"Fossies" - the Fresh Open Source Software Archive

Member "xorriso-1.5.4/libjte/sha512.c" (30 Jan 2021, 14519 Bytes) of package /linux/misc/xorriso-1.5.4.pl02.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. For more information about "sha512.c" see the Fossies "Dox" file reference documentation and the last Fossies "Diffs" side-by-side code changes report: 1.5.2_vs_1.5.4.

    1 /* Functions to compute SHA512 message digest of files or memory blocks.
    2    according to the definition of SHA512 in FIPS 180-2.
    3    Copyright (C) 2007 Free Software Foundation, Inc.
    4 
    5    Copied here from the GNU C Library version 2.7 on the 10 May 2009
    6    by Steve McIntyre <93sam@debian.org>. This code was under LGPL v2.1
    7    in glibc, and that license gives us the option to use and
    8    distribute the code under the terms of the GPL v2 instead. I'm
    9    taking that option.
   10 
   11    This program is free software; you can redistribute it and/or modify it
   12    under the terms of the GNU General Public License as published by the
   13    Free Software Foundation; either version 2, or (at your option) any
   14    later version.
   15 
   16    This program is distributed in the hope that it will be useful,
   17    but WITHOUT ANY WARRANTY; without even the implied warranty of
   18    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   19    GNU General Public License for more details.
   20 
   21    You should have received a copy of the GNU General Public License
   22    along with this program; if not, write to the Free Software Foundation,
   23    Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.  */
   24 
   25 /* Written by Ulrich Drepper <drepper@redhat.com>, 2007.  */
   26 
   27 #ifdef HAVE_CONFIG_H
   28 #include "../config.h"
   29 #endif
   30 
   31 #include <stdlib.h>
   32 #include <string.h>
   33 #include <sys/types.h>
   34 
   35 #include "sha512.h"
   36 
   37 #if __BYTE_ORDER == __LITTLE_ENDIAN
   38 # ifdef _LIBC
   39 #  include <byteswap.h>
   40 #  define SWAP(n) bswap_64 (n)
   41 # else
   42 #  define SWAP(n) \
   43   (((n) << 56)                  \
   44    | (((n) & 0xff00) << 40)         \
   45    | (((n) & 0xff0000) << 24)           \
   46    | (((n) & 0xff000000) << 8)          \
   47    | (((n) >> 8) & 0xff000000)          \
   48    | (((n) >> 24) & 0xff0000)           \
   49    | (((n) >> 40) & 0xff00)         \
   50    | ((n) >> 56))
   51 # endif
   52 #else
   53 # define SWAP(n) (n)
   54 #endif
   55 
   56 
   57 /* This array contains the bytes used to pad the buffer to the next
   58    64-byte boundary.  (FIPS 180-2:5.1.2)  */
   59 static const unsigned char fillbuf[128] = { 0x80, 0 /* , 0, 0, ...  */ };
   60 
   61 
   62 /* Constants for SHA512 from FIPS 180-2:4.2.3.  */
   63 
   64 #define LIBJTE_INITIALIZE_32 yes
   65 
   66 #ifdef LIBJTE_INITIALIZE_32 
   67 
   68 static uint64_t K[80];
   69 static int K_initialized = 0;
   70 /* 64 bit numbers have been split into 32 bit patterns because some compilers
   71    have problems with 64 bit constants.
   72    The 64 bit array gets composed in the first call of sha512_init_ctx().
   73    This is thread safe because any concurrent writes would write the same
   74    value to the same address.
   75 */
   76 static const uint32_t K32[160] =
   77   {
   78     0x428a2f98 , 0xd728ae22 , 0x71374491 , 0x23ef65cd ,
   79     0xb5c0fbcf , 0xec4d3b2f , 0xe9b5dba5 , 0x8189dbbc ,
   80     0x3956c25b , 0xf348b538 , 0x59f111f1 , 0xb605d019 ,
   81     0x923f82a4 , 0xaf194f9b , 0xab1c5ed5 , 0xda6d8118 ,
   82     0xd807aa98 , 0xa3030242 , 0x12835b01 , 0x45706fbe ,
   83     0x243185be , 0x4ee4b28c , 0x550c7dc3 , 0xd5ffb4e2 ,
   84     0x72be5d74 , 0xf27b896f , 0x80deb1fe , 0x3b1696b1 ,
   85     0x9bdc06a7 , 0x25c71235 , 0xc19bf174 , 0xcf692694 ,
   86     0xe49b69c1 , 0x9ef14ad2 , 0xefbe4786 , 0x384f25e3 ,
   87     0x0fc19dc6 , 0x8b8cd5b5 , 0x240ca1cc , 0x77ac9c65 ,
   88     0x2de92c6f , 0x592b0275 , 0x4a7484aa , 0x6ea6e483 ,
   89     0x5cb0a9dc , 0xbd41fbd4 , 0x76f988da , 0x831153b5 ,
   90     0x983e5152 , 0xee66dfab , 0xa831c66d , 0x2db43210 ,
   91     0xb00327c8 , 0x98fb213f , 0xbf597fc7 , 0xbeef0ee4 ,
   92     0xc6e00bf3 , 0x3da88fc2 , 0xd5a79147 , 0x930aa725 ,
   93     0x06ca6351 , 0xe003826f , 0x14292967 , 0x0a0e6e70 ,
   94     0x27b70a85 , 0x46d22ffc , 0x2e1b2138 , 0x5c26c926 ,
   95     0x4d2c6dfc , 0x5ac42aed , 0x53380d13 , 0x9d95b3df ,
   96     0x650a7354 , 0x8baf63de , 0x766a0abb , 0x3c77b2a8 ,
   97     0x81c2c92e , 0x47edaee6 , 0x92722c85 , 0x1482353b ,
   98     0xa2bfe8a1 , 0x4cf10364 , 0xa81a664b , 0xbc423001 ,
   99     0xc24b8b70 , 0xd0f89791 , 0xc76c51a3 , 0x0654be30 ,
  100     0xd192e819 , 0xd6ef5218 , 0xd6990624 , 0x5565a910 ,
  101     0xf40e3585 , 0x5771202a , 0x106aa070 , 0x32bbd1b8 ,
  102     0x19a4c116 , 0xb8d2d0c8 , 0x1e376c08 , 0x5141ab53 ,
  103     0x2748774c , 0xdf8eeb99 , 0x34b0bcb5 , 0xe19b48a8 ,
  104     0x391c0cb3 , 0xc5c95a63 , 0x4ed8aa4a , 0xe3418acb ,
  105     0x5b9cca4f , 0x7763e373 , 0x682e6ff3 , 0xd6b2b8a3 ,
  106     0x748f82ee , 0x5defb2fc , 0x78a5636f , 0x43172f60 ,
  107     0x84c87814 , 0xa1f0ab72 , 0x8cc70208 , 0x1a6439ec ,
  108     0x90befffa , 0x23631e28 , 0xa4506ceb , 0xde82bde9 ,
  109     0xbef9a3f7 , 0xb2c67915 , 0xc67178f2 , 0xe372532b ,
  110     0xca273ece , 0xea26619c , 0xd186b8c7 , 0x21c0c207 ,
  111     0xeada7dd6 , 0xcde0eb1e , 0xf57d4f7f , 0xee6ed178 ,
  112     0x06f067aa , 0x72176fba , 0x0a637dc5 , 0xa2c898a6 ,
  113     0x113f9804 , 0xbef90dae , 0x1b710b35 , 0x131c471b ,
  114     0x28db77f5 , 0x23047d84 , 0x32caab7b , 0x40c72493 ,
  115     0x3c9ebe0a , 0x15c9bebc , 0x431d67c4 , 0x9c100d4c ,
  116     0x4cc5d4be , 0xcb3e42b6 , 0x597f299c , 0xfc657e2a ,
  117     0x5fcb6fab , 0x3ad6faec , 0x6c44198c , 0x4a475817 
  118   };
  119 
  120 #else /* LIBJTE_INITIALIZE_32 */
  121 
  122 static const uint64_t K[80] =
  123  {
  124     UINT64_C (0x428a2f98d728ae22), UINT64_C (0x7137449123ef65cd),
  125     UINT64_C (0xb5c0fbcfec4d3b2f), UINT64_C (0xe9b5dba58189dbbc),
  126     UINT64_C (0x3956c25bf348b538), UINT64_C (0x59f111f1b605d019),
  127     UINT64_C (0x923f82a4af194f9b), UINT64_C (0xab1c5ed5da6d8118),
  128     UINT64_C (0xd807aa98a3030242), UINT64_C (0x12835b0145706fbe),
  129     UINT64_C (0x243185be4ee4b28c), UINT64_C (0x550c7dc3d5ffb4e2),
  130     UINT64_C (0x72be5d74f27b896f), UINT64_C (0x80deb1fe3b1696b1),
  131     UINT64_C (0x9bdc06a725c71235), UINT64_C (0xc19bf174cf692694),
  132     UINT64_C (0xe49b69c19ef14ad2), UINT64_C (0xefbe4786384f25e3),
  133     UINT64_C (0x0fc19dc68b8cd5b5), UINT64_C (0x240ca1cc77ac9c65),
  134     UINT64_C (0x2de92c6f592b0275), UINT64_C (0x4a7484aa6ea6e483),
  135     UINT64_C (0x5cb0a9dcbd41fbd4), UINT64_C (0x76f988da831153b5),
  136     UINT64_C (0x983e5152ee66dfab), UINT64_C (0xa831c66d2db43210),
  137     UINT64_C (0xb00327c898fb213f), UINT64_C (0xbf597fc7beef0ee4),
  138     UINT64_C (0xc6e00bf33da88fc2), UINT64_C (0xd5a79147930aa725),
  139     UINT64_C (0x06ca6351e003826f), UINT64_C (0x142929670a0e6e70),
  140     UINT64_C (0x27b70a8546d22ffc), UINT64_C (0x2e1b21385c26c926),
  141     UINT64_C (0x4d2c6dfc5ac42aed), UINT64_C (0x53380d139d95b3df),
  142     UINT64_C (0x650a73548baf63de), UINT64_C (0x766a0abb3c77b2a8),
  143     UINT64_C (0x81c2c92e47edaee6), UINT64_C (0x92722c851482353b),
  144     UINT64_C (0xa2bfe8a14cf10364), UINT64_C (0xa81a664bbc423001),
  145     UINT64_C (0xc24b8b70d0f89791), UINT64_C (0xc76c51a30654be30),
  146     UINT64_C (0xd192e819d6ef5218), UINT64_C (0xd69906245565a910),
  147     UINT64_C (0xf40e35855771202a), UINT64_C (0x106aa07032bbd1b8),
  148     UINT64_C (0x19a4c116b8d2d0c8), UINT64_C (0x1e376c085141ab53),
  149     UINT64_C (0x2748774cdf8eeb99), UINT64_C (0x34b0bcb5e19b48a8),
  150     UINT64_C (0x391c0cb3c5c95a63), UINT64_C (0x4ed8aa4ae3418acb),
  151     UINT64_C (0x5b9cca4f7763e373), UINT64_C (0x682e6ff3d6b2b8a3),
  152     UINT64_C (0x748f82ee5defb2fc), UINT64_C (0x78a5636f43172f60),
  153     UINT64_C (0x84c87814a1f0ab72), UINT64_C (0x8cc702081a6439ec),
  154     UINT64_C (0x90befffa23631e28), UINT64_C (0xa4506cebde82bde9),
  155     UINT64_C (0xbef9a3f7b2c67915), UINT64_C (0xc67178f2e372532b),
  156     UINT64_C (0xca273eceea26619c), UINT64_C (0xd186b8c721c0c207),
  157     UINT64_C (0xeada7dd6cde0eb1e), UINT64_C (0xf57d4f7fee6ed178),
  158     UINT64_C (0x06f067aa72176fba), UINT64_C (0x0a637dc5a2c898a6),
  159     UINT64_C (0x113f9804bef90dae), UINT64_C (0x1b710b35131c471b),
  160     UINT64_C (0x28db77f523047d84), UINT64_C (0x32caab7b40c72493),
  161     UINT64_C (0x3c9ebe0a15c9bebc), UINT64_C (0x431d67c49c100d4c),
  162     UINT64_C (0x4cc5d4becb3e42b6), UINT64_C (0x597f299cfc657e2a),
  163     UINT64_C (0x5fcb6fab3ad6faec), UINT64_C (0x6c44198c4a475817)
  164   };
  165 
  166 #endif /* ! LIBJTE_INITIALIZE_32 */
  167 
  168 
  169 /* Process LEN bytes of BUFFER, accumulating context into CTX.
  170    It is assumed that LEN % 128 == 0.  */
  171 static void
  172 sha512_process_block (const void *buffer, size_t len, struct sha512_ctx *ctx)
  173 {
  174   const uint64_t *words = buffer;
  175   size_t nwords = len / sizeof (uint64_t);
  176   uint64_t a = ctx->H[0];
  177   uint64_t b = ctx->H[1];
  178   uint64_t c = ctx->H[2];
  179   uint64_t d = ctx->H[3];
  180   uint64_t e = ctx->H[4];
  181   uint64_t f = ctx->H[5];
  182   uint64_t g = ctx->H[6];
  183   uint64_t h = ctx->H[7];
  184 
  185   /* First increment the byte count.  FIPS 180-2 specifies the possible
  186      length of the file up to 2^128 bits.  Here we only compute the
  187      number of bytes.  Do a double word increment.  */
  188   ctx->total[0] += len;
  189   if (ctx->total[0] < len)
  190     ++ctx->total[1];
  191 
  192   /* Process all bytes in the buffer with 128 bytes in each round of
  193      the loop.  */
  194   while (nwords > 0)
  195     {
  196       uint64_t W[80];
  197       uint64_t a_save = a;
  198       uint64_t b_save = b;
  199       uint64_t c_save = c;
  200       uint64_t d_save = d;
  201       uint64_t e_save = e;
  202       uint64_t f_save = f;
  203       uint64_t g_save = g;
  204       uint64_t h_save = h;
  205       unsigned int t;
  206 
  207       /* Operators defined in FIPS 180-2:4.1.2.  */
  208 #define Ch(x, y, z) ((x & y) ^ (~x & z))
  209 #define Maj(x, y, z) ((x & y) ^ (x & z) ^ (y & z))
  210 #define S0(x) (CYCLIC (x, 28) ^ CYCLIC (x, 34) ^ CYCLIC (x, 39))
  211 #define S1(x) (CYCLIC (x, 14) ^ CYCLIC (x, 18) ^ CYCLIC (x, 41))
  212 #define R0(x) (CYCLIC (x, 1) ^ CYCLIC (x, 8) ^ (x >> 7))
  213 #define R1(x) (CYCLIC (x, 19) ^ CYCLIC (x, 61) ^ (x >> 6))
  214 
  215       /* It is unfortunate that C does not provide an operator for
  216      cyclic rotation.  Hope the C compiler is smart enough.  */
  217 #define CYCLIC(w, s) ((w >> s) | (w << (64 - s)))
  218 
  219       /* Compute the message schedule according to FIPS 180-2:6.3.2 step 2.  */
  220       for (t = 0; t < 16; ++t)
  221     {
  222       W[t] = SWAP (*words);
  223       ++words;
  224     }
  225       for (t = 16; t < 80; ++t)
  226     W[t] = R1 (W[t - 2]) + W[t - 7] + R0 (W[t - 15]) + W[t - 16];
  227 
  228       /* The actual computation according to FIPS 180-2:6.3.2 step 3.  */
  229       for (t = 0; t < 80; ++t)
  230     {
  231       uint64_t T1 = h + S1 (e) + Ch (e, f, g) + K[t] + W[t];
  232       uint64_t T2 = S0 (a) + Maj (a, b, c);
  233       h = g;
  234       g = f;
  235       f = e;
  236       e = d + T1;
  237       d = c;
  238       c = b;
  239       b = a;
  240       a = T1 + T2;
  241     }
  242 
  243       /* Add the starting values of the context according to FIPS 180-2:6.3.2
  244      step 4.  */
  245       a += a_save;
  246       b += b_save;
  247       c += c_save;
  248       d += d_save;
  249       e += e_save;
  250       f += f_save;
  251       g += g_save;
  252       h += h_save;
  253 
  254       /* Prepare for the next round.  */
  255       nwords -= 16;
  256     }
  257 
  258   /* Put checksum in context given as argument.  */
  259   ctx->H[0] = a;
  260   ctx->H[1] = b;
  261   ctx->H[2] = c;
  262   ctx->H[3] = d;
  263   ctx->H[4] = e;
  264   ctx->H[5] = f;
  265   ctx->H[6] = g;
  266   ctx->H[7] = h;
  267 }
  268 
  269 
  270 /* Initialize structure containing state of computation.
  271    (FIPS 180-2:5.3.3)  */
  272 void
  273 sha512_init_ctx (struct sha512_ctx *ctx)
  274 {
  275 
  276 #ifdef LIBJTE_INITIALIZE_32
  277 
  278   if (!K_initialized) {
  279       int i;
  280 
  281       for (i = 0; i < 80; i++)
  282           K[i] = (((uint64_t) K32[2 * i]) << 32) | K32[2 * i + 1];
  283       K_initialized = 1;
  284   }
  285 
  286   ctx->H[0] = (((uint64_t) 0x6a09e667) << 32) | 0xf3bcc908;
  287   ctx->H[1] = (((uint64_t) 0xbb67ae85) << 32) | 0x84caa73b;
  288   ctx->H[2] = (((uint64_t) 0x3c6ef372) << 32) | 0xfe94f82b;
  289   ctx->H[3] = (((uint64_t) 0xa54ff53a) << 32) | 0x5f1d36f1;
  290   ctx->H[4] = (((uint64_t) 0x510e527f) << 32) | 0xade682d1;
  291   ctx->H[5] = (((uint64_t) 0x9b05688c) << 32) | 0x2b3e6c1f;
  292   ctx->H[6] = (((uint64_t) 0x1f83d9ab) << 32) | 0xfb41bd6b;
  293   ctx->H[7] = (((uint64_t) 0x5be0cd19) << 32) | 0x137e2179;
  294 
  295 #else /* LIBJTE_INITIALIZE_32 */
  296 
  297   ctx->H[0] = UINT64_C (0x6a09e667f3bcc908);
  298   ctx->H[1] = UINT64_C (0xbb67ae8584caa73b);
  299   ctx->H[2] = UINT64_C (0x3c6ef372fe94f82b);
  300   ctx->H[3] = UINT64_C (0xa54ff53a5f1d36f1);
  301   ctx->H[4] = UINT64_C (0x510e527fade682d1);
  302   ctx->H[5] = UINT64_C (0x9b05688c2b3e6c1f);
  303   ctx->H[6] = UINT64_C (0x1f83d9abfb41bd6b);
  304   ctx->H[7] = UINT64_C (0x5be0cd19137e2179);
  305 
  306 #endif /* LIBJTE_INITIALIZE_32 */
  307 
  308   ctx->total[0] = ctx->total[1] = 0;
  309   ctx->buflen = 0;
  310 }
  311 
  312 
  313 /* Process the remaining bytes in the internal buffer and the usual
  314    prolog according to the standard and write the result to RESBUF.
  315 
  316    IMPORTANT: On some systems it is required that RESBUF is correctly
  317    aligned for a 32 bits value.  */
  318 void *
  319 sha512_finish_ctx (struct sha512_ctx *ctx, void *resbuf)
  320 {
  321   /* Take yet unprocessed bytes into account.  */
  322   uint64_t bytes = ctx->buflen;
  323   size_t pad;
  324   unsigned int i;
  325 
  326   /* Now count remaining bytes.  */
  327   ctx->total[0] += bytes;
  328   if (ctx->total[0] < bytes)
  329     ++ctx->total[1];
  330 
  331   pad = bytes >= 112 ? 128 + 112 - bytes : 112 - bytes;
  332   memcpy (&ctx->buffer[bytes], fillbuf, pad);
  333 
  334   /* Put the 128-bit file length in *bits* at the end of the buffer.  */
  335   *(uint64_t *) &ctx->buffer[bytes + pad + 8] = SWAP (ctx->total[0] << 3);
  336   *(uint64_t *) &ctx->buffer[bytes + pad] = SWAP ((ctx->total[1] << 3) |
  337                           (ctx->total[0] >> 61));
  338 
  339   /* Process last bytes.  */
  340   sha512_process_block (ctx->buffer, bytes + pad + 16, ctx);
  341 
  342   /* Put result from CTX in first 64 bytes following RESBUF.  */
  343   for (i = 0; i < 8; ++i)
  344     ((uint64_t *) resbuf)[i] = SWAP (ctx->H[i]);
  345 
  346   return resbuf;
  347 }
  348 
  349 
  350 void
  351 sha512_process_bytes (const void *buffer, size_t len, struct sha512_ctx *ctx)
  352 {
  353   /* When we already have some bits in our internal buffer concatenate
  354      both inputs first.  */
  355   if (ctx->buflen != 0)
  356     {
  357       size_t left_over = ctx->buflen;
  358       size_t add = 256 - left_over > len ? len : 256 - left_over;
  359 
  360       memcpy (&ctx->buffer[left_over], buffer, add);
  361       ctx->buflen += add;
  362 
  363       if (ctx->buflen > 128)
  364     {
  365       sha512_process_block (ctx->buffer, ctx->buflen & ~127, ctx);
  366 
  367       ctx->buflen &= 127;
  368       /* The regions in the following copy operation cannot overlap.  */
  369       memcpy (ctx->buffer, &ctx->buffer[(left_over + add) & ~127],
  370           ctx->buflen);
  371     }
  372 
  373       buffer = (const char *) buffer + add;
  374       len -= add;
  375     }
  376 
  377   /* Process available complete blocks.  */
  378   if (len >= 128)
  379     {
  380 #if !_STRING_ARCH_unaligned
  381 /* To check alignment gcc has an appropriate operator.  Other
  382    compilers don't.  */
  383 # if __GNUC__ >= 2
  384 #  define UNALIGNED_P(p) (((uintptr_t) p) % __alignof__ (uint64_t) != 0)
  385 # else
  386 #  define UNALIGNED_P(p) (((uintptr_t) p) % sizeof (uint64_t) != 0)
  387 # endif
  388       if (UNALIGNED_P (buffer))
  389     while (len > 128)
  390       {
  391         sha512_process_block (memcpy (ctx->buffer, buffer, 128), 128,
  392                     ctx);
  393         buffer = (const char *) buffer + 128;
  394         len -= 128;
  395       }
  396       else
  397 #endif
  398     {
  399       sha512_process_block (buffer, len & ~127, ctx);
  400       buffer = (const char *) buffer + (len & ~127);
  401       len &= 127;
  402     }
  403     }
  404 
  405   /* Move remaining bytes into internal buffer.  */
  406   if (len > 0)
  407     {
  408       size_t left_over = ctx->buflen;
  409 
  410       memcpy (&ctx->buffer[left_over], buffer, len);
  411       left_over += len;
  412       if (left_over >= 128)
  413     {
  414       sha512_process_block (ctx->buffer, 128, ctx);
  415       left_over -= 128;
  416       memcpy (ctx->buffer, &ctx->buffer[128], left_over);
  417     }
  418       ctx->buflen = left_over;
  419     }
  420 }