mozilla/security/nss/lib/freebl/sha512.c - Issue 14249009: Change the NSS and NSPR source tree to the new directory structure to be

Side by Side Diff: mozilla/security/nss/lib/freebl/sha512.c

Issue 14249009: Change the NSS and NSPR source tree to the new directory structure to be (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/deps/third_party/nss/

Patch Set: Created 7 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
	(Empty)
1 /*

2 * sha512.c - implementation of SHA224, SHA256, SHA384 and SHA512

3 *

4 * This Source Code Form is subject to the terms of the Mozilla Public

5 * License, v. 2.0. If a copy of the MPL was not distributed with this

6 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

7 /* $Id: sha512.c,v 1.23 2013/02/06 00:41:13 wtc%google.com Exp $ */

8

9 #ifdef FREEBL_NO_DEPEND

10 #include "stubs.h"

11 #endif

12

13 #include "prcpucfg.h"

14 #if defined(NSS_X86) \|\| defined(SHA_NO_LONG_LONG)

15 #define NOUNROLL512 1

16 #undef HAVE_LONG_LONG

17 #endif

18 #include "prtypes.h" /* for PRUintXX */

19 #include "prlong.h"

20 #include "secport.h" /* for PORT_XXX */

21 #include "blapi.h"

22 #include "sha256.h" /* for struct SHA256ContextStr */

23

24 /* ============= Common constants and defines ======================= */

25

26 #define W ctx->u.w

27 #define B ctx->u.b

28 #define H ctx->h

29

30 #define SHR(x,n) (x >> n)

31 #define SHL(x,n) (x << n)

32 #define Ch(x,y,z) ((x & y) ^ (~x & z))

33 #define Maj(x,y,z) ((x & y) ^ (x & z) ^ (y & z))

34 #define SHA_MIN(a,b) (a < b ? a : b)

35

36 /* Padding used with all flavors of SHA */

37 static const PRUint8 pad[240] = {

38 0x80,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,

39 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0

40 /* compiler will fill the rest in with zeros */

41 };

42

43 /* ============= SHA256 implementation ================================== */

44

45 /* SHA-256 constants, K256. */

46 static const PRUint32 K256[64] = {

47 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5,

48 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,

49 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,

50 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,

51 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc,

52 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,

53 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7,

54 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,

55 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13,

56 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,

57 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3,

58 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,

59 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5,

60 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,

61 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208,

62 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2

63 };

64

65 /* SHA-256 initial hash values */

66 static const PRUint32 H256[8] = {

67 0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a,

68 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19

69 };

70

71 #if (_MSC_VER >= 1300)

72 #include <stdlib.h>

73 #pragma intrinsic(_byteswap_ulong)

74 #define SHA_HTONL(x) _byteswap_ulong(x)

75 #define BYTESWAP4(x) x = SHA_HTONL(x)

76 #elif defined(_MSC_VER) && defined(NSS_X86_OR_X64)

77 #ifndef FORCEINLINE

78 #if (_MSC_VER >= 1200)

79 #define FORCEINLINE __forceinline

80 #else

81 #define FORCEINLINE __inline

82 #endif

83 #endif

84 #define FASTCALL __fastcall

85

86 static FORCEINLINE PRUint32 FASTCALL

87 swap4b(PRUint32 dwd)

88 {

89 __asm {

90 mov eax,dwd

91 bswap eax

92 }

93 }

94

95 #define SHA_HTONL(x) swap4b(x)

96 #define BYTESWAP4(x) x = SHA_HTONL(x)

97

98 #elif defined(__GNUC__) && defined(NSS_X86_OR_X64)

99 static __inline__ PRUint32 swap4b(PRUint32 value)

100 {

101 __asm__("bswap %0" : "+r" (value));

102 return (value);

103 }

104 #define SHA_HTONL(x) swap4b(x)

105 #define BYTESWAP4(x) x = SHA_HTONL(x)

106

107 #elif defined(__GNUC__) && (defined(__thumb2__) \|\| \

108 (!defined(__thumb__) && \

109 (defined(__ARM_ARCH_6__) \|\| \

110 defined(__ARM_ARCH_6J__) \|\| \

111 defined(__ARM_ARCH_6K__) \|\| \

112 defined(__ARM_ARCH_6Z__) \|\| \

113 defined(__ARM_ARCH_6ZK__) \|\| \

114 defined(__ARM_ARCH_6T2__) \|\| \

115 defined(__ARM_ARCH_7__) \|\| \

116 defined(__ARM_ARCH_7A__) \|\| \

117 defined(__ARM_ARCH_7R__))))

118 static __inline__ PRUint32 swap4b(PRUint32 value)

119 {

120 PRUint32 ret;

121 __asm__("rev %0, %1" : "=r" (ret) : "r"(value));

122 return ret;

123 }

124 #define SHA_HTONL(x) swap4b(x)

125 #define BYTESWAP4(x) x = SHA_HTONL(x)

126

127 #else

128 #define SWAP4MASK 0x00FF00FF

129 #define SHA_HTONL(x) (t1 = (x), t1 = (t1 << 16) \| (t1 >> 16), \

130 ((t1 & SWAP4MASK) << 8) \| ((t1 >> 8) & SWAP4MASK))

131 #define BYTESWAP4(x) x = SHA_HTONL(x)

132 #endif

133

134 #if defined(_MSC_VER)

135 #pragma intrinsic (_lrotr, _lrotl)

136 #define ROTR32(x,n) _lrotr(x,n)

137 #define ROTL32(x,n) _lrotl(x,n)

138 #else

139 #define ROTR32(x,n) ((x >> n) \| (x << ((8 * sizeof x) - n)))

140 #define ROTL32(x,n) ((x << n) \| (x >> ((8 * sizeof x) - n)))

141 #endif

142

143 /* Capitol Sigma and lower case sigma functions */

144 #define S0(x) (ROTR32(x, 2) ^ ROTR32(x,13) ^ ROTR32(x,22))

145 #define S1(x) (ROTR32(x, 6) ^ ROTR32(x,11) ^ ROTR32(x,25))

146 #define s0(x) (t1 = x, ROTR32(t1, 7) ^ ROTR32(t1,18) ^ SHR(t1, 3))

147 #define s1(x) (t2 = x, ROTR32(t2,17) ^ ROTR32(t2,19) ^ SHR(t2,10))

148

149 SHA256Context *

150 SHA256_NewContext(void)

151 {

152 SHA256Context *ctx = PORT_New(SHA256Context);

153 return ctx;

154 }

155

156 void

157 SHA256_DestroyContext(SHA256Context *ctx, PRBool freeit)

158 {

159 memset(ctx, 0, sizeof *ctx);

160 if (freeit) {

161 PORT_Free(ctx);

162 }

163 }

164

165 void

166 SHA256_Begin(SHA256Context *ctx)

167 {

168 memset(ctx, 0, sizeof *ctx);

169 memcpy(H, H256, sizeof H256);

170 }

171

172 static void

173 SHA256_Compress(SHA256Context *ctx)

174 {

175 {

176 register PRUint32 t1, t2;

177

178 #if defined(IS_LITTLE_ENDIAN)

179 BYTESWAP4(W[0]);

180 BYTESWAP4(W[1]);

181 BYTESWAP4(W[2]);

182 BYTESWAP4(W[3]);

183 BYTESWAP4(W[4]);

184 BYTESWAP4(W[5]);

185 BYTESWAP4(W[6]);

186 BYTESWAP4(W[7]);

187 BYTESWAP4(W[8]);

188 BYTESWAP4(W[9]);

189 BYTESWAP4(W[10]);

190 BYTESWAP4(W[11]);

191 BYTESWAP4(W[12]);

192 BYTESWAP4(W[13]);

193 BYTESWAP4(W[14]);

194 BYTESWAP4(W[15]);

195 #endif

196

197 #define INITW(t) W[t] = (s1(W[t-2]) + W[t-7] + s0(W[t-15]) + W[t-16])

198

199 /* prepare the "message schedule" */

200 #ifdef NOUNROLL256

201 {

202 int t;

203 for (t = 16; t < 64; ++t) {

204 INITW(t);

205 }

206 }

207 #else

208 INITW(16);

209 INITW(17);

210 INITW(18);

211 INITW(19);

212

213 INITW(20);

214 INITW(21);

215 INITW(22);

216 INITW(23);

217 INITW(24);

218 INITW(25);

219 INITW(26);

220 INITW(27);

221 INITW(28);

222 INITW(29);

223

224 INITW(30);

225 INITW(31);

226 INITW(32);

227 INITW(33);

228 INITW(34);

229 INITW(35);

230 INITW(36);

231 INITW(37);

232 INITW(38);

233 INITW(39);

234

235 INITW(40);

236 INITW(41);

237 INITW(42);

238 INITW(43);

239 INITW(44);

240 INITW(45);

241 INITW(46);

242 INITW(47);

243 INITW(48);

244 INITW(49);

245

246 INITW(50);

247 INITW(51);

248 INITW(52);

249 INITW(53);

250 INITW(54);

251 INITW(55);

252 INITW(56);

253 INITW(57);

254 INITW(58);

255 INITW(59);

256

257 INITW(60);

258 INITW(61);

259 INITW(62);

260 INITW(63);

261

262 #endif

263 #undef INITW

264 }

265 {

266 PRUint32 a, b, c, d, e, f, g, h;

267

268 a = H[0];

269 b = H[1];

270 c = H[2];

271 d = H[3];

272 e = H[4];

273 f = H[5];

274 g = H[6];

275 h = H[7];

276

277 #define ROUND(n,a,b,c,d,e,f,g,h) \

278 h += S1(e) + Ch(e,f,g) + K256[n] + W[n]; \

279 d += h; \

280 h += S0(a) + Maj(a,b,c);

281

282 #ifdef NOUNROLL256

283 {

284 int t;

285 for (t = 0; t < 64; t+= 8) {

286 ROUND(t+0,a,b,c,d,e,f,g,h)

287 ROUND(t+1,h,a,b,c,d,e,f,g)

288 ROUND(t+2,g,h,a,b,c,d,e,f)

289 ROUND(t+3,f,g,h,a,b,c,d,e)

290 ROUND(t+4,e,f,g,h,a,b,c,d)

291 ROUND(t+5,d,e,f,g,h,a,b,c)

292 ROUND(t+6,c,d,e,f,g,h,a,b)

293 ROUND(t+7,b,c,d,e,f,g,h,a)

294 }

295 }

296 #else

297 ROUND( 0,a,b,c,d,e,f,g,h)

298 ROUND( 1,h,a,b,c,d,e,f,g)

299 ROUND( 2,g,h,a,b,c,d,e,f)

300 ROUND( 3,f,g,h,a,b,c,d,e)

301 ROUND( 4,e,f,g,h,a,b,c,d)

302 ROUND( 5,d,e,f,g,h,a,b,c)

303 ROUND( 6,c,d,e,f,g,h,a,b)

304 ROUND( 7,b,c,d,e,f,g,h,a)

305

306 ROUND( 8,a,b,c,d,e,f,g,h)

307 ROUND( 9,h,a,b,c,d,e,f,g)

308 ROUND(10,g,h,a,b,c,d,e,f)

309 ROUND(11,f,g,h,a,b,c,d,e)

310 ROUND(12,e,f,g,h,a,b,c,d)

311 ROUND(13,d,e,f,g,h,a,b,c)

312 ROUND(14,c,d,e,f,g,h,a,b)

313 ROUND(15,b,c,d,e,f,g,h,a)

314

315 ROUND(16,a,b,c,d,e,f,g,h)

316 ROUND(17,h,a,b,c,d,e,f,g)

317 ROUND(18,g,h,a,b,c,d,e,f)

318 ROUND(19,f,g,h,a,b,c,d,e)

319 ROUND(20,e,f,g,h,a,b,c,d)

320 ROUND(21,d,e,f,g,h,a,b,c)

321 ROUND(22,c,d,e,f,g,h,a,b)

322 ROUND(23,b,c,d,e,f,g,h,a)

323

324 ROUND(24,a,b,c,d,e,f,g,h)

325 ROUND(25,h,a,b,c,d,e,f,g)

326 ROUND(26,g,h,a,b,c,d,e,f)

327 ROUND(27,f,g,h,a,b,c,d,e)

328 ROUND(28,e,f,g,h,a,b,c,d)

329 ROUND(29,d,e,f,g,h,a,b,c)

330 ROUND(30,c,d,e,f,g,h,a,b)

331 ROUND(31,b,c,d,e,f,g,h,a)

332

333 ROUND(32,a,b,c,d,e,f,g,h)

334 ROUND(33,h,a,b,c,d,e,f,g)

335 ROUND(34,g,h,a,b,c,d,e,f)

336 ROUND(35,f,g,h,a,b,c,d,e)

337 ROUND(36,e,f,g,h,a,b,c,d)

338 ROUND(37,d,e,f,g,h,a,b,c)

339 ROUND(38,c,d,e,f,g,h,a,b)

340 ROUND(39,b,c,d,e,f,g,h,a)

341

342 ROUND(40,a,b,c,d,e,f,g,h)

343 ROUND(41,h,a,b,c,d,e,f,g)

344 ROUND(42,g,h,a,b,c,d,e,f)

345 ROUND(43,f,g,h,a,b,c,d,e)

346 ROUND(44,e,f,g,h,a,b,c,d)

347 ROUND(45,d,e,f,g,h,a,b,c)

348 ROUND(46,c,d,e,f,g,h,a,b)

349 ROUND(47,b,c,d,e,f,g,h,a)

350

351 ROUND(48,a,b,c,d,e,f,g,h)

352 ROUND(49,h,a,b,c,d,e,f,g)

353 ROUND(50,g,h,a,b,c,d,e,f)

354 ROUND(51,f,g,h,a,b,c,d,e)

355 ROUND(52,e,f,g,h,a,b,c,d)

356 ROUND(53,d,e,f,g,h,a,b,c)

357 ROUND(54,c,d,e,f,g,h,a,b)

358 ROUND(55,b,c,d,e,f,g,h,a)

359

360 ROUND(56,a,b,c,d,e,f,g,h)

361 ROUND(57,h,a,b,c,d,e,f,g)

362 ROUND(58,g,h,a,b,c,d,e,f)

363 ROUND(59,f,g,h,a,b,c,d,e)

364 ROUND(60,e,f,g,h,a,b,c,d)

365 ROUND(61,d,e,f,g,h,a,b,c)

366 ROUND(62,c,d,e,f,g,h,a,b)

367 ROUND(63,b,c,d,e,f,g,h,a)

368 #endif

369

370 H[0] += a;

371 H[1] += b;

372 H[2] += c;

373 H[3] += d;

374 H[4] += e;

375 H[5] += f;

376 H[6] += g;

377 H[7] += h;

378 }

379 #undef ROUND

380 }

381

382 #undef s0

383 #undef s1

384 #undef S0

385 #undef S1

386

387 void

388 SHA256_Update(SHA256Context ctx, const unsigned char input,

389 unsigned int inputLen)

390 {

391 unsigned int inBuf = ctx->sizeLo & 0x3f;

392 if (!inputLen)

393 return;

394

395 /* Add inputLen into the count of bytes processed, before processing */

396 if ((ctx->sizeLo += inputLen) < inputLen)

397 ctx->sizeHi++;

398

399 /* if data already in buffer, attemp to fill rest of buffer */

400 if (inBuf) {

401 unsigned int todo = SHA256_BLOCK_LENGTH - inBuf;

402 if (inputLen < todo)

403 todo = inputLen;

404 memcpy(B + inBuf, input, todo);

405 input += todo;

406 inputLen -= todo;

407 if (inBuf + todo == SHA256_BLOCK_LENGTH)

408 SHA256_Compress(ctx);

409 }

410

411 /* if enough data to fill one or more whole buffers, process them. */

412 while (inputLen >= SHA256_BLOCK_LENGTH) {

413 memcpy(B, input, SHA256_BLOCK_LENGTH);

414 input += SHA256_BLOCK_LENGTH;

415 inputLen -= SHA256_BLOCK_LENGTH;

416 SHA256_Compress(ctx);

417 }

418 /* if data left over, fill it into buffer */

419 if (inputLen)

420 memcpy(B, input, inputLen);

421 }

422

423 void

424 SHA256_End(SHA256Context ctx, unsigned char digest,

425 unsigned int *digestLen, unsigned int maxDigestLen)

426 {

427 unsigned int inBuf = ctx->sizeLo & 0x3f;

428 unsigned int padLen = (inBuf < 56) ? (56 - inBuf) : (56 + 64 - inBuf);

429 PRUint32 hi, lo;

430 #ifdef SWAP4MASK

431 PRUint32 t1;

432 #endif

433

434 hi = (ctx->sizeHi << 3) \| (ctx->sizeLo >> 29);

435 lo = (ctx->sizeLo << 3);

436

437 SHA256_Update(ctx, pad, padLen);

438

439 #if defined(IS_LITTLE_ENDIAN)

440 W[14] = SHA_HTONL(hi);

441 W[15] = SHA_HTONL(lo);

442 #else

443 W[14] = hi;

444 W[15] = lo;

445 #endif

446 SHA256_Compress(ctx);

447

448 /* now output the answer */

449 #if defined(IS_LITTLE_ENDIAN)

450 BYTESWAP4(H[0]);

451 BYTESWAP4(H[1]);

452 BYTESWAP4(H[2]);

453 BYTESWAP4(H[3]);

454 BYTESWAP4(H[4]);

455 BYTESWAP4(H[5]);

456 BYTESWAP4(H[6]);

457 BYTESWAP4(H[7]);

458 #endif

459 padLen = PR_MIN(SHA256_LENGTH, maxDigestLen);

460 memcpy(digest, H, padLen);

461 if (digestLen)

462 *digestLen = padLen;

463 }

464

465 void

466 SHA256_EndRaw(SHA256Context ctx, unsigned char digest,

467 unsigned int *digestLen, unsigned int maxDigestLen)

468 {

469 PRUint32 h[8];

470 unsigned int len;

471 #ifdef SWAP4MASK

472 PRUint32 t1;

473 #endif

474

475 memcpy(h, ctx->h, sizeof(h));

476

477 #if defined(IS_LITTLE_ENDIAN)

478 BYTESWAP4(h[0]);

479 BYTESWAP4(h[1]);

480 BYTESWAP4(h[2]);

481 BYTESWAP4(h[3]);

482 BYTESWAP4(h[4]);

483 BYTESWAP4(h[5]);

484 BYTESWAP4(h[6]);

485 BYTESWAP4(h[7]);

486 #endif

487

488 len = PR_MIN(SHA256_LENGTH, maxDigestLen);

489 memcpy(digest, h, len);

490 if (digestLen)

491 *digestLen = len;

492 }

493

494 SECStatus

495 SHA256_HashBuf(unsigned char dest, const unsigned char src,

496 uint32 src_length)

497 {

498 SHA256Context ctx;

499 unsigned int outLen;

500

501 SHA256_Begin(&ctx);

502 SHA256_Update(&ctx, src, src_length);

503 SHA256_End(&ctx, dest, &outLen, SHA256_LENGTH);

504 memset(&ctx, 0, sizeof ctx);

505

506 return SECSuccess;

507 }

508

509

510 SECStatus

511 SHA256_Hash(unsigned char dest, const char src)

512 {

513 return SHA256_HashBuf(dest, (const unsigned char *)src, PORT_Strlen(src));

514 }

515

516

517 void SHA256_TraceState(SHA256Context *ctx) { }

518

519 unsigned int

520 SHA256_FlattenSize(SHA256Context *ctx)

521 {

522 return sizeof *ctx;

523 }

524

525 SECStatus

526 SHA256_Flatten(SHA256Context ctx,unsigned char space)

527 {

528 PORT_Memcpy(space, ctx, sizeof *ctx);

529 return SECSuccess;

530 }

531

532 SHA256Context *

533 SHA256_Resurrect(unsigned char space, void arg)

534 {

535 SHA256Context *ctx = SHA256_NewContext();

536 if (ctx)

537 PORT_Memcpy(ctx, space, sizeof *ctx);

538 return ctx;

539 }

540

541 void SHA256_Clone(SHA256Context dest, SHA256Context src)

542 {

543 memcpy(dest, src, sizeof *dest);

544 }

545

546 /* ============= SHA224 implementation ================================== */

547

548 /* SHA-224 initial hash values */

549 static const PRUint32 H224[8] = {

550 0xc1059ed8, 0x367cd507, 0x3070dd17, 0xf70e5939,

551 0xffc00b31, 0x68581511, 0x64f98fa7, 0xbefa4fa4

552 };

553

554 SHA224Context *

555 SHA224_NewContext(void)

556 {

557 return SHA256_NewContext();

558 }

559

560 void

561 SHA224_DestroyContext(SHA224Context *ctx, PRBool freeit)

562 {

563 SHA256_DestroyContext(ctx, freeit);

564 }

565

566 void

567 SHA224_Begin(SHA224Context *ctx)

568 {

569 memset(ctx, 0, sizeof *ctx);

570 memcpy(H, H224, sizeof H224);

571 }

572

573 void

574 SHA224_Update(SHA224Context ctx, const unsigned char input,

575 unsigned int inputLen)

576 {

577 SHA256_Update(ctx, input, inputLen);

578 }

579

580 void

581 SHA224_End(SHA256Context ctx, unsigned char digest,

582 unsigned int *digestLen, unsigned int maxDigestLen)

583 {

584 unsigned int maxLen = SHA_MIN(maxDigestLen, SHA224_LENGTH);

585 SHA256_End(ctx, digest, digestLen, maxLen);

586 }

587

588 void

589 SHA224_EndRaw(SHA256Context ctx, unsigned char digest,

590 unsigned int *digestLen, unsigned int maxDigestLen)

591 {

592 unsigned int maxLen = SHA_MIN(maxDigestLen, SHA224_LENGTH);

593 SHA256_EndRaw(ctx, digest, digestLen, maxLen);

594 }

595

596 SECStatus

597 SHA224_HashBuf(unsigned char dest, const unsigned char src,

598 uint32 src_length)

599 {

600 SHA256Context ctx;

601 unsigned int outLen;

602

603 SHA224_Begin(&ctx);

604 SHA256_Update(&ctx, src, src_length);

605 SHA256_End(&ctx, dest, &outLen, SHA224_LENGTH);

606 memset(&ctx, 0, sizeof ctx);

607

608 return SECSuccess;

609 }

610

611 SECStatus

612 SHA224_Hash(unsigned char dest, const char src)

613 {

614 return SHA224_HashBuf(dest, (const unsigned char *)src, PORT_Strlen(src));

615 }

616

617 void SHA224_TraceState(SHA224Context *ctx) { }

618

619 unsigned int

620 SHA224_FlattenSize(SHA224Context *ctx)

621 {

622 return SHA256_FlattenSize(ctx);

623 }

624

625 SECStatus

626 SHA224_Flatten(SHA224Context ctx, unsigned char space)

627 {

628 return SHA256_Flatten(ctx, space);

629 }

630

631 SHA224Context *

632 SHA224_Resurrect(unsigned char space, void arg)

633 {

634 return SHA256_Resurrect(space, arg);

635 }

636

637 void SHA224_Clone(SHA224Context dest, SHA224Context src)

638 {

639 SHA256_Clone(dest, src);

640 }

641

642

643 /* ======= SHA512 and SHA384 common constants and defines ================= */

644

645 /* common #defines for SHA512 and SHA384 */

646 #if defined(HAVE_LONG_LONG)

647 #if defined(_MSC_VER)

648 #pragma intrinsic(_rotr64,_rotl64)

649 #define ROTR64(x,n) _rotr64(x,n)

650 #define ROTL64(x,n) _rotl64(x,n)

651 #else

652 #define ROTR64(x,n) ((x >> n) \| (x << (64 - n)))

653 #define ROTL64(x,n) ((x << n) \| (x >> (64 - n)))

654 #endif

655

656 #define S0(x) (ROTR64(x,28) ^ ROTR64(x,34) ^ ROTR64(x,39))

657 #define S1(x) (ROTR64(x,14) ^ ROTR64(x,18) ^ ROTR64(x,41))

658 #define s0(x) (t1 = x, ROTR64(t1, 1) ^ ROTR64(t1, 8) ^ SHR(t1,7))

659 #define s1(x) (t2 = x, ROTR64(t2,19) ^ ROTR64(t2,61) ^ SHR(t2,6))

660

661 #if PR_BYTES_PER_LONG == 8

662 #define ULLC(hi,lo) 0x ## hi ## lo ## UL

663 #elif defined(_MSC_VER)

664 #define ULLC(hi,lo) 0x ## hi ## lo ## ui64

665 #else

666 #define ULLC(hi,lo) 0x ## hi ## lo ## ULL

667 #endif

668

669 #if defined(_MSC_VER)

670 #pragma intrinsic(_byteswap_uint64)

671 #define SHA_HTONLL(x) _byteswap_uint64(x)

672

673 #elif defined(__GNUC__) && (defined(__x86_64__) \|\| defined(__x86_64))

674 static __inline__ PRUint64 swap8b(PRUint64 value)

675 {

676 __asm__("bswapq %0" : "+r" (value));

677 return (value);

678 }

679 #define SHA_HTONLL(x) swap8b(x)

680

681 #else

682 #define SHA_MASK16 ULLC(0000FFFF,0000FFFF)

683 #define SHA_MASK8 ULLC(00FF00FF,00FF00FF)

684 #define SHA_HTONLL(x) (t1 = x, \

685 t1 = ((t1 & SHA_MASK8 ) << 8) \| ((t1 >> 8) & SHA_MASK8 ), \

686 t1 = ((t1 & SHA_MASK16) << 16) \| ((t1 >> 16) & SHA_MASK16), \

687 (t1 >> 32) \| (t1 << 32))

688 #endif

689 #define BYTESWAP8(x) x = SHA_HTONLL(x)

690

691 #else /* no long long */

692

693 #if defined(IS_LITTLE_ENDIAN)

694 #define ULLC(hi,lo) { 0x ## lo ## U, 0x ## hi ## U }

695 #else

696 #define ULLC(hi,lo) { 0x ## hi ## U, 0x ## lo ## U }

697 #endif

698

699 #define SHA_HTONLL(x) ( BYTESWAP4(x.lo), BYTESWAP4(x.hi), \

700 x.hi ^= x.lo ^= x.hi ^= x.lo, x)

701 #define BYTESWAP8(x) do { PRUint32 tmp; BYTESWAP4(x.lo); BYTESWAP4(x.hi); \

702 tmp = x.lo; x.lo = x.hi; x.hi = tmp; } while (0)

703 #endif

704

705 /* SHA-384 and SHA-512 constants, K512. */

706 static const PRUint64 K512[80] = {

707 #if PR_BYTES_PER_LONG == 8

708 0x428a2f98d728ae22UL , 0x7137449123ef65cdUL ,

709 0xb5c0fbcfec4d3b2fUL , 0xe9b5dba58189dbbcUL ,

710 0x3956c25bf348b538UL , 0x59f111f1b605d019UL ,

711 0x923f82a4af194f9bUL , 0xab1c5ed5da6d8118UL ,

712 0xd807aa98a3030242UL , 0x12835b0145706fbeUL ,

713 0x243185be4ee4b28cUL , 0x550c7dc3d5ffb4e2UL ,

714 0x72be5d74f27b896fUL , 0x80deb1fe3b1696b1UL ,

715 0x9bdc06a725c71235UL , 0xc19bf174cf692694UL ,

716 0xe49b69c19ef14ad2UL , 0xefbe4786384f25e3UL ,

717 0x0fc19dc68b8cd5b5UL , 0x240ca1cc77ac9c65UL ,

718 0x2de92c6f592b0275UL , 0x4a7484aa6ea6e483UL ,

719 0x5cb0a9dcbd41fbd4UL , 0x76f988da831153b5UL ,

720 0x983e5152ee66dfabUL , 0xa831c66d2db43210UL ,

721 0xb00327c898fb213fUL , 0xbf597fc7beef0ee4UL ,

722 0xc6e00bf33da88fc2UL , 0xd5a79147930aa725UL ,

723 0x06ca6351e003826fUL , 0x142929670a0e6e70UL ,

724 0x27b70a8546d22ffcUL , 0x2e1b21385c26c926UL ,

725 0x4d2c6dfc5ac42aedUL , 0x53380d139d95b3dfUL ,

726 0x650a73548baf63deUL , 0x766a0abb3c77b2a8UL ,

727 0x81c2c92e47edaee6UL , 0x92722c851482353bUL ,

728 0xa2bfe8a14cf10364UL , 0xa81a664bbc423001UL ,

729 0xc24b8b70d0f89791UL , 0xc76c51a30654be30UL ,

730 0xd192e819d6ef5218UL , 0xd69906245565a910UL ,

731 0xf40e35855771202aUL , 0x106aa07032bbd1b8UL ,

732 0x19a4c116b8d2d0c8UL , 0x1e376c085141ab53UL ,

733 0x2748774cdf8eeb99UL , 0x34b0bcb5e19b48a8UL ,

734 0x391c0cb3c5c95a63UL , 0x4ed8aa4ae3418acbUL ,

735 0x5b9cca4f7763e373UL , 0x682e6ff3d6b2b8a3UL ,

736 0x748f82ee5defb2fcUL , 0x78a5636f43172f60UL ,

737 0x84c87814a1f0ab72UL , 0x8cc702081a6439ecUL ,

738 0x90befffa23631e28UL , 0xa4506cebde82bde9UL ,

739 0xbef9a3f7b2c67915UL , 0xc67178f2e372532bUL ,

740 0xca273eceea26619cUL , 0xd186b8c721c0c207UL ,

741 0xeada7dd6cde0eb1eUL , 0xf57d4f7fee6ed178UL ,

742 0x06f067aa72176fbaUL , 0x0a637dc5a2c898a6UL ,

743 0x113f9804bef90daeUL , 0x1b710b35131c471bUL ,

744 0x28db77f523047d84UL , 0x32caab7b40c72493UL ,

745 0x3c9ebe0a15c9bebcUL , 0x431d67c49c100d4cUL ,

746 0x4cc5d4becb3e42b6UL , 0x597f299cfc657e2aUL ,

747 0x5fcb6fab3ad6faecUL , 0x6c44198c4a475817UL

748 #else

749 ULLC(428a2f98,d728ae22), ULLC(71374491,23ef65cd),

750 ULLC(b5c0fbcf,ec4d3b2f), ULLC(e9b5dba5,8189dbbc),

751 ULLC(3956c25b,f348b538), ULLC(59f111f1,b605d019),

752 ULLC(923f82a4,af194f9b), ULLC(ab1c5ed5,da6d8118),

753 ULLC(d807aa98,a3030242), ULLC(12835b01,45706fbe),

754 ULLC(243185be,4ee4b28c), ULLC(550c7dc3,d5ffb4e2),

755 ULLC(72be5d74,f27b896f), ULLC(80deb1fe,3b1696b1),

756 ULLC(9bdc06a7,25c71235), ULLC(c19bf174,cf692694),

757 ULLC(e49b69c1,9ef14ad2), ULLC(efbe4786,384f25e3),

758 ULLC(0fc19dc6,8b8cd5b5), ULLC(240ca1cc,77ac9c65),

759 ULLC(2de92c6f,592b0275), ULLC(4a7484aa,6ea6e483),

760 ULLC(5cb0a9dc,bd41fbd4), ULLC(76f988da,831153b5),

761 ULLC(983e5152,ee66dfab), ULLC(a831c66d,2db43210),

762 ULLC(b00327c8,98fb213f), ULLC(bf597fc7,beef0ee4),

763 ULLC(c6e00bf3,3da88fc2), ULLC(d5a79147,930aa725),

764 ULLC(06ca6351,e003826f), ULLC(14292967,0a0e6e70),

765 ULLC(27b70a85,46d22ffc), ULLC(2e1b2138,5c26c926),

766 ULLC(4d2c6dfc,5ac42aed), ULLC(53380d13,9d95b3df),

767 ULLC(650a7354,8baf63de), ULLC(766a0abb,3c77b2a8),

768 ULLC(81c2c92e,47edaee6), ULLC(92722c85,1482353b),

769 ULLC(a2bfe8a1,4cf10364), ULLC(a81a664b,bc423001),

770 ULLC(c24b8b70,d0f89791), ULLC(c76c51a3,0654be30),

771 ULLC(d192e819,d6ef5218), ULLC(d6990624,5565a910),

772 ULLC(f40e3585,5771202a), ULLC(106aa070,32bbd1b8),

773 ULLC(19a4c116,b8d2d0c8), ULLC(1e376c08,5141ab53),

774 ULLC(2748774c,df8eeb99), ULLC(34b0bcb5,e19b48a8),

775 ULLC(391c0cb3,c5c95a63), ULLC(4ed8aa4a,e3418acb),

776 ULLC(5b9cca4f,7763e373), ULLC(682e6ff3,d6b2b8a3),

777 ULLC(748f82ee,5defb2fc), ULLC(78a5636f,43172f60),

778 ULLC(84c87814,a1f0ab72), ULLC(8cc70208,1a6439ec),

779 ULLC(90befffa,23631e28), ULLC(a4506ceb,de82bde9),

780 ULLC(bef9a3f7,b2c67915), ULLC(c67178f2,e372532b),

781 ULLC(ca273ece,ea26619c), ULLC(d186b8c7,21c0c207),

782 ULLC(eada7dd6,cde0eb1e), ULLC(f57d4f7f,ee6ed178),

783 ULLC(06f067aa,72176fba), ULLC(0a637dc5,a2c898a6),

784 ULLC(113f9804,bef90dae), ULLC(1b710b35,131c471b),

785 ULLC(28db77f5,23047d84), ULLC(32caab7b,40c72493),

786 ULLC(3c9ebe0a,15c9bebc), ULLC(431d67c4,9c100d4c),

787 ULLC(4cc5d4be,cb3e42b6), ULLC(597f299c,fc657e2a),

788 ULLC(5fcb6fab,3ad6faec), ULLC(6c44198c,4a475817)

789 #endif

790 };

791

792 struct SHA512ContextStr {

793 union {

794 PRUint64 w[80]; /* message schedule, input buffer, plus 64 words */

795 PRUint32 l[160];

796 PRUint8 b[640];

797 } u;

798 PRUint64 h[8]; /* 8 state variables */

799 PRUint64 sizeLo; /* 64-bit count of hashed bytes. */

800 };

801

802 /* =========== SHA512 implementation ===================================== */

803

804 /* SHA-512 initial hash values */

805 static const PRUint64 H512[8] = {

806 #if PR_BYTES_PER_LONG == 8

807 0x6a09e667f3bcc908UL , 0xbb67ae8584caa73bUL ,

808 0x3c6ef372fe94f82bUL , 0xa54ff53a5f1d36f1UL ,

809 0x510e527fade682d1UL , 0x9b05688c2b3e6c1fUL ,

810 0x1f83d9abfb41bd6bUL , 0x5be0cd19137e2179UL

811 #else

812 ULLC(6a09e667,f3bcc908), ULLC(bb67ae85,84caa73b),

813 ULLC(3c6ef372,fe94f82b), ULLC(a54ff53a,5f1d36f1),

814 ULLC(510e527f,ade682d1), ULLC(9b05688c,2b3e6c1f),

815 ULLC(1f83d9ab,fb41bd6b), ULLC(5be0cd19,137e2179)

816 #endif

817 };

818

819

820 SHA512Context *

821 SHA512_NewContext(void)

822 {

823 SHA512Context *ctx = PORT_New(SHA512Context);

824 return ctx;

825 }

826

827 void

828 SHA512_DestroyContext(SHA512Context *ctx, PRBool freeit)

829 {

830 memset(ctx, 0, sizeof *ctx);

831 if (freeit) {

832 PORT_Free(ctx);

833 }

834 }

835

836 void

837 SHA512_Begin(SHA512Context *ctx)

838 {

839 memset(ctx, 0, sizeof *ctx);

840 memcpy(H, H512, sizeof H512);

841 }

842

843 #if defined(SHA512_TRACE)

844 #if defined(HAVE_LONG_LONG)

845 #define DUMP(n,a,d,e,h) printf(" t = %2d, %s = %016lx, %s = %016lx\n", \

846 n, #e, d, #a, h);

847 #else

848 #define DUMP(n,a,d,e,h) printf(" t = %2d, %s = %08x%08x, %s = %08x%08x\n", \

849 n, #e, d.hi, d.lo, #a, h.hi, h.lo);

850 #endif

851 #else

852 #define DUMP(n,a,d,e,h)

853 #endif

854

855 #if defined(HAVE_LONG_LONG)

856

857 #define ADDTO(x,y) y += x

858

859 #define INITW(t) W[t] = (s1(W[t-2]) + W[t-7] + s0(W[t-15]) + W[t-16])

860

861 #define ROUND(n,a,b,c,d,e,f,g,h) \

862 h += S1(e) + Ch(e,f,g) + K512[n] + W[n]; \

863 d += h; \

864 h += S0(a) + Maj(a,b,c); \

865 DUMP(n,a,d,e,h)

866

867 #else /* use only 32-bit variables, and don't unroll loops */

868

869 #undef NOUNROLL512

870 #define NOUNROLL512 1

871

872 #define ADDTO(x,y) y.lo += x.lo; y.hi += x.hi + (x.lo > y.lo)

873

874 #define ROTR64a(x,n,lo,hi) (x.lo >> n \| x.hi << (32-n))

875 #define ROTR64A(x,n,lo,hi) (x.lo << (64-n) \| x.hi >> (n-32))

876 #define SHR64a(x,n,lo,hi) (x.lo >> n \| x.hi << (32-n))

877

878 /* Capitol Sigma and lower case sigma functions */

879 #define s0lo(x) (ROTR64a(x,1,lo,hi) ^ ROTR64a(x,8,lo,hi) ^ SHR64a(x,7,lo,hi))

880 #define s0hi(x) (ROTR64a(x,1,hi,lo) ^ ROTR64a(x,8,hi,lo) ^ (x.hi >> 7))

881

882 #define s1lo(x) (ROTR64a(x,19,lo,hi) ^ ROTR64A(x,61,lo,hi) ^ SHR64a(x,6,lo,hi))

883 #define s1hi(x) (ROTR64a(x,19,hi,lo) ^ ROTR64A(x,61,hi,lo) ^ (x.hi >> 6))

884

885 #define S0lo(x)(ROTR64a(x,28,lo,hi) ^ ROTR64A(x,34,lo,hi) ^ ROTR64A(x,39,lo,hi))

886 #define S0hi(x)(ROTR64a(x,28,hi,lo) ^ ROTR64A(x,34,hi,lo) ^ ROTR64A(x,39,hi,lo))

887

888 #define S1lo(x)(ROTR64a(x,14,lo,hi) ^ ROTR64a(x,18,lo,hi) ^ ROTR64A(x,41,lo,hi))

889 #define S1hi(x)(ROTR64a(x,14,hi,lo) ^ ROTR64a(x,18,hi,lo) ^ ROTR64A(x,41,hi,lo))

890

891 /* 32-bit versions of Ch and Maj */

892 #define Chxx(x,y,z,lo) ((x.lo & y.lo) ^ (~x.lo & z.lo))

893 #define Majx(x,y,z,lo) ((x.lo & y.lo) ^ (x.lo & z.lo) ^ (y.lo & z.lo))

894

895 #define INITW(t) \

896 do { \

897 PRUint32 lo, tm; \

898 PRUint32 cy = 0; \

899 lo = s1lo(W[t-2]); \

900 lo += (tm = W[t-7].lo); if (lo < tm) cy++; \

901 lo += (tm = s0lo(W[t-15])); if (lo < tm) cy++; \

902 lo += (tm = W[t-16].lo); if (lo < tm) cy++; \

903 W[t].lo = lo; \

904 W[t].hi = cy + s1hi(W[t-2]) + W[t-7].hi + s0hi(W[t-15]) + W[t-16].hi; \

905 } while (0)

906

907 #define ROUND(n,a,b,c,d,e,f,g,h) \

908 { \

909 PRUint32 lo, tm, cy; \

910 lo = S1lo(e); \

911 lo += (tm = Chxx(e,f,g,lo)); cy = (lo < tm); \

912 lo += (tm = K512[n].lo); if (lo < tm) cy++; \

913 lo += (tm = W[n].lo); if (lo < tm) cy++; \

914 h.lo += lo; if (h.lo < lo) cy++; \

915 h.hi += cy + S1hi(e) + Chxx(e,f,g,hi) + K512[n].hi + W[n].hi; \

916 d.lo += h.lo; \

917 d.hi += h.hi + (d.lo < h.lo); \

918 lo = S0lo(a); \

919 lo += (tm = Majx(a,b,c,lo)); cy = (lo < tm); \

920 h.lo += lo; if (h.lo < lo) cy++; \

921 h.hi += cy + S0hi(a) + Majx(a,b,c,hi); \

922 DUMP(n,a,d,e,h) \

923 }

924 #endif

925

926 static void

927 SHA512_Compress(SHA512Context *ctx)

928 {

929 #if defined(IS_LITTLE_ENDIAN)

930 {

931 #if defined(HAVE_LONG_LONG)

932 PRUint64 t1;

933 #else

934 PRUint32 t1;

935 #endif

936 BYTESWAP8(W[0]);

937 BYTESWAP8(W[1]);

938 BYTESWAP8(W[2]);

939 BYTESWAP8(W[3]);

940 BYTESWAP8(W[4]);

941 BYTESWAP8(W[5]);

942 BYTESWAP8(W[6]);

943 BYTESWAP8(W[7]);

944 BYTESWAP8(W[8]);

945 BYTESWAP8(W[9]);

946 BYTESWAP8(W[10]);

947 BYTESWAP8(W[11]);

948 BYTESWAP8(W[12]);

949 BYTESWAP8(W[13]);

950 BYTESWAP8(W[14]);

951 BYTESWAP8(W[15]);

952 }

953 #endif

954

955 {

956 PRUint64 t1, t2;

957 #ifdef NOUNROLL512

958 {

959 /* prepare the "message schedule" */

960 int t;

961 for (t = 16; t < 80; ++t) {

962 INITW(t);

963 }

964 }

965 #else

966 INITW(16);

967 INITW(17);

968 INITW(18);

969 INITW(19);

970

971 INITW(20);

972 INITW(21);

973 INITW(22);

974 INITW(23);

975 INITW(24);

976 INITW(25);

977 INITW(26);

978 INITW(27);

979 INITW(28);

980 INITW(29);

981

982 INITW(30);

983 INITW(31);

984 INITW(32);

985 INITW(33);

986 INITW(34);

987 INITW(35);

988 INITW(36);

989 INITW(37);

990 INITW(38);

991 INITW(39);

992

993 INITW(40);

994 INITW(41);

995 INITW(42);

996 INITW(43);

997 INITW(44);

998 INITW(45);

999 INITW(46);

1000 INITW(47);

1001 INITW(48);

1002 INITW(49);

1003

1004 INITW(50);

1005 INITW(51);

1006 INITW(52);

1007 INITW(53);

1008 INITW(54);

1009 INITW(55);

1010 INITW(56);

1011 INITW(57);

1012 INITW(58);

1013 INITW(59);

1014

1015 INITW(60);

1016 INITW(61);

1017 INITW(62);

1018 INITW(63);

1019 INITW(64);

1020 INITW(65);

1021 INITW(66);

1022 INITW(67);

1023 INITW(68);

1024 INITW(69);

1025

1026 INITW(70);

1027 INITW(71);

1028 INITW(72);

1029 INITW(73);

1030 INITW(74);

1031 INITW(75);

1032 INITW(76);

1033 INITW(77);

1034 INITW(78);

1035 INITW(79);

1036 #endif

1037 }

1038 #ifdef SHA512_TRACE

1039 {

1040 int i;

1041 for (i = 0; i < 80; ++i) {

1042 #ifdef HAVE_LONG_LONG

1043 printf("W[%2d] = %016lx\n", i, W[i]);

1044 #else

1045 printf("W[%2d] = %08x%08x\n", i, W[i].hi, W[i].lo);

1046 #endif

1047 }

1048 }

1049 #endif

1050 {

1051 PRUint64 a, b, c, d, e, f, g, h;

1052

1053 a = H[0];

1054 b = H[1];

1055 c = H[2];

1056 d = H[3];

1057 e = H[4];

1058 f = H[5];

1059 g = H[6];

1060 h = H[7];

1061

1062 #ifdef NOUNROLL512

1063 {

1064 int t;

1065 for (t = 0; t < 80; t+= 8) {

1066 ROUND(t+0,a,b,c,d,e,f,g,h)

1067 ROUND(t+1,h,a,b,c,d,e,f,g)

1068 ROUND(t+2,g,h,a,b,c,d,e,f)

1069 ROUND(t+3,f,g,h,a,b,c,d,e)

1070 ROUND(t+4,e,f,g,h,a,b,c,d)

1071 ROUND(t+5,d,e,f,g,h,a,b,c)

1072 ROUND(t+6,c,d,e,f,g,h,a,b)

1073 ROUND(t+7,b,c,d,e,f,g,h,a)

1074 }

1075 }

1076 #else

1077 ROUND( 0,a,b,c,d,e,f,g,h)

1078 ROUND( 1,h,a,b,c,d,e,f,g)

1079 ROUND( 2,g,h,a,b,c,d,e,f)

1080 ROUND( 3,f,g,h,a,b,c,d,e)

1081 ROUND( 4,e,f,g,h,a,b,c,d)

1082 ROUND( 5,d,e,f,g,h,a,b,c)

1083 ROUND( 6,c,d,e,f,g,h,a,b)

1084 ROUND( 7,b,c,d,e,f,g,h,a)

1085

1086 ROUND( 8,a,b,c,d,e,f,g,h)

1087 ROUND( 9,h,a,b,c,d,e,f,g)

1088 ROUND(10,g,h,a,b,c,d,e,f)

1089 ROUND(11,f,g,h,a,b,c,d,e)

1090 ROUND(12,e,f,g,h,a,b,c,d)

1091 ROUND(13,d,e,f,g,h,a,b,c)

1092 ROUND(14,c,d,e,f,g,h,a,b)

1093 ROUND(15,b,c,d,e,f,g,h,a)

1094

1095 ROUND(16,a,b,c,d,e,f,g,h)

1096 ROUND(17,h,a,b,c,d,e,f,g)

1097 ROUND(18,g,h,a,b,c,d,e,f)

1098 ROUND(19,f,g,h,a,b,c,d,e)

1099 ROUND(20,e,f,g,h,a,b,c,d)

1100 ROUND(21,d,e,f,g,h,a,b,c)

1101 ROUND(22,c,d,e,f,g,h,a,b)

1102 ROUND(23,b,c,d,e,f,g,h,a)

1103

1104 ROUND(24,a,b,c,d,e,f,g,h)

1105 ROUND(25,h,a,b,c,d,e,f,g)

1106 ROUND(26,g,h,a,b,c,d,e,f)

1107 ROUND(27,f,g,h,a,b,c,d,e)

1108 ROUND(28,e,f,g,h,a,b,c,d)

1109 ROUND(29,d,e,f,g,h,a,b,c)

1110 ROUND(30,c,d,e,f,g,h,a,b)

1111 ROUND(31,b,c,d,e,f,g,h,a)

1112

1113 ROUND(32,a,b,c,d,e,f,g,h)

1114 ROUND(33,h,a,b,c,d,e,f,g)

1115 ROUND(34,g,h,a,b,c,d,e,f)

1116 ROUND(35,f,g,h,a,b,c,d,e)

1117 ROUND(36,e,f,g,h,a,b,c,d)

1118 ROUND(37,d,e,f,g,h,a,b,c)

1119 ROUND(38,c,d,e,f,g,h,a,b)

1120 ROUND(39,b,c,d,e,f,g,h,a)

1121

1122 ROUND(40,a,b,c,d,e,f,g,h)

1123 ROUND(41,h,a,b,c,d,e,f,g)

1124 ROUND(42,g,h,a,b,c,d,e,f)

1125 ROUND(43,f,g,h,a,b,c,d,e)

1126 ROUND(44,e,f,g,h,a,b,c,d)

1127 ROUND(45,d,e,f,g,h,a,b,c)

1128 ROUND(46,c,d,e,f,g,h,a,b)

1129 ROUND(47,b,c,d,e,f,g,h,a)

1130

1131 ROUND(48,a,b,c,d,e,f,g,h)

1132 ROUND(49,h,a,b,c,d,e,f,g)

1133 ROUND(50,g,h,a,b,c,d,e,f)

1134 ROUND(51,f,g,h,a,b,c,d,e)

1135 ROUND(52,e,f,g,h,a,b,c,d)

1136 ROUND(53,d,e,f,g,h,a,b,c)

1137 ROUND(54,c,d,e,f,g,h,a,b)

1138 ROUND(55,b,c,d,e,f,g,h,a)

1139

1140 ROUND(56,a,b,c,d,e,f,g,h)

1141 ROUND(57,h,a,b,c,d,e,f,g)

1142 ROUND(58,g,h,a,b,c,d,e,f)

1143 ROUND(59,f,g,h,a,b,c,d,e)

1144 ROUND(60,e,f,g,h,a,b,c,d)

1145 ROUND(61,d,e,f,g,h,a,b,c)

1146 ROUND(62,c,d,e,f,g,h,a,b)

1147 ROUND(63,b,c,d,e,f,g,h,a)

1148

1149 ROUND(64,a,b,c,d,e,f,g,h)

1150 ROUND(65,h,a,b,c,d,e,f,g)

1151 ROUND(66,g,h,a,b,c,d,e,f)

1152 ROUND(67,f,g,h,a,b,c,d,e)

1153 ROUND(68,e,f,g,h,a,b,c,d)

1154 ROUND(69,d,e,f,g,h,a,b,c)

1155 ROUND(70,c,d,e,f,g,h,a,b)

1156 ROUND(71,b,c,d,e,f,g,h,a)

1157

1158 ROUND(72,a,b,c,d,e,f,g,h)

1159 ROUND(73,h,a,b,c,d,e,f,g)

1160 ROUND(74,g,h,a,b,c,d,e,f)

1161 ROUND(75,f,g,h,a,b,c,d,e)

1162 ROUND(76,e,f,g,h,a,b,c,d)

1163 ROUND(77,d,e,f,g,h,a,b,c)

1164 ROUND(78,c,d,e,f,g,h,a,b)

1165 ROUND(79,b,c,d,e,f,g,h,a)

1166 #endif

1167

1168 ADDTO(a,H[0]);

1169 ADDTO(b,H[1]);

1170 ADDTO(c,H[2]);

1171 ADDTO(d,H[3]);

1172 ADDTO(e,H[4]);

1173 ADDTO(f,H[5]);

1174 ADDTO(g,H[6]);

1175 ADDTO(h,H[7]);

1176 }

1177 }

1178

1179 void

1180 SHA512_Update(SHA512Context ctx, const unsigned char input,

1181 unsigned int inputLen)

1182 {

1183 unsigned int inBuf;

1184 if (!inputLen)

1185 return;

1186

1187 #if defined(HAVE_LONG_LONG)

1188 inBuf = (unsigned int)ctx->sizeLo & 0x7f;

1189 /* Add inputLen into the count of bytes processed, before processing */

1190 ctx->sizeLo += inputLen;

1191 #else

1192 inBuf = (unsigned int)ctx->sizeLo.lo & 0x7f;

1193 ctx->sizeLo.lo += inputLen;

1194 if (ctx->sizeLo.lo < inputLen) ctx->sizeLo.hi++;

1195 #endif

1196

1197 /* if data already in buffer, attemp to fill rest of buffer */

1198 if (inBuf) {

1199 unsigned int todo = SHA512_BLOCK_LENGTH - inBuf;

1200 if (inputLen < todo)

1201 todo = inputLen;

1202 memcpy(B + inBuf, input, todo);

1203 input += todo;

1204 inputLen -= todo;

1205 if (inBuf + todo == SHA512_BLOCK_LENGTH)

1206 SHA512_Compress(ctx);

1207 }

1208

1209 /* if enough data to fill one or more whole buffers, process them. */

1210 while (inputLen >= SHA512_BLOCK_LENGTH) {

1211 memcpy(B, input, SHA512_BLOCK_LENGTH);

1212 input += SHA512_BLOCK_LENGTH;

1213 inputLen -= SHA512_BLOCK_LENGTH;

1214 SHA512_Compress(ctx);

1215 }

1216 /* if data left over, fill it into buffer */

1217 if (inputLen)

1218 memcpy(B, input, inputLen);

1219 }

1220

1221 void

1222 SHA512_End(SHA512Context ctx, unsigned char digest,

1223 unsigned int *digestLen, unsigned int maxDigestLen)

1224 {

1225 #if defined(HAVE_LONG_LONG)

1226 unsigned int inBuf = (unsigned int)ctx->sizeLo & 0x7f;

1227 PRUint64 t1;

1228 #else

1229 unsigned int inBuf = (unsigned int)ctx->sizeLo.lo & 0x7f;

1230 PRUint32 t1;

1231 #endif

1232 unsigned int padLen = (inBuf < 112) ? (112 - inBuf) : (112 + 128 - inBuf);

1233 PRUint64 lo;

1234 LL_SHL(lo, ctx->sizeLo, 3);

1235

1236 SHA512_Update(ctx, pad, padLen);

1237

1238 #if defined(HAVE_LONG_LONG)

1239 W[14] = 0;

1240 #else

1241 W[14].lo = 0;

1242 W[14].hi = 0;

1243 #endif

1244

1245 W[15] = lo;

1246 #if defined(IS_LITTLE_ENDIAN)

1247 BYTESWAP8(W[15]);

1248 #endif

1249 SHA512_Compress(ctx);

1250

1251 /* now output the answer */

1252 #if defined(IS_LITTLE_ENDIAN)

1253 BYTESWAP8(H[0]);

1254 BYTESWAP8(H[1]);

1255 BYTESWAP8(H[2]);

1256 BYTESWAP8(H[3]);

1257 BYTESWAP8(H[4]);

1258 BYTESWAP8(H[5]);

1259 BYTESWAP8(H[6]);

1260 BYTESWAP8(H[7]);

1261 #endif

1262 padLen = PR_MIN(SHA512_LENGTH, maxDigestLen);

1263 memcpy(digest, H, padLen);

1264 if (digestLen)

1265 *digestLen = padLen;

1266 }

1267

1268 void

1269 SHA512_EndRaw(SHA512Context ctx, unsigned char digest,

1270 unsigned int *digestLen, unsigned int maxDigestLen)

1271 {

1272 #if defined(HAVE_LONG_LONG)

1273 PRUint64 t1;

1274 #else

1275 PRUint32 t1;

1276 #endif

1277 PRUint64 h[8];

1278 unsigned int len;

1279

1280 memcpy(h, ctx->h, sizeof(h));

1281

1282 #if defined(IS_LITTLE_ENDIAN)

1283 BYTESWAP8(h[0]);

1284 BYTESWAP8(h[1]);

1285 BYTESWAP8(h[2]);

1286 BYTESWAP8(h[3]);

1287 BYTESWAP8(h[4]);

1288 BYTESWAP8(h[5]);

1289 BYTESWAP8(h[6]);

1290 BYTESWAP8(h[7]);

1291 #endif

1292 len = PR_MIN(SHA512_LENGTH, maxDigestLen);

1293 memcpy(digest, h, len);

1294 if (digestLen)

1295 *digestLen = len;

1296 }

1297

1298 SECStatus

1299 SHA512_HashBuf(unsigned char dest, const unsigned char src,

1300 uint32 src_length)

1301 {

1302 SHA512Context ctx;

1303 unsigned int outLen;

1304

1305 SHA512_Begin(&ctx);

1306 SHA512_Update(&ctx, src, src_length);

1307 SHA512_End(&ctx, dest, &outLen, SHA512_LENGTH);

1308 memset(&ctx, 0, sizeof ctx);

1309

1310 return SECSuccess;

1311 }

1312

1313

1314 SECStatus

1315 SHA512_Hash(unsigned char dest, const char src)

1316 {

1317 return SHA512_HashBuf(dest, (const unsigned char *)src, PORT_Strlen(src));

1318 }

1319

1320

1321 void SHA512_TraceState(SHA512Context *ctx) { }

1322

1323 unsigned int

1324 SHA512_FlattenSize(SHA512Context *ctx)

1325 {

1326 return sizeof *ctx;

1327 }

1328

1329 SECStatus

1330 SHA512_Flatten(SHA512Context ctx,unsigned char space)

1331 {

1332 PORT_Memcpy(space, ctx, sizeof *ctx);

1333 return SECSuccess;

1334 }

1335

1336 SHA512Context *

1337 SHA512_Resurrect(unsigned char space, void arg)

1338 {

1339 SHA512Context *ctx = SHA512_NewContext();

1340 if (ctx)

1341 PORT_Memcpy(ctx, space, sizeof *ctx);

1342 return ctx;

1343 }

1344

1345 void SHA512_Clone(SHA512Context dest, SHA512Context src)

1346 {

1347 memcpy(dest, src, sizeof *dest);

1348 }

1349

1350 /* ======================================================================= */

1351 /* SHA384 uses a SHA512Context as the real context.

1352 ** The only differences between SHA384 an SHA512 are:

1353 ** a) the intialization values for the context, and

1354 ** b) the number of bytes of data produced as output.

1355 */

1356

1357 /* SHA-384 initial hash values */

1358 static const PRUint64 H384[8] = {

1359 #if PR_BYTES_PER_LONG == 8

1360 0xcbbb9d5dc1059ed8UL , 0x629a292a367cd507UL ,

1361 0x9159015a3070dd17UL , 0x152fecd8f70e5939UL ,

1362 0x67332667ffc00b31UL , 0x8eb44a8768581511UL ,

1363 0xdb0c2e0d64f98fa7UL , 0x47b5481dbefa4fa4UL

1364 #else

1365 ULLC(cbbb9d5d,c1059ed8), ULLC(629a292a,367cd507),

1366 ULLC(9159015a,3070dd17), ULLC(152fecd8,f70e5939),

1367 ULLC(67332667,ffc00b31), ULLC(8eb44a87,68581511),

1368 ULLC(db0c2e0d,64f98fa7), ULLC(47b5481d,befa4fa4)

1369 #endif

1370 };

1371

1372 SHA384Context *

1373 SHA384_NewContext(void)

1374 {

1375 return SHA512_NewContext();

1376 }

1377

1378 void

1379 SHA384_DestroyContext(SHA384Context *ctx, PRBool freeit)

1380 {

1381 SHA512_DestroyContext(ctx, freeit);

1382 }

1383

1384 void

1385 SHA384_Begin(SHA384Context *ctx)

1386 {

1387 memset(ctx, 0, sizeof *ctx);

1388 memcpy(H, H384, sizeof H384);

1389 }

1390

1391 void

1392 SHA384_Update(SHA384Context ctx, const unsigned char input,

1393 unsigned int inputLen)

1394 {

1395 SHA512_Update(ctx, input, inputLen);

1396 }

1397

1398 void

1399 SHA384_End(SHA384Context ctx, unsigned char digest,

1400 unsigned int *digestLen, unsigned int maxDigestLen)

1401 {

1402 unsigned int maxLen = SHA_MIN(maxDigestLen, SHA384_LENGTH);

1403 SHA512_End(ctx, digest, digestLen, maxLen);

1404 }

1405

1406 void

1407 SHA384_EndRaw(SHA384Context ctx, unsigned char digest,

1408 unsigned int *digestLen, unsigned int maxDigestLen)

1409 {

1410 unsigned int maxLen = SHA_MIN(maxDigestLen, SHA384_LENGTH);

1411 SHA512_EndRaw(ctx, digest, digestLen, maxLen);

1412 }

1413

1414 SECStatus

1415 SHA384_HashBuf(unsigned char dest, const unsigned char src,

1416 uint32 src_length)

1417 {

1418 SHA512Context ctx;

1419 unsigned int outLen;

1420

1421 SHA384_Begin(&ctx);

1422 SHA512_Update(&ctx, src, src_length);

1423 SHA512_End(&ctx, dest, &outLen, SHA384_LENGTH);

1424 memset(&ctx, 0, sizeof ctx);

1425

1426 return SECSuccess;

1427 }

1428

1429 SECStatus

1430 SHA384_Hash(unsigned char dest, const char src)

1431 {

1432 return SHA384_HashBuf(dest, (const unsigned char *)src, PORT_Strlen(src));

1433 }

1434

1435 void SHA384_TraceState(SHA384Context *ctx) { }

1436

1437 unsigned int

1438 SHA384_FlattenSize(SHA384Context *ctx)

1439 {

1440 return sizeof(SHA384Context);

1441 }

1442

1443 SECStatus

1444 SHA384_Flatten(SHA384Context ctx,unsigned char space)

1445 {

1446 return SHA512_Flatten(ctx, space);

1447 }

1448

1449 SHA384Context *

1450 SHA384_Resurrect(unsigned char space, void arg)

1451 {

1452 return SHA512_Resurrect(space, arg);

1453 }

1454

1455 void SHA384_Clone(SHA384Context dest, SHA384Context src)

1456 {

1457 memcpy(dest, src, sizeof *dest);

1458 }

1459

1460 /* ======================================================================= */

1461 #ifdef SELFTEST

1462 #include <stdio.h>

1463

1464 static const char abc[] = { "abc" };

1465 static const char abcdbc[] = {

1466 "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"

1467 };

1468 static const char abcdef[] = {

1469 "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn"

1470 "hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"

1471 };

1472

1473 void

1474 dumpHash32(const unsigned char *buf, unsigned int bufLen)

1475 {

1476 unsigned int i;

1477 for (i = 0; i < bufLen; i += 4) {

1478 printf(" %02x%02x%02x%02x", buf[i], buf[i+1], buf[i+2], buf[i+3]);

1479 }

1480 printf("\n");

1481 }

1482

1483 void test256(void)

1484 {

1485 unsigned char outBuf[SHA256_LENGTH];

1486

1487 printf("SHA256, input = %s\n", abc);

1488 SHA256_Hash(outBuf, abc);

1489 dumpHash32(outBuf, sizeof outBuf);

1490

1491 printf("SHA256, input = %s\n", abcdbc);

1492 SHA256_Hash(outBuf, abcdbc);

1493 dumpHash32(outBuf, sizeof outBuf);

1494 }

1495

1496 void test224(void)

1497 {

1498 SHA224Context ctx;

1499 unsigned char a1000times[1000];

1500 unsigned int outLen;

1501 unsigned char outBuf[SHA224_LENGTH];

1502 int i;

1503

1504 /* Test Vector 1 */

1505 printf("SHA224, input = %s\n", abc);

1506 SHA224_Hash(outBuf, abc);

1507 dumpHash32(outBuf, sizeof outBuf);

1508

1509 /* Test Vector 2 */

1510 printf("SHA224, input = %s\n", abcdbc);

1511 SHA224_Hash(outBuf, abcdbc);

1512 dumpHash32(outBuf, sizeof outBuf);

1513

1514 /* Test Vector 3 */

1515

1516 /* to hash one million 'a's perform 1000

1517 * sha224 updates on a buffer with 1000 'a's

1518 */

1519 memset(a1000times, 'a', 1000);

1520 printf("SHA224, input = %s\n", "a one million times");

1521 SHA224_Begin(&ctx);

1522 for (i = 0; i < 1000; i++)

1523 SHA224_Update(&ctx, a1000times, 1000);

1524 SHA224_End(&ctx, outBuf, &outLen, SHA224_LENGTH);

1525 dumpHash32(outBuf, sizeof outBuf);

1526 }

1527

1528 void

1529 dumpHash64(const unsigned char *buf, unsigned int bufLen)

1530 {

1531 unsigned int i;

1532 for (i = 0; i < bufLen; i += 8) {

1533 if (i % 32 == 0)

1534 printf("\n");

1535 printf(" %02x%02x%02x%02x%02x%02x%02x%02x",

1536 buf[i ], buf[i+1], buf[i+2], buf[i+3],

1537 buf[i+4], buf[i+5], buf[i+6], buf[i+7]);

1538 }

1539 printf("\n");

1540 }

1541

1542 void test512(void)

1543 {

1544 unsigned char outBuf[SHA512_LENGTH];

1545

1546 printf("SHA512, input = %s\n", abc);

1547 SHA512_Hash(outBuf, abc);

1548 dumpHash64(outBuf, sizeof outBuf);

1549

1550 printf("SHA512, input = %s\n", abcdef);

1551 SHA512_Hash(outBuf, abcdef);

1552 dumpHash64(outBuf, sizeof outBuf);

1553 }

1554

1555 void time512(void)

1556 {

1557 unsigned char outBuf[SHA512_LENGTH];

1558

1559 SHA512_Hash(outBuf, abc);

1560 SHA512_Hash(outBuf, abcdef);

1561 }

1562

1563 void test384(void)

1564 {

1565 unsigned char outBuf[SHA384_LENGTH];

1566

1567 printf("SHA384, input = %s\n", abc);

1568 SHA384_Hash(outBuf, abc);

1569 dumpHash64(outBuf, sizeof outBuf);

1570

1571 printf("SHA384, input = %s\n", abcdef);

1572 SHA384_Hash(outBuf, abcdef);

1573 dumpHash64(outBuf, sizeof outBuf);

1574 }

1575

1576 int main (int argc, char argv[], char envp[])

1577 {

1578 int i = 1;

1579 if (argc > 1) {

1580 i = atoi(argv[1]);

1581 }

1582 if (i < 2) {

1583 test224();

1584 test256();

1585 test384();

1586 test512();

1587 } else {

1588 while (i-- > 0) {

1589 time512();

1590 }

1591 printf("done\n");

1592 }

1593 return 0;

1594 }

1595

1596 void *PORT_Alloc(size_t len) { return malloc(len); }

1597 void PORT_Free(void *ptr) { free(ptr); }

1598 void PORT_ZFree(void *ptr, size_t len) { memset(ptr, 0, len); free(ptr); }

1599 #endif

OLD	NEW

« no previous file with comments | « mozilla/security/nss/lib/freebl/sha256.h ('k') | mozilla/security/nss/lib/freebl/sha_fast.h » ('j') | no next file with comments »