"Fossies" - the Fresh Open Source Software Archive 
Member "xorriso-1.5.4/libjte/sha512.c" (30 Jan 2021, 14519 Bytes) of package /linux/misc/xorriso-1.5.4.pl02.tar.gz:
As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style:
standard) with prefixed line numbers and
code folding option.
Alternatively you can here
view or
download the uninterpreted source code file.
For more information about "sha512.c" see the
Fossies "Dox" file reference documentation and the last
Fossies "Diffs" side-by-side code changes report:
1.5.2_vs_1.5.4.
1 /* Functions to compute SHA512 message digest of files or memory blocks.
2 according to the definition of SHA512 in FIPS 180-2.
3 Copyright (C) 2007 Free Software Foundation, Inc.
4
5 Copied here from the GNU C Library version 2.7 on the 10 May 2009
6 by Steve McIntyre <93sam@debian.org>. This code was under LGPL v2.1
7 in glibc, and that license gives us the option to use and
8 distribute the code under the terms of the GPL v2 instead. I'm
9 taking that option.
10
11 This program is free software; you can redistribute it and/or modify it
12 under the terms of the GNU General Public License as published by the
13 Free Software Foundation; either version 2, or (at your option) any
14 later version.
15
16 This program is distributed in the hope that it will be useful,
17 but WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 GNU General Public License for more details.
20
21 You should have received a copy of the GNU General Public License
22 along with this program; if not, write to the Free Software Foundation,
23 Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */
24
25 /* Written by Ulrich Drepper <drepper@redhat.com>, 2007. */
26
27 #ifdef HAVE_CONFIG_H
28 #include "../config.h"
29 #endif
30
31 #include <stdlib.h>
32 #include <string.h>
33 #include <sys/types.h>
34
35 #include "sha512.h"
36
37 #if __BYTE_ORDER == __LITTLE_ENDIAN
38 # ifdef _LIBC
39 # include <byteswap.h>
40 # define SWAP(n) bswap_64 (n)
41 # else
42 # define SWAP(n) \
43 (((n) << 56) \
44 | (((n) & 0xff00) << 40) \
45 | (((n) & 0xff0000) << 24) \
46 | (((n) & 0xff000000) << 8) \
47 | (((n) >> 8) & 0xff000000) \
48 | (((n) >> 24) & 0xff0000) \
49 | (((n) >> 40) & 0xff00) \
50 | ((n) >> 56))
51 # endif
52 #else
53 # define SWAP(n) (n)
54 #endif
55
56
57 /* This array contains the bytes used to pad the buffer to the next
58 64-byte boundary. (FIPS 180-2:5.1.2) */
59 static const unsigned char fillbuf[128] = { 0x80, 0 /* , 0, 0, ... */ };
60
61
62 /* Constants for SHA512 from FIPS 180-2:4.2.3. */
63
64 #define LIBJTE_INITIALIZE_32 yes
65
66 #ifdef LIBJTE_INITIALIZE_32
67
68 static uint64_t K[80];
69 static int K_initialized = 0;
70 /* 64 bit numbers have been split into 32 bit patterns because some compilers
71 have problems with 64 bit constants.
72 The 64 bit array gets composed in the first call of sha512_init_ctx().
73 This is thread safe because any concurrent writes would write the same
74 value to the same address.
75 */
76 static const uint32_t K32[160] =
77 {
78 0x428a2f98 , 0xd728ae22 , 0x71374491 , 0x23ef65cd ,
79 0xb5c0fbcf , 0xec4d3b2f , 0xe9b5dba5 , 0x8189dbbc ,
80 0x3956c25b , 0xf348b538 , 0x59f111f1 , 0xb605d019 ,
81 0x923f82a4 , 0xaf194f9b , 0xab1c5ed5 , 0xda6d8118 ,
82 0xd807aa98 , 0xa3030242 , 0x12835b01 , 0x45706fbe ,
83 0x243185be , 0x4ee4b28c , 0x550c7dc3 , 0xd5ffb4e2 ,
84 0x72be5d74 , 0xf27b896f , 0x80deb1fe , 0x3b1696b1 ,
85 0x9bdc06a7 , 0x25c71235 , 0xc19bf174 , 0xcf692694 ,
86 0xe49b69c1 , 0x9ef14ad2 , 0xefbe4786 , 0x384f25e3 ,
87 0x0fc19dc6 , 0x8b8cd5b5 , 0x240ca1cc , 0x77ac9c65 ,
88 0x2de92c6f , 0x592b0275 , 0x4a7484aa , 0x6ea6e483 ,
89 0x5cb0a9dc , 0xbd41fbd4 , 0x76f988da , 0x831153b5 ,
90 0x983e5152 , 0xee66dfab , 0xa831c66d , 0x2db43210 ,
91 0xb00327c8 , 0x98fb213f , 0xbf597fc7 , 0xbeef0ee4 ,
92 0xc6e00bf3 , 0x3da88fc2 , 0xd5a79147 , 0x930aa725 ,
93 0x06ca6351 , 0xe003826f , 0x14292967 , 0x0a0e6e70 ,
94 0x27b70a85 , 0x46d22ffc , 0x2e1b2138 , 0x5c26c926 ,
95 0x4d2c6dfc , 0x5ac42aed , 0x53380d13 , 0x9d95b3df ,
96 0x650a7354 , 0x8baf63de , 0x766a0abb , 0x3c77b2a8 ,
97 0x81c2c92e , 0x47edaee6 , 0x92722c85 , 0x1482353b ,
98 0xa2bfe8a1 , 0x4cf10364 , 0xa81a664b , 0xbc423001 ,
99 0xc24b8b70 , 0xd0f89791 , 0xc76c51a3 , 0x0654be30 ,
100 0xd192e819 , 0xd6ef5218 , 0xd6990624 , 0x5565a910 ,
101 0xf40e3585 , 0x5771202a , 0x106aa070 , 0x32bbd1b8 ,
102 0x19a4c116 , 0xb8d2d0c8 , 0x1e376c08 , 0x5141ab53 ,
103 0x2748774c , 0xdf8eeb99 , 0x34b0bcb5 , 0xe19b48a8 ,
104 0x391c0cb3 , 0xc5c95a63 , 0x4ed8aa4a , 0xe3418acb ,
105 0x5b9cca4f , 0x7763e373 , 0x682e6ff3 , 0xd6b2b8a3 ,
106 0x748f82ee , 0x5defb2fc , 0x78a5636f , 0x43172f60 ,
107 0x84c87814 , 0xa1f0ab72 , 0x8cc70208 , 0x1a6439ec ,
108 0x90befffa , 0x23631e28 , 0xa4506ceb , 0xde82bde9 ,
109 0xbef9a3f7 , 0xb2c67915 , 0xc67178f2 , 0xe372532b ,
110 0xca273ece , 0xea26619c , 0xd186b8c7 , 0x21c0c207 ,
111 0xeada7dd6 , 0xcde0eb1e , 0xf57d4f7f , 0xee6ed178 ,
112 0x06f067aa , 0x72176fba , 0x0a637dc5 , 0xa2c898a6 ,
113 0x113f9804 , 0xbef90dae , 0x1b710b35 , 0x131c471b ,
114 0x28db77f5 , 0x23047d84 , 0x32caab7b , 0x40c72493 ,
115 0x3c9ebe0a , 0x15c9bebc , 0x431d67c4 , 0x9c100d4c ,
116 0x4cc5d4be , 0xcb3e42b6 , 0x597f299c , 0xfc657e2a ,
117 0x5fcb6fab , 0x3ad6faec , 0x6c44198c , 0x4a475817
118 };
119
120 #else /* LIBJTE_INITIALIZE_32 */
121
122 static const uint64_t K[80] =
123 {
124 UINT64_C (0x428a2f98d728ae22), UINT64_C (0x7137449123ef65cd),
125 UINT64_C (0xb5c0fbcfec4d3b2f), UINT64_C (0xe9b5dba58189dbbc),
126 UINT64_C (0x3956c25bf348b538), UINT64_C (0x59f111f1b605d019),
127 UINT64_C (0x923f82a4af194f9b), UINT64_C (0xab1c5ed5da6d8118),
128 UINT64_C (0xd807aa98a3030242), UINT64_C (0x12835b0145706fbe),
129 UINT64_C (0x243185be4ee4b28c), UINT64_C (0x550c7dc3d5ffb4e2),
130 UINT64_C (0x72be5d74f27b896f), UINT64_C (0x80deb1fe3b1696b1),
131 UINT64_C (0x9bdc06a725c71235), UINT64_C (0xc19bf174cf692694),
132 UINT64_C (0xe49b69c19ef14ad2), UINT64_C (0xefbe4786384f25e3),
133 UINT64_C (0x0fc19dc68b8cd5b5), UINT64_C (0x240ca1cc77ac9c65),
134 UINT64_C (0x2de92c6f592b0275), UINT64_C (0x4a7484aa6ea6e483),
135 UINT64_C (0x5cb0a9dcbd41fbd4), UINT64_C (0x76f988da831153b5),
136 UINT64_C (0x983e5152ee66dfab), UINT64_C (0xa831c66d2db43210),
137 UINT64_C (0xb00327c898fb213f), UINT64_C (0xbf597fc7beef0ee4),
138 UINT64_C (0xc6e00bf33da88fc2), UINT64_C (0xd5a79147930aa725),
139 UINT64_C (0x06ca6351e003826f), UINT64_C (0x142929670a0e6e70),
140 UINT64_C (0x27b70a8546d22ffc), UINT64_C (0x2e1b21385c26c926),
141 UINT64_C (0x4d2c6dfc5ac42aed), UINT64_C (0x53380d139d95b3df),
142 UINT64_C (0x650a73548baf63de), UINT64_C (0x766a0abb3c77b2a8),
143 UINT64_C (0x81c2c92e47edaee6), UINT64_C (0x92722c851482353b),
144 UINT64_C (0xa2bfe8a14cf10364), UINT64_C (0xa81a664bbc423001),
145 UINT64_C (0xc24b8b70d0f89791), UINT64_C (0xc76c51a30654be30),
146 UINT64_C (0xd192e819d6ef5218), UINT64_C (0xd69906245565a910),
147 UINT64_C (0xf40e35855771202a), UINT64_C (0x106aa07032bbd1b8),
148 UINT64_C (0x19a4c116b8d2d0c8), UINT64_C (0x1e376c085141ab53),
149 UINT64_C (0x2748774cdf8eeb99), UINT64_C (0x34b0bcb5e19b48a8),
150 UINT64_C (0x391c0cb3c5c95a63), UINT64_C (0x4ed8aa4ae3418acb),
151 UINT64_C (0x5b9cca4f7763e373), UINT64_C (0x682e6ff3d6b2b8a3),
152 UINT64_C (0x748f82ee5defb2fc), UINT64_C (0x78a5636f43172f60),
153 UINT64_C (0x84c87814a1f0ab72), UINT64_C (0x8cc702081a6439ec),
154 UINT64_C (0x90befffa23631e28), UINT64_C (0xa4506cebde82bde9),
155 UINT64_C (0xbef9a3f7b2c67915), UINT64_C (0xc67178f2e372532b),
156 UINT64_C (0xca273eceea26619c), UINT64_C (0xd186b8c721c0c207),
157 UINT64_C (0xeada7dd6cde0eb1e), UINT64_C (0xf57d4f7fee6ed178),
158 UINT64_C (0x06f067aa72176fba), UINT64_C (0x0a637dc5a2c898a6),
159 UINT64_C (0x113f9804bef90dae), UINT64_C (0x1b710b35131c471b),
160 UINT64_C (0x28db77f523047d84), UINT64_C (0x32caab7b40c72493),
161 UINT64_C (0x3c9ebe0a15c9bebc), UINT64_C (0x431d67c49c100d4c),
162 UINT64_C (0x4cc5d4becb3e42b6), UINT64_C (0x597f299cfc657e2a),
163 UINT64_C (0x5fcb6fab3ad6faec), UINT64_C (0x6c44198c4a475817)
164 };
165
166 #endif /* ! LIBJTE_INITIALIZE_32 */
167
168
169 /* Process LEN bytes of BUFFER, accumulating context into CTX.
170 It is assumed that LEN % 128 == 0. */
171 static void
172 sha512_process_block (const void *buffer, size_t len, struct sha512_ctx *ctx)
173 {
174 const uint64_t *words = buffer;
175 size_t nwords = len / sizeof (uint64_t);
176 uint64_t a = ctx->H[0];
177 uint64_t b = ctx->H[1];
178 uint64_t c = ctx->H[2];
179 uint64_t d = ctx->H[3];
180 uint64_t e = ctx->H[4];
181 uint64_t f = ctx->H[5];
182 uint64_t g = ctx->H[6];
183 uint64_t h = ctx->H[7];
184
185 /* First increment the byte count. FIPS 180-2 specifies the possible
186 length of the file up to 2^128 bits. Here we only compute the
187 number of bytes. Do a double word increment. */
188 ctx->total[0] += len;
189 if (ctx->total[0] < len)
190 ++ctx->total[1];
191
192 /* Process all bytes in the buffer with 128 bytes in each round of
193 the loop. */
194 while (nwords > 0)
195 {
196 uint64_t W[80];
197 uint64_t a_save = a;
198 uint64_t b_save = b;
199 uint64_t c_save = c;
200 uint64_t d_save = d;
201 uint64_t e_save = e;
202 uint64_t f_save = f;
203 uint64_t g_save = g;
204 uint64_t h_save = h;
205 unsigned int t;
206
207 /* Operators defined in FIPS 180-2:4.1.2. */
208 #define Ch(x, y, z) ((x & y) ^ (~x & z))
209 #define Maj(x, y, z) ((x & y) ^ (x & z) ^ (y & z))
210 #define S0(x) (CYCLIC (x, 28) ^ CYCLIC (x, 34) ^ CYCLIC (x, 39))
211 #define S1(x) (CYCLIC (x, 14) ^ CYCLIC (x, 18) ^ CYCLIC (x, 41))
212 #define R0(x) (CYCLIC (x, 1) ^ CYCLIC (x, 8) ^ (x >> 7))
213 #define R1(x) (CYCLIC (x, 19) ^ CYCLIC (x, 61) ^ (x >> 6))
214
215 /* It is unfortunate that C does not provide an operator for
216 cyclic rotation. Hope the C compiler is smart enough. */
217 #define CYCLIC(w, s) ((w >> s) | (w << (64 - s)))
218
219 /* Compute the message schedule according to FIPS 180-2:6.3.2 step 2. */
220 for (t = 0; t < 16; ++t)
221 {
222 W[t] = SWAP (*words);
223 ++words;
224 }
225 for (t = 16; t < 80; ++t)
226 W[t] = R1 (W[t - 2]) + W[t - 7] + R0 (W[t - 15]) + W[t - 16];
227
228 /* The actual computation according to FIPS 180-2:6.3.2 step 3. */
229 for (t = 0; t < 80; ++t)
230 {
231 uint64_t T1 = h + S1 (e) + Ch (e, f, g) + K[t] + W[t];
232 uint64_t T2 = S0 (a) + Maj (a, b, c);
233 h = g;
234 g = f;
235 f = e;
236 e = d + T1;
237 d = c;
238 c = b;
239 b = a;
240 a = T1 + T2;
241 }
242
243 /* Add the starting values of the context according to FIPS 180-2:6.3.2
244 step 4. */
245 a += a_save;
246 b += b_save;
247 c += c_save;
248 d += d_save;
249 e += e_save;
250 f += f_save;
251 g += g_save;
252 h += h_save;
253
254 /* Prepare for the next round. */
255 nwords -= 16;
256 }
257
258 /* Put checksum in context given as argument. */
259 ctx->H[0] = a;
260 ctx->H[1] = b;
261 ctx->H[2] = c;
262 ctx->H[3] = d;
263 ctx->H[4] = e;
264 ctx->H[5] = f;
265 ctx->H[6] = g;
266 ctx->H[7] = h;
267 }
268
269
270 /* Initialize structure containing state of computation.
271 (FIPS 180-2:5.3.3) */
272 void
273 sha512_init_ctx (struct sha512_ctx *ctx)
274 {
275
276 #ifdef LIBJTE_INITIALIZE_32
277
278 if (!K_initialized) {
279 int i;
280
281 for (i = 0; i < 80; i++)
282 K[i] = (((uint64_t) K32[2 * i]) << 32) | K32[2 * i + 1];
283 K_initialized = 1;
284 }
285
286 ctx->H[0] = (((uint64_t) 0x6a09e667) << 32) | 0xf3bcc908;
287 ctx->H[1] = (((uint64_t) 0xbb67ae85) << 32) | 0x84caa73b;
288 ctx->H[2] = (((uint64_t) 0x3c6ef372) << 32) | 0xfe94f82b;
289 ctx->H[3] = (((uint64_t) 0xa54ff53a) << 32) | 0x5f1d36f1;
290 ctx->H[4] = (((uint64_t) 0x510e527f) << 32) | 0xade682d1;
291 ctx->H[5] = (((uint64_t) 0x9b05688c) << 32) | 0x2b3e6c1f;
292 ctx->H[6] = (((uint64_t) 0x1f83d9ab) << 32) | 0xfb41bd6b;
293 ctx->H[7] = (((uint64_t) 0x5be0cd19) << 32) | 0x137e2179;
294
295 #else /* LIBJTE_INITIALIZE_32 */
296
297 ctx->H[0] = UINT64_C (0x6a09e667f3bcc908);
298 ctx->H[1] = UINT64_C (0xbb67ae8584caa73b);
299 ctx->H[2] = UINT64_C (0x3c6ef372fe94f82b);
300 ctx->H[3] = UINT64_C (0xa54ff53a5f1d36f1);
301 ctx->H[4] = UINT64_C (0x510e527fade682d1);
302 ctx->H[5] = UINT64_C (0x9b05688c2b3e6c1f);
303 ctx->H[6] = UINT64_C (0x1f83d9abfb41bd6b);
304 ctx->H[7] = UINT64_C (0x5be0cd19137e2179);
305
306 #endif /* LIBJTE_INITIALIZE_32 */
307
308 ctx->total[0] = ctx->total[1] = 0;
309 ctx->buflen = 0;
310 }
311
312
313 /* Process the remaining bytes in the internal buffer and the usual
314 prolog according to the standard and write the result to RESBUF.
315
316 IMPORTANT: On some systems it is required that RESBUF is correctly
317 aligned for a 32 bits value. */
318 void *
319 sha512_finish_ctx (struct sha512_ctx *ctx, void *resbuf)
320 {
321 /* Take yet unprocessed bytes into account. */
322 uint64_t bytes = ctx->buflen;
323 size_t pad;
324 unsigned int i;
325
326 /* Now count remaining bytes. */
327 ctx->total[0] += bytes;
328 if (ctx->total[0] < bytes)
329 ++ctx->total[1];
330
331 pad = bytes >= 112 ? 128 + 112 - bytes : 112 - bytes;
332 memcpy (&ctx->buffer[bytes], fillbuf, pad);
333
334 /* Put the 128-bit file length in *bits* at the end of the buffer. */
335 *(uint64_t *) &ctx->buffer[bytes + pad + 8] = SWAP (ctx->total[0] << 3);
336 *(uint64_t *) &ctx->buffer[bytes + pad] = SWAP ((ctx->total[1] << 3) |
337 (ctx->total[0] >> 61));
338
339 /* Process last bytes. */
340 sha512_process_block (ctx->buffer, bytes + pad + 16, ctx);
341
342 /* Put result from CTX in first 64 bytes following RESBUF. */
343 for (i = 0; i < 8; ++i)
344 ((uint64_t *) resbuf)[i] = SWAP (ctx->H[i]);
345
346 return resbuf;
347 }
348
349
350 void
351 sha512_process_bytes (const void *buffer, size_t len, struct sha512_ctx *ctx)
352 {
353 /* When we already have some bits in our internal buffer concatenate
354 both inputs first. */
355 if (ctx->buflen != 0)
356 {
357 size_t left_over = ctx->buflen;
358 size_t add = 256 - left_over > len ? len : 256 - left_over;
359
360 memcpy (&ctx->buffer[left_over], buffer, add);
361 ctx->buflen += add;
362
363 if (ctx->buflen > 128)
364 {
365 sha512_process_block (ctx->buffer, ctx->buflen & ~127, ctx);
366
367 ctx->buflen &= 127;
368 /* The regions in the following copy operation cannot overlap. */
369 memcpy (ctx->buffer, &ctx->buffer[(left_over + add) & ~127],
370 ctx->buflen);
371 }
372
373 buffer = (const char *) buffer + add;
374 len -= add;
375 }
376
377 /* Process available complete blocks. */
378 if (len >= 128)
379 {
380 #if !_STRING_ARCH_unaligned
381 /* To check alignment gcc has an appropriate operator. Other
382 compilers don't. */
383 # if __GNUC__ >= 2
384 # define UNALIGNED_P(p) (((uintptr_t) p) % __alignof__ (uint64_t) != 0)
385 # else
386 # define UNALIGNED_P(p) (((uintptr_t) p) % sizeof (uint64_t) != 0)
387 # endif
388 if (UNALIGNED_P (buffer))
389 while (len > 128)
390 {
391 sha512_process_block (memcpy (ctx->buffer, buffer, 128), 128,
392 ctx);
393 buffer = (const char *) buffer + 128;
394 len -= 128;
395 }
396 else
397 #endif
398 {
399 sha512_process_block (buffer, len & ~127, ctx);
400 buffer = (const char *) buffer + (len & ~127);
401 len &= 127;
402 }
403 }
404
405 /* Move remaining bytes into internal buffer. */
406 if (len > 0)
407 {
408 size_t left_over = ctx->buflen;
409
410 memcpy (&ctx->buffer[left_over], buffer, len);
411 left_over += len;
412 if (left_over >= 128)
413 {
414 sha512_process_block (ctx->buffer, 128, ctx);
415 left_over -= 128;
416 memcpy (ctx->buffer, &ctx->buffer[128], left_over);
417 }
418 ctx->buflen = left_over;
419 }
420 }