = (x.hi << (32 - n)) | (x.lo >> n);
149 }
150 else
151 {
152 r.hi = 0;
153 r.lo = x.hi >> (n - 32);
154 }
155 return r;
156}
157
158#endif
generated by cgit v1.2.1 (git 2.18.0) at 2026-03-06 22:58:45 +0000