Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1589)

Side by Side Diff: nss/lib/freebl/sha512.c

Issue 2078763002: Delete bundled copy of NSS and replace with README. (Closed) Base URL: https://chromium.googlesource.com/chromium/deps/nss@master
Patch Set: Delete bundled copy of NSS and replace with README. Created 4 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « nss/lib/freebl/sha256.h ('k') | nss/lib/freebl/sha_fast.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 /*
2 * sha512.c - implementation of SHA224, SHA256, SHA384 and SHA512
3 *
4 * This Source Code Form is subject to the terms of the Mozilla Public
5 * License, v. 2.0. If a copy of the MPL was not distributed with this
6 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
7
8 #ifdef FREEBL_NO_DEPEND
9 #include "stubs.h"
10 #endif
11
12 #include "prcpucfg.h"
13 #if defined(NSS_X86) || defined(SHA_NO_LONG_LONG)
14 #define NOUNROLL512 1
15 #undef HAVE_LONG_LONG
16 #endif
17 #include "prtypes.h" /* for PRUintXX */
18 #include "prlong.h"
19 #include "secport.h" /* for PORT_XXX */
20 #include "blapi.h"
21 #include "sha256.h" /* for struct SHA256ContextStr */
22
23 /* ============= Common constants and defines ======================= */
24
25 #define W ctx->u.w
26 #define B ctx->u.b
27 #define H ctx->h
28
29 #define SHR(x,n) (x >> n)
30 #define SHL(x,n) (x << n)
31 #define Ch(x,y,z) ((x & y) ^ (~x & z))
32 #define Maj(x,y,z) ((x & y) ^ (x & z) ^ (y & z))
33 #define SHA_MIN(a,b) (a < b ? a : b)
34
35 /* Padding used with all flavors of SHA */
36 static const PRUint8 pad[240] = {
37 0x80,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
38 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
39 /* compiler will fill the rest in with zeros */
40 };
41
42 /* ============= SHA256 implementation ================================== */
43
44 /* SHA-256 constants, K256. */
45 static const PRUint32 K256[64] = {
46 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5,
47 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
48 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,
49 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
50 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc,
51 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
52 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7,
53 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
54 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13,
55 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
56 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3,
57 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
58 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5,
59 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
60 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208,
61 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
62 };
63
64 /* SHA-256 initial hash values */
65 static const PRUint32 H256[8] = {
66 0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a,
67 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19
68 };
69
70 #if defined(IS_LITTLE_ENDIAN)
71 #if (_MSC_VER >= 1300)
72 #include <stdlib.h>
73 #pragma intrinsic(_byteswap_ulong)
74 #define SHA_HTONL(x) _byteswap_ulong(x)
75 #elif defined(_MSC_VER) && defined(NSS_X86_OR_X64)
76 #ifndef FORCEINLINE
77 #if (_MSC_VER >= 1200)
78 #define FORCEINLINE __forceinline
79 #else
80 #define FORCEINLINE __inline
81 #endif
82 #endif
83 #define FASTCALL __fastcall
84
85 static FORCEINLINE PRUint32 FASTCALL
86 swap4b(PRUint32 dwd)
87 {
88 __asm {
89 mov eax,dwd
90 bswap eax
91 }
92 }
93
94 #define SHA_HTONL(x) swap4b(x)
95
96 #elif defined(__GNUC__) && defined(NSS_X86_OR_X64)
97 static __inline__ PRUint32 swap4b(PRUint32 value)
98 {
99 __asm__("bswap %0" : "+r" (value));
100 return (value);
101 }
102 #define SHA_HTONL(x) swap4b(x)
103
104 #elif defined(__GNUC__) && (defined(__thumb2__) || \
105 (!defined(__thumb__) && \
106 (defined(__ARM_ARCH_6__) || \
107 defined(__ARM_ARCH_6J__) || \
108 defined(__ARM_ARCH_6K__) || \
109 defined(__ARM_ARCH_6Z__) || \
110 defined(__ARM_ARCH_6ZK__) || \
111 defined(__ARM_ARCH_6T2__) || \
112 defined(__ARM_ARCH_7__) || \
113 defined(__ARM_ARCH_7A__) || \
114 defined(__ARM_ARCH_7R__))))
115 static __inline__ PRUint32 swap4b(PRUint32 value)
116 {
117 PRUint32 ret;
118 __asm__("rev %0, %1" : "=r" (ret) : "r"(value));
119 return ret;
120 }
121 #define SHA_HTONL(x) swap4b(x)
122
123 #else
124 #define SWAP4MASK 0x00FF00FF
125 static PRUint32 swap4b(PRUint32 value)
126 {
127 PRUint32 t1 = (value << 16) | (value >> 16);
128 return ((t1 & SWAP4MASK) << 8) | ((t1 >> 8) & SWAP4MASK);
129 }
130 #define SHA_HTONL(x) swap4b(x)
131 #endif
132 #define BYTESWAP4(x) x = SHA_HTONL(x)
133 #endif /* defined(IS_LITTLE_ENDIAN) */
134
135 #if defined(_MSC_VER)
136 #pragma intrinsic (_lrotr, _lrotl)
137 #define ROTR32(x,n) _lrotr(x,n)
138 #define ROTL32(x,n) _lrotl(x,n)
139 #else
140 #define ROTR32(x,n) ((x >> n) | (x << ((8 * sizeof x) - n)))
141 #define ROTL32(x,n) ((x << n) | (x >> ((8 * sizeof x) - n)))
142 #endif
143
144 /* Capitol Sigma and lower case sigma functions */
145 #define S0(x) (ROTR32(x, 2) ^ ROTR32(x,13) ^ ROTR32(x,22))
146 #define S1(x) (ROTR32(x, 6) ^ ROTR32(x,11) ^ ROTR32(x,25))
147 #define s0(x) (ROTR32(x, 7) ^ ROTR32(x,18) ^ SHR(x, 3))
148 #define s1(x) (ROTR32(x,17) ^ ROTR32(x,19) ^ SHR(x,10))
149
150 SHA256Context *
151 SHA256_NewContext(void)
152 {
153 SHA256Context *ctx = PORT_New(SHA256Context);
154 return ctx;
155 }
156
157 void
158 SHA256_DestroyContext(SHA256Context *ctx, PRBool freeit)
159 {
160 memset(ctx, 0, sizeof *ctx);
161 if (freeit) {
162 PORT_Free(ctx);
163 }
164 }
165
166 void
167 SHA256_Begin(SHA256Context *ctx)
168 {
169 memset(ctx, 0, sizeof *ctx);
170 memcpy(H, H256, sizeof H256);
171 }
172
173 static void
174 SHA256_Compress(SHA256Context *ctx)
175 {
176 {
177 #if defined(IS_LITTLE_ENDIAN)
178 BYTESWAP4(W[0]);
179 BYTESWAP4(W[1]);
180 BYTESWAP4(W[2]);
181 BYTESWAP4(W[3]);
182 BYTESWAP4(W[4]);
183 BYTESWAP4(W[5]);
184 BYTESWAP4(W[6]);
185 BYTESWAP4(W[7]);
186 BYTESWAP4(W[8]);
187 BYTESWAP4(W[9]);
188 BYTESWAP4(W[10]);
189 BYTESWAP4(W[11]);
190 BYTESWAP4(W[12]);
191 BYTESWAP4(W[13]);
192 BYTESWAP4(W[14]);
193 BYTESWAP4(W[15]);
194 #endif
195
196 #define INITW(t) W[t] = (s1(W[t-2]) + W[t-7] + s0(W[t-15]) + W[t-16])
197
198 /* prepare the "message schedule" */
199 #ifdef NOUNROLL256
200 {
201 int t;
202 for (t = 16; t < 64; ++t) {
203 INITW(t);
204 }
205 }
206 #else
207 INITW(16);
208 INITW(17);
209 INITW(18);
210 INITW(19);
211
212 INITW(20);
213 INITW(21);
214 INITW(22);
215 INITW(23);
216 INITW(24);
217 INITW(25);
218 INITW(26);
219 INITW(27);
220 INITW(28);
221 INITW(29);
222
223 INITW(30);
224 INITW(31);
225 INITW(32);
226 INITW(33);
227 INITW(34);
228 INITW(35);
229 INITW(36);
230 INITW(37);
231 INITW(38);
232 INITW(39);
233
234 INITW(40);
235 INITW(41);
236 INITW(42);
237 INITW(43);
238 INITW(44);
239 INITW(45);
240 INITW(46);
241 INITW(47);
242 INITW(48);
243 INITW(49);
244
245 INITW(50);
246 INITW(51);
247 INITW(52);
248 INITW(53);
249 INITW(54);
250 INITW(55);
251 INITW(56);
252 INITW(57);
253 INITW(58);
254 INITW(59);
255
256 INITW(60);
257 INITW(61);
258 INITW(62);
259 INITW(63);
260
261 #endif
262 #undef INITW
263 }
264 {
265 PRUint32 a, b, c, d, e, f, g, h;
266
267 a = H[0];
268 b = H[1];
269 c = H[2];
270 d = H[3];
271 e = H[4];
272 f = H[5];
273 g = H[6];
274 h = H[7];
275
276 #define ROUND(n,a,b,c,d,e,f,g,h) \
277 h += S1(e) + Ch(e,f,g) + K256[n] + W[n]; \
278 d += h; \
279 h += S0(a) + Maj(a,b,c);
280
281 #ifdef NOUNROLL256
282 {
283 int t;
284 for (t = 0; t < 64; t+= 8) {
285 ROUND(t+0,a,b,c,d,e,f,g,h)
286 ROUND(t+1,h,a,b,c,d,e,f,g)
287 ROUND(t+2,g,h,a,b,c,d,e,f)
288 ROUND(t+3,f,g,h,a,b,c,d,e)
289 ROUND(t+4,e,f,g,h,a,b,c,d)
290 ROUND(t+5,d,e,f,g,h,a,b,c)
291 ROUND(t+6,c,d,e,f,g,h,a,b)
292 ROUND(t+7,b,c,d,e,f,g,h,a)
293 }
294 }
295 #else
296 ROUND( 0,a,b,c,d,e,f,g,h)
297 ROUND( 1,h,a,b,c,d,e,f,g)
298 ROUND( 2,g,h,a,b,c,d,e,f)
299 ROUND( 3,f,g,h,a,b,c,d,e)
300 ROUND( 4,e,f,g,h,a,b,c,d)
301 ROUND( 5,d,e,f,g,h,a,b,c)
302 ROUND( 6,c,d,e,f,g,h,a,b)
303 ROUND( 7,b,c,d,e,f,g,h,a)
304
305 ROUND( 8,a,b,c,d,e,f,g,h)
306 ROUND( 9,h,a,b,c,d,e,f,g)
307 ROUND(10,g,h,a,b,c,d,e,f)
308 ROUND(11,f,g,h,a,b,c,d,e)
309 ROUND(12,e,f,g,h,a,b,c,d)
310 ROUND(13,d,e,f,g,h,a,b,c)
311 ROUND(14,c,d,e,f,g,h,a,b)
312 ROUND(15,b,c,d,e,f,g,h,a)
313
314 ROUND(16,a,b,c,d,e,f,g,h)
315 ROUND(17,h,a,b,c,d,e,f,g)
316 ROUND(18,g,h,a,b,c,d,e,f)
317 ROUND(19,f,g,h,a,b,c,d,e)
318 ROUND(20,e,f,g,h,a,b,c,d)
319 ROUND(21,d,e,f,g,h,a,b,c)
320 ROUND(22,c,d,e,f,g,h,a,b)
321 ROUND(23,b,c,d,e,f,g,h,a)
322
323 ROUND(24,a,b,c,d,e,f,g,h)
324 ROUND(25,h,a,b,c,d,e,f,g)
325 ROUND(26,g,h,a,b,c,d,e,f)
326 ROUND(27,f,g,h,a,b,c,d,e)
327 ROUND(28,e,f,g,h,a,b,c,d)
328 ROUND(29,d,e,f,g,h,a,b,c)
329 ROUND(30,c,d,e,f,g,h,a,b)
330 ROUND(31,b,c,d,e,f,g,h,a)
331
332 ROUND(32,a,b,c,d,e,f,g,h)
333 ROUND(33,h,a,b,c,d,e,f,g)
334 ROUND(34,g,h,a,b,c,d,e,f)
335 ROUND(35,f,g,h,a,b,c,d,e)
336 ROUND(36,e,f,g,h,a,b,c,d)
337 ROUND(37,d,e,f,g,h,a,b,c)
338 ROUND(38,c,d,e,f,g,h,a,b)
339 ROUND(39,b,c,d,e,f,g,h,a)
340
341 ROUND(40,a,b,c,d,e,f,g,h)
342 ROUND(41,h,a,b,c,d,e,f,g)
343 ROUND(42,g,h,a,b,c,d,e,f)
344 ROUND(43,f,g,h,a,b,c,d,e)
345 ROUND(44,e,f,g,h,a,b,c,d)
346 ROUND(45,d,e,f,g,h,a,b,c)
347 ROUND(46,c,d,e,f,g,h,a,b)
348 ROUND(47,b,c,d,e,f,g,h,a)
349
350 ROUND(48,a,b,c,d,e,f,g,h)
351 ROUND(49,h,a,b,c,d,e,f,g)
352 ROUND(50,g,h,a,b,c,d,e,f)
353 ROUND(51,f,g,h,a,b,c,d,e)
354 ROUND(52,e,f,g,h,a,b,c,d)
355 ROUND(53,d,e,f,g,h,a,b,c)
356 ROUND(54,c,d,e,f,g,h,a,b)
357 ROUND(55,b,c,d,e,f,g,h,a)
358
359 ROUND(56,a,b,c,d,e,f,g,h)
360 ROUND(57,h,a,b,c,d,e,f,g)
361 ROUND(58,g,h,a,b,c,d,e,f)
362 ROUND(59,f,g,h,a,b,c,d,e)
363 ROUND(60,e,f,g,h,a,b,c,d)
364 ROUND(61,d,e,f,g,h,a,b,c)
365 ROUND(62,c,d,e,f,g,h,a,b)
366 ROUND(63,b,c,d,e,f,g,h,a)
367 #endif
368
369 H[0] += a;
370 H[1] += b;
371 H[2] += c;
372 H[3] += d;
373 H[4] += e;
374 H[5] += f;
375 H[6] += g;
376 H[7] += h;
377 }
378 #undef ROUND
379 }
380
381 #undef s0
382 #undef s1
383 #undef S0
384 #undef S1
385
386 void
387 SHA256_Update(SHA256Context *ctx, const unsigned char *input,
388 unsigned int inputLen)
389 {
390 unsigned int inBuf = ctx->sizeLo & 0x3f;
391 if (!inputLen)
392 return;
393
394 /* Add inputLen into the count of bytes processed, before processing */
395 if ((ctx->sizeLo += inputLen) < inputLen)
396 ctx->sizeHi++;
397
398 /* if data already in buffer, attemp to fill rest of buffer */
399 if (inBuf) {
400 unsigned int todo = SHA256_BLOCK_LENGTH - inBuf;
401 if (inputLen < todo)
402 todo = inputLen;
403 memcpy(B + inBuf, input, todo);
404 input += todo;
405 inputLen -= todo;
406 if (inBuf + todo == SHA256_BLOCK_LENGTH)
407 SHA256_Compress(ctx);
408 }
409
410 /* if enough data to fill one or more whole buffers, process them. */
411 while (inputLen >= SHA256_BLOCK_LENGTH) {
412 memcpy(B, input, SHA256_BLOCK_LENGTH);
413 input += SHA256_BLOCK_LENGTH;
414 inputLen -= SHA256_BLOCK_LENGTH;
415 SHA256_Compress(ctx);
416 }
417 /* if data left over, fill it into buffer */
418 if (inputLen)
419 memcpy(B, input, inputLen);
420 }
421
422 void
423 SHA256_End(SHA256Context *ctx, unsigned char *digest,
424 unsigned int *digestLen, unsigned int maxDigestLen)
425 {
426 unsigned int inBuf = ctx->sizeLo & 0x3f;
427 unsigned int padLen = (inBuf < 56) ? (56 - inBuf) : (56 + 64 - inBuf);
428 PRUint32 hi, lo;
429
430 hi = (ctx->sizeHi << 3) | (ctx->sizeLo >> 29);
431 lo = (ctx->sizeLo << 3);
432
433 SHA256_Update(ctx, pad, padLen);
434
435 #if defined(IS_LITTLE_ENDIAN)
436 W[14] = SHA_HTONL(hi);
437 W[15] = SHA_HTONL(lo);
438 #else
439 W[14] = hi;
440 W[15] = lo;
441 #endif
442 SHA256_Compress(ctx);
443
444 /* now output the answer */
445 #if defined(IS_LITTLE_ENDIAN)
446 BYTESWAP4(H[0]);
447 BYTESWAP4(H[1]);
448 BYTESWAP4(H[2]);
449 BYTESWAP4(H[3]);
450 BYTESWAP4(H[4]);
451 BYTESWAP4(H[5]);
452 BYTESWAP4(H[6]);
453 BYTESWAP4(H[7]);
454 #endif
455 padLen = PR_MIN(SHA256_LENGTH, maxDigestLen);
456 memcpy(digest, H, padLen);
457 if (digestLen)
458 *digestLen = padLen;
459 }
460
461 void
462 SHA256_EndRaw(SHA256Context *ctx, unsigned char *digest,
463 unsigned int *digestLen, unsigned int maxDigestLen)
464 {
465 PRUint32 h[8];
466 unsigned int len;
467
468 memcpy(h, ctx->h, sizeof(h));
469
470 #if defined(IS_LITTLE_ENDIAN)
471 BYTESWAP4(h[0]);
472 BYTESWAP4(h[1]);
473 BYTESWAP4(h[2]);
474 BYTESWAP4(h[3]);
475 BYTESWAP4(h[4]);
476 BYTESWAP4(h[5]);
477 BYTESWAP4(h[6]);
478 BYTESWAP4(h[7]);
479 #endif
480
481 len = PR_MIN(SHA256_LENGTH, maxDigestLen);
482 memcpy(digest, h, len);
483 if (digestLen)
484 *digestLen = len;
485 }
486
487 SECStatus
488 SHA256_HashBuf(unsigned char *dest, const unsigned char *src,
489 PRUint32 src_length)
490 {
491 SHA256Context ctx;
492 unsigned int outLen;
493
494 SHA256_Begin(&ctx);
495 SHA256_Update(&ctx, src, src_length);
496 SHA256_End(&ctx, dest, &outLen, SHA256_LENGTH);
497 memset(&ctx, 0, sizeof ctx);
498
499 return SECSuccess;
500 }
501
502
503 SECStatus
504 SHA256_Hash(unsigned char *dest, const char *src)
505 {
506 return SHA256_HashBuf(dest, (const unsigned char *)src, PORT_Strlen(src));
507 }
508
509
510 void SHA256_TraceState(SHA256Context *ctx) { }
511
512 unsigned int
513 SHA256_FlattenSize(SHA256Context *ctx)
514 {
515 return sizeof *ctx;
516 }
517
518 SECStatus
519 SHA256_Flatten(SHA256Context *ctx,unsigned char *space)
520 {
521 PORT_Memcpy(space, ctx, sizeof *ctx);
522 return SECSuccess;
523 }
524
525 SHA256Context *
526 SHA256_Resurrect(unsigned char *space, void *arg)
527 {
528 SHA256Context *ctx = SHA256_NewContext();
529 if (ctx)
530 PORT_Memcpy(ctx, space, sizeof *ctx);
531 return ctx;
532 }
533
534 void SHA256_Clone(SHA256Context *dest, SHA256Context *src)
535 {
536 memcpy(dest, src, sizeof *dest);
537 }
538
539 /* ============= SHA224 implementation ================================== */
540
541 /* SHA-224 initial hash values */
542 static const PRUint32 H224[8] = {
543 0xc1059ed8, 0x367cd507, 0x3070dd17, 0xf70e5939,
544 0xffc00b31, 0x68581511, 0x64f98fa7, 0xbefa4fa4
545 };
546
547 SHA224Context *
548 SHA224_NewContext(void)
549 {
550 return SHA256_NewContext();
551 }
552
553 void
554 SHA224_DestroyContext(SHA224Context *ctx, PRBool freeit)
555 {
556 SHA256_DestroyContext(ctx, freeit);
557 }
558
559 void
560 SHA224_Begin(SHA224Context *ctx)
561 {
562 memset(ctx, 0, sizeof *ctx);
563 memcpy(H, H224, sizeof H224);
564 }
565
566 void
567 SHA224_Update(SHA224Context *ctx, const unsigned char *input,
568 unsigned int inputLen)
569 {
570 SHA256_Update(ctx, input, inputLen);
571 }
572
573 void
574 SHA224_End(SHA256Context *ctx, unsigned char *digest,
575 unsigned int *digestLen, unsigned int maxDigestLen)
576 {
577 unsigned int maxLen = SHA_MIN(maxDigestLen, SHA224_LENGTH);
578 SHA256_End(ctx, digest, digestLen, maxLen);
579 }
580
581 void
582 SHA224_EndRaw(SHA256Context *ctx, unsigned char *digest,
583 unsigned int *digestLen, unsigned int maxDigestLen)
584 {
585 unsigned int maxLen = SHA_MIN(maxDigestLen, SHA224_LENGTH);
586 SHA256_EndRaw(ctx, digest, digestLen, maxLen);
587 }
588
589 SECStatus
590 SHA224_HashBuf(unsigned char *dest, const unsigned char *src,
591 PRUint32 src_length)
592 {
593 SHA256Context ctx;
594 unsigned int outLen;
595
596 SHA224_Begin(&ctx);
597 SHA256_Update(&ctx, src, src_length);
598 SHA256_End(&ctx, dest, &outLen, SHA224_LENGTH);
599 memset(&ctx, 0, sizeof ctx);
600
601 return SECSuccess;
602 }
603
604 SECStatus
605 SHA224_Hash(unsigned char *dest, const char *src)
606 {
607 return SHA224_HashBuf(dest, (const unsigned char *)src, PORT_Strlen(src));
608 }
609
610 void SHA224_TraceState(SHA224Context *ctx) { }
611
612 unsigned int
613 SHA224_FlattenSize(SHA224Context *ctx)
614 {
615 return SHA256_FlattenSize(ctx);
616 }
617
618 SECStatus
619 SHA224_Flatten(SHA224Context *ctx, unsigned char *space)
620 {
621 return SHA256_Flatten(ctx, space);
622 }
623
624 SHA224Context *
625 SHA224_Resurrect(unsigned char *space, void *arg)
626 {
627 return SHA256_Resurrect(space, arg);
628 }
629
630 void SHA224_Clone(SHA224Context *dest, SHA224Context *src)
631 {
632 SHA256_Clone(dest, src);
633 }
634
635
636 /* ======= SHA512 and SHA384 common constants and defines ================= */
637
638 /* common #defines for SHA512 and SHA384 */
639 #if defined(HAVE_LONG_LONG)
640 #if defined(_MSC_VER)
641 #pragma intrinsic(_rotr64,_rotl64)
642 #define ROTR64(x,n) _rotr64(x,n)
643 #define ROTL64(x,n) _rotl64(x,n)
644 #else
645 #define ROTR64(x,n) ((x >> n) | (x << (64 - n)))
646 #define ROTL64(x,n) ((x << n) | (x >> (64 - n)))
647 #endif
648
649 #define S0(x) (ROTR64(x,28) ^ ROTR64(x,34) ^ ROTR64(x,39))
650 #define S1(x) (ROTR64(x,14) ^ ROTR64(x,18) ^ ROTR64(x,41))
651 #define s0(x) (ROTR64(x, 1) ^ ROTR64(x, 8) ^ SHR(x,7))
652 #define s1(x) (ROTR64(x,19) ^ ROTR64(x,61) ^ SHR(x,6))
653
654 #if PR_BYTES_PER_LONG == 8
655 #define ULLC(hi,lo) 0x ## hi ## lo ## UL
656 #elif defined(_MSC_VER)
657 #define ULLC(hi,lo) 0x ## hi ## lo ## ui64
658 #else
659 #define ULLC(hi,lo) 0x ## hi ## lo ## ULL
660 #endif
661
662 #if defined(IS_LITTLE_ENDIAN)
663 #if defined(_MSC_VER)
664 #pragma intrinsic(_byteswap_uint64)
665 #define SHA_HTONLL(x) _byteswap_uint64(x)
666
667 #elif defined(__GNUC__) && (defined(__x86_64__) || defined(__x86_64))
668 static __inline__ PRUint64 swap8b(PRUint64 value)
669 {
670 __asm__("bswapq %0" : "+r" (value));
671 return (value);
672 }
673 #define SHA_HTONLL(x) swap8b(x)
674
675 #else
676 #define SHA_MASK16 ULLC(0000FFFF,0000FFFF)
677 #define SHA_MASK8 ULLC(00FF00FF,00FF00FF)
678 static PRUint64 swap8b(PRUint64 x)
679 {
680 PRUint64 t1 = x;
681 t1 = ((t1 & SHA_MASK8 ) << 8) | ((t1 >> 8) & SHA_MASK8 );
682 t1 = ((t1 & SHA_MASK16) << 16) | ((t1 >> 16) & SHA_MASK16);
683 return (t1 >> 32) | (t1 << 32);
684 }
685 #define SHA_HTONLL(x) swap8b(x)
686 #endif
687 #define BYTESWAP8(x) x = SHA_HTONLL(x)
688 #endif /* defined(IS_LITTLE_ENDIAN) */
689
690 #else /* no long long */
691
692 #if defined(IS_LITTLE_ENDIAN)
693 #define ULLC(hi,lo) { 0x ## lo ## U, 0x ## hi ## U }
694 #define SHA_HTONLL(x) ( BYTESWAP4(x.lo), BYTESWAP4(x.hi), \
695 x.hi ^= x.lo ^= x.hi ^= x.lo, x)
696 #define BYTESWAP8(x) do { PRUint32 tmp; BYTESWAP4(x.lo); BYTESWAP4(x.hi); \
697 tmp = x.lo; x.lo = x.hi; x.hi = tmp; } while (0)
698 #else
699 #define ULLC(hi,lo) { 0x ## hi ## U, 0x ## lo ## U }
700 #endif
701
702 #endif
703
704 /* SHA-384 and SHA-512 constants, K512. */
705 static const PRUint64 K512[80] = {
706 #if PR_BYTES_PER_LONG == 8
707 0x428a2f98d728ae22UL , 0x7137449123ef65cdUL ,
708 0xb5c0fbcfec4d3b2fUL , 0xe9b5dba58189dbbcUL ,
709 0x3956c25bf348b538UL , 0x59f111f1b605d019UL ,
710 0x923f82a4af194f9bUL , 0xab1c5ed5da6d8118UL ,
711 0xd807aa98a3030242UL , 0x12835b0145706fbeUL ,
712 0x243185be4ee4b28cUL , 0x550c7dc3d5ffb4e2UL ,
713 0x72be5d74f27b896fUL , 0x80deb1fe3b1696b1UL ,
714 0x9bdc06a725c71235UL , 0xc19bf174cf692694UL ,
715 0xe49b69c19ef14ad2UL , 0xefbe4786384f25e3UL ,
716 0x0fc19dc68b8cd5b5UL , 0x240ca1cc77ac9c65UL ,
717 0x2de92c6f592b0275UL , 0x4a7484aa6ea6e483UL ,
718 0x5cb0a9dcbd41fbd4UL , 0x76f988da831153b5UL ,
719 0x983e5152ee66dfabUL , 0xa831c66d2db43210UL ,
720 0xb00327c898fb213fUL , 0xbf597fc7beef0ee4UL ,
721 0xc6e00bf33da88fc2UL , 0xd5a79147930aa725UL ,
722 0x06ca6351e003826fUL , 0x142929670a0e6e70UL ,
723 0x27b70a8546d22ffcUL , 0x2e1b21385c26c926UL ,
724 0x4d2c6dfc5ac42aedUL , 0x53380d139d95b3dfUL ,
725 0x650a73548baf63deUL , 0x766a0abb3c77b2a8UL ,
726 0x81c2c92e47edaee6UL , 0x92722c851482353bUL ,
727 0xa2bfe8a14cf10364UL , 0xa81a664bbc423001UL ,
728 0xc24b8b70d0f89791UL , 0xc76c51a30654be30UL ,
729 0xd192e819d6ef5218UL , 0xd69906245565a910UL ,
730 0xf40e35855771202aUL , 0x106aa07032bbd1b8UL ,
731 0x19a4c116b8d2d0c8UL , 0x1e376c085141ab53UL ,
732 0x2748774cdf8eeb99UL , 0x34b0bcb5e19b48a8UL ,
733 0x391c0cb3c5c95a63UL , 0x4ed8aa4ae3418acbUL ,
734 0x5b9cca4f7763e373UL , 0x682e6ff3d6b2b8a3UL ,
735 0x748f82ee5defb2fcUL , 0x78a5636f43172f60UL ,
736 0x84c87814a1f0ab72UL , 0x8cc702081a6439ecUL ,
737 0x90befffa23631e28UL , 0xa4506cebde82bde9UL ,
738 0xbef9a3f7b2c67915UL , 0xc67178f2e372532bUL ,
739 0xca273eceea26619cUL , 0xd186b8c721c0c207UL ,
740 0xeada7dd6cde0eb1eUL , 0xf57d4f7fee6ed178UL ,
741 0x06f067aa72176fbaUL , 0x0a637dc5a2c898a6UL ,
742 0x113f9804bef90daeUL , 0x1b710b35131c471bUL ,
743 0x28db77f523047d84UL , 0x32caab7b40c72493UL ,
744 0x3c9ebe0a15c9bebcUL , 0x431d67c49c100d4cUL ,
745 0x4cc5d4becb3e42b6UL , 0x597f299cfc657e2aUL ,
746 0x5fcb6fab3ad6faecUL , 0x6c44198c4a475817UL
747 #else
748 ULLC(428a2f98,d728ae22), ULLC(71374491,23ef65cd),
749 ULLC(b5c0fbcf,ec4d3b2f), ULLC(e9b5dba5,8189dbbc),
750 ULLC(3956c25b,f348b538), ULLC(59f111f1,b605d019),
751 ULLC(923f82a4,af194f9b), ULLC(ab1c5ed5,da6d8118),
752 ULLC(d807aa98,a3030242), ULLC(12835b01,45706fbe),
753 ULLC(243185be,4ee4b28c), ULLC(550c7dc3,d5ffb4e2),
754 ULLC(72be5d74,f27b896f), ULLC(80deb1fe,3b1696b1),
755 ULLC(9bdc06a7,25c71235), ULLC(c19bf174,cf692694),
756 ULLC(e49b69c1,9ef14ad2), ULLC(efbe4786,384f25e3),
757 ULLC(0fc19dc6,8b8cd5b5), ULLC(240ca1cc,77ac9c65),
758 ULLC(2de92c6f,592b0275), ULLC(4a7484aa,6ea6e483),
759 ULLC(5cb0a9dc,bd41fbd4), ULLC(76f988da,831153b5),
760 ULLC(983e5152,ee66dfab), ULLC(a831c66d,2db43210),
761 ULLC(b00327c8,98fb213f), ULLC(bf597fc7,beef0ee4),
762 ULLC(c6e00bf3,3da88fc2), ULLC(d5a79147,930aa725),
763 ULLC(06ca6351,e003826f), ULLC(14292967,0a0e6e70),
764 ULLC(27b70a85,46d22ffc), ULLC(2e1b2138,5c26c926),
765 ULLC(4d2c6dfc,5ac42aed), ULLC(53380d13,9d95b3df),
766 ULLC(650a7354,8baf63de), ULLC(766a0abb,3c77b2a8),
767 ULLC(81c2c92e,47edaee6), ULLC(92722c85,1482353b),
768 ULLC(a2bfe8a1,4cf10364), ULLC(a81a664b,bc423001),
769 ULLC(c24b8b70,d0f89791), ULLC(c76c51a3,0654be30),
770 ULLC(d192e819,d6ef5218), ULLC(d6990624,5565a910),
771 ULLC(f40e3585,5771202a), ULLC(106aa070,32bbd1b8),
772 ULLC(19a4c116,b8d2d0c8), ULLC(1e376c08,5141ab53),
773 ULLC(2748774c,df8eeb99), ULLC(34b0bcb5,e19b48a8),
774 ULLC(391c0cb3,c5c95a63), ULLC(4ed8aa4a,e3418acb),
775 ULLC(5b9cca4f,7763e373), ULLC(682e6ff3,d6b2b8a3),
776 ULLC(748f82ee,5defb2fc), ULLC(78a5636f,43172f60),
777 ULLC(84c87814,a1f0ab72), ULLC(8cc70208,1a6439ec),
778 ULLC(90befffa,23631e28), ULLC(a4506ceb,de82bde9),
779 ULLC(bef9a3f7,b2c67915), ULLC(c67178f2,e372532b),
780 ULLC(ca273ece,ea26619c), ULLC(d186b8c7,21c0c207),
781 ULLC(eada7dd6,cde0eb1e), ULLC(f57d4f7f,ee6ed178),
782 ULLC(06f067aa,72176fba), ULLC(0a637dc5,a2c898a6),
783 ULLC(113f9804,bef90dae), ULLC(1b710b35,131c471b),
784 ULLC(28db77f5,23047d84), ULLC(32caab7b,40c72493),
785 ULLC(3c9ebe0a,15c9bebc), ULLC(431d67c4,9c100d4c),
786 ULLC(4cc5d4be,cb3e42b6), ULLC(597f299c,fc657e2a),
787 ULLC(5fcb6fab,3ad6faec), ULLC(6c44198c,4a475817)
788 #endif
789 };
790
791 struct SHA512ContextStr {
792 union {
793 PRUint64 w[80]; /* message schedule, input buffer, plus 64 words */
794 PRUint32 l[160];
795 PRUint8 b[640];
796 } u;
797 PRUint64 h[8]; /* 8 state variables */
798 PRUint64 sizeLo; /* 64-bit count of hashed bytes. */
799 };
800
801 /* =========== SHA512 implementation ===================================== */
802
803 /* SHA-512 initial hash values */
804 static const PRUint64 H512[8] = {
805 #if PR_BYTES_PER_LONG == 8
806 0x6a09e667f3bcc908UL , 0xbb67ae8584caa73bUL ,
807 0x3c6ef372fe94f82bUL , 0xa54ff53a5f1d36f1UL ,
808 0x510e527fade682d1UL , 0x9b05688c2b3e6c1fUL ,
809 0x1f83d9abfb41bd6bUL , 0x5be0cd19137e2179UL
810 #else
811 ULLC(6a09e667,f3bcc908), ULLC(bb67ae85,84caa73b),
812 ULLC(3c6ef372,fe94f82b), ULLC(a54ff53a,5f1d36f1),
813 ULLC(510e527f,ade682d1), ULLC(9b05688c,2b3e6c1f),
814 ULLC(1f83d9ab,fb41bd6b), ULLC(5be0cd19,137e2179)
815 #endif
816 };
817
818
819 SHA512Context *
820 SHA512_NewContext(void)
821 {
822 SHA512Context *ctx = PORT_New(SHA512Context);
823 return ctx;
824 }
825
826 void
827 SHA512_DestroyContext(SHA512Context *ctx, PRBool freeit)
828 {
829 memset(ctx, 0, sizeof *ctx);
830 if (freeit) {
831 PORT_Free(ctx);
832 }
833 }
834
835 void
836 SHA512_Begin(SHA512Context *ctx)
837 {
838 memset(ctx, 0, sizeof *ctx);
839 memcpy(H, H512, sizeof H512);
840 }
841
842 #if defined(SHA512_TRACE)
843 #if defined(HAVE_LONG_LONG)
844 #define DUMP(n,a,d,e,h) printf(" t = %2d, %s = %016lx, %s = %016lx\n", \
845 n, #e, d, #a, h);
846 #else
847 #define DUMP(n,a,d,e,h) printf(" t = %2d, %s = %08x%08x, %s = %08x%08x\n", \
848 n, #e, d.hi, d.lo, #a, h.hi, h.lo);
849 #endif
850 #else
851 #define DUMP(n,a,d,e,h)
852 #endif
853
854 #if defined(HAVE_LONG_LONG)
855
856 #define ADDTO(x,y) y += x
857
858 #define INITW(t) W[t] = (s1(W[t-2]) + W[t-7] + s0(W[t-15]) + W[t-16])
859
860 #define ROUND(n,a,b,c,d,e,f,g,h) \
861 h += S1(e) + Ch(e,f,g) + K512[n] + W[n]; \
862 d += h; \
863 h += S0(a) + Maj(a,b,c); \
864 DUMP(n,a,d,e,h)
865
866 #else /* use only 32-bit variables, and don't unroll loops */
867
868 #undef NOUNROLL512
869 #define NOUNROLL512 1
870
871 #define ADDTO(x,y) y.lo += x.lo; y.hi += x.hi + (x.lo > y.lo)
872
873 #define ROTR64a(x,n,lo,hi) (x.lo >> n | x.hi << (32-n))
874 #define ROTR64A(x,n,lo,hi) (x.lo << (64-n) | x.hi >> (n-32))
875 #define SHR64a(x,n,lo,hi) (x.lo >> n | x.hi << (32-n))
876
877 /* Capitol Sigma and lower case sigma functions */
878 #define s0lo(x) (ROTR64a(x,1,lo,hi) ^ ROTR64a(x,8,lo,hi) ^ SHR64a(x,7,lo,hi))
879 #define s0hi(x) (ROTR64a(x,1,hi,lo) ^ ROTR64a(x,8,hi,lo) ^ (x.hi >> 7))
880
881 #define s1lo(x) (ROTR64a(x,19,lo,hi) ^ ROTR64A(x,61,lo,hi) ^ SHR64a(x,6,lo,hi))
882 #define s1hi(x) (ROTR64a(x,19,hi,lo) ^ ROTR64A(x,61,hi,lo) ^ (x.hi >> 6))
883
884 #define S0lo(x)(ROTR64a(x,28,lo,hi) ^ ROTR64A(x,34,lo,hi) ^ ROTR64A(x,39,lo,hi))
885 #define S0hi(x)(ROTR64a(x,28,hi,lo) ^ ROTR64A(x,34,hi,lo) ^ ROTR64A(x,39,hi,lo))
886
887 #define S1lo(x)(ROTR64a(x,14,lo,hi) ^ ROTR64a(x,18,lo,hi) ^ ROTR64A(x,41,lo,hi))
888 #define S1hi(x)(ROTR64a(x,14,hi,lo) ^ ROTR64a(x,18,hi,lo) ^ ROTR64A(x,41,hi,lo))
889
890 /* 32-bit versions of Ch and Maj */
891 #define Chxx(x,y,z,lo) ((x.lo & y.lo) ^ (~x.lo & z.lo))
892 #define Majx(x,y,z,lo) ((x.lo & y.lo) ^ (x.lo & z.lo) ^ (y.lo & z.lo))
893
894 #define INITW(t) \
895 do { \
896 PRUint32 lo, tm; \
897 PRUint32 cy = 0; \
898 lo = s1lo(W[t-2]); \
899 lo += (tm = W[t-7].lo); if (lo < tm) cy++; \
900 lo += (tm = s0lo(W[t-15])); if (lo < tm) cy++; \
901 lo += (tm = W[t-16].lo); if (lo < tm) cy++; \
902 W[t].lo = lo; \
903 W[t].hi = cy + s1hi(W[t-2]) + W[t-7].hi + s0hi(W[t-15]) + W[t-16].hi; \
904 } while (0)
905
906 #define ROUND(n,a,b,c,d,e,f,g,h) \
907 { \
908 PRUint32 lo, tm, cy; \
909 lo = S1lo(e); \
910 lo += (tm = Chxx(e,f,g,lo)); cy = (lo < tm); \
911 lo += (tm = K512[n].lo); if (lo < tm) cy++; \
912 lo += (tm = W[n].lo); if (lo < tm) cy++; \
913 h.lo += lo; if (h.lo < lo) cy++; \
914 h.hi += cy + S1hi(e) + Chxx(e,f,g,hi) + K512[n].hi + W[n].hi; \
915 d.lo += h.lo; \
916 d.hi += h.hi + (d.lo < h.lo); \
917 lo = S0lo(a); \
918 lo += (tm = Majx(a,b,c,lo)); cy = (lo < tm); \
919 h.lo += lo; if (h.lo < lo) cy++; \
920 h.hi += cy + S0hi(a) + Majx(a,b,c,hi); \
921 DUMP(n,a,d,e,h) \
922 }
923 #endif
924
925 static void
926 SHA512_Compress(SHA512Context *ctx)
927 {
928 #if defined(IS_LITTLE_ENDIAN)
929 {
930 BYTESWAP8(W[0]);
931 BYTESWAP8(W[1]);
932 BYTESWAP8(W[2]);
933 BYTESWAP8(W[3]);
934 BYTESWAP8(W[4]);
935 BYTESWAP8(W[5]);
936 BYTESWAP8(W[6]);
937 BYTESWAP8(W[7]);
938 BYTESWAP8(W[8]);
939 BYTESWAP8(W[9]);
940 BYTESWAP8(W[10]);
941 BYTESWAP8(W[11]);
942 BYTESWAP8(W[12]);
943 BYTESWAP8(W[13]);
944 BYTESWAP8(W[14]);
945 BYTESWAP8(W[15]);
946 }
947 #endif
948
949 {
950 #ifdef NOUNROLL512
951 {
952 /* prepare the "message schedule" */
953 int t;
954 for (t = 16; t < 80; ++t) {
955 INITW(t);
956 }
957 }
958 #else
959 INITW(16);
960 INITW(17);
961 INITW(18);
962 INITW(19);
963
964 INITW(20);
965 INITW(21);
966 INITW(22);
967 INITW(23);
968 INITW(24);
969 INITW(25);
970 INITW(26);
971 INITW(27);
972 INITW(28);
973 INITW(29);
974
975 INITW(30);
976 INITW(31);
977 INITW(32);
978 INITW(33);
979 INITW(34);
980 INITW(35);
981 INITW(36);
982 INITW(37);
983 INITW(38);
984 INITW(39);
985
986 INITW(40);
987 INITW(41);
988 INITW(42);
989 INITW(43);
990 INITW(44);
991 INITW(45);
992 INITW(46);
993 INITW(47);
994 INITW(48);
995 INITW(49);
996
997 INITW(50);
998 INITW(51);
999 INITW(52);
1000 INITW(53);
1001 INITW(54);
1002 INITW(55);
1003 INITW(56);
1004 INITW(57);
1005 INITW(58);
1006 INITW(59);
1007
1008 INITW(60);
1009 INITW(61);
1010 INITW(62);
1011 INITW(63);
1012 INITW(64);
1013 INITW(65);
1014 INITW(66);
1015 INITW(67);
1016 INITW(68);
1017 INITW(69);
1018
1019 INITW(70);
1020 INITW(71);
1021 INITW(72);
1022 INITW(73);
1023 INITW(74);
1024 INITW(75);
1025 INITW(76);
1026 INITW(77);
1027 INITW(78);
1028 INITW(79);
1029 #endif
1030 }
1031 #ifdef SHA512_TRACE
1032 {
1033 int i;
1034 for (i = 0; i < 80; ++i) {
1035 #ifdef HAVE_LONG_LONG
1036 printf("W[%2d] = %016lx\n", i, W[i]);
1037 #else
1038 printf("W[%2d] = %08x%08x\n", i, W[i].hi, W[i].lo);
1039 #endif
1040 }
1041 }
1042 #endif
1043 {
1044 PRUint64 a, b, c, d, e, f, g, h;
1045
1046 a = H[0];
1047 b = H[1];
1048 c = H[2];
1049 d = H[3];
1050 e = H[4];
1051 f = H[5];
1052 g = H[6];
1053 h = H[7];
1054
1055 #ifdef NOUNROLL512
1056 {
1057 int t;
1058 for (t = 0; t < 80; t+= 8) {
1059 ROUND(t+0,a,b,c,d,e,f,g,h)
1060 ROUND(t+1,h,a,b,c,d,e,f,g)
1061 ROUND(t+2,g,h,a,b,c,d,e,f)
1062 ROUND(t+3,f,g,h,a,b,c,d,e)
1063 ROUND(t+4,e,f,g,h,a,b,c,d)
1064 ROUND(t+5,d,e,f,g,h,a,b,c)
1065 ROUND(t+6,c,d,e,f,g,h,a,b)
1066 ROUND(t+7,b,c,d,e,f,g,h,a)
1067 }
1068 }
1069 #else
1070 ROUND( 0,a,b,c,d,e,f,g,h)
1071 ROUND( 1,h,a,b,c,d,e,f,g)
1072 ROUND( 2,g,h,a,b,c,d,e,f)
1073 ROUND( 3,f,g,h,a,b,c,d,e)
1074 ROUND( 4,e,f,g,h,a,b,c,d)
1075 ROUND( 5,d,e,f,g,h,a,b,c)
1076 ROUND( 6,c,d,e,f,g,h,a,b)
1077 ROUND( 7,b,c,d,e,f,g,h,a)
1078
1079 ROUND( 8,a,b,c,d,e,f,g,h)
1080 ROUND( 9,h,a,b,c,d,e,f,g)
1081 ROUND(10,g,h,a,b,c,d,e,f)
1082 ROUND(11,f,g,h,a,b,c,d,e)
1083 ROUND(12,e,f,g,h,a,b,c,d)
1084 ROUND(13,d,e,f,g,h,a,b,c)
1085 ROUND(14,c,d,e,f,g,h,a,b)
1086 ROUND(15,b,c,d,e,f,g,h,a)
1087
1088 ROUND(16,a,b,c,d,e,f,g,h)
1089 ROUND(17,h,a,b,c,d,e,f,g)
1090 ROUND(18,g,h,a,b,c,d,e,f)
1091 ROUND(19,f,g,h,a,b,c,d,e)
1092 ROUND(20,e,f,g,h,a,b,c,d)
1093 ROUND(21,d,e,f,g,h,a,b,c)
1094 ROUND(22,c,d,e,f,g,h,a,b)
1095 ROUND(23,b,c,d,e,f,g,h,a)
1096
1097 ROUND(24,a,b,c,d,e,f,g,h)
1098 ROUND(25,h,a,b,c,d,e,f,g)
1099 ROUND(26,g,h,a,b,c,d,e,f)
1100 ROUND(27,f,g,h,a,b,c,d,e)
1101 ROUND(28,e,f,g,h,a,b,c,d)
1102 ROUND(29,d,e,f,g,h,a,b,c)
1103 ROUND(30,c,d,e,f,g,h,a,b)
1104 ROUND(31,b,c,d,e,f,g,h,a)
1105
1106 ROUND(32,a,b,c,d,e,f,g,h)
1107 ROUND(33,h,a,b,c,d,e,f,g)
1108 ROUND(34,g,h,a,b,c,d,e,f)
1109 ROUND(35,f,g,h,a,b,c,d,e)
1110 ROUND(36,e,f,g,h,a,b,c,d)
1111 ROUND(37,d,e,f,g,h,a,b,c)
1112 ROUND(38,c,d,e,f,g,h,a,b)
1113 ROUND(39,b,c,d,e,f,g,h,a)
1114
1115 ROUND(40,a,b,c,d,e,f,g,h)
1116 ROUND(41,h,a,b,c,d,e,f,g)
1117 ROUND(42,g,h,a,b,c,d,e,f)
1118 ROUND(43,f,g,h,a,b,c,d,e)
1119 ROUND(44,e,f,g,h,a,b,c,d)
1120 ROUND(45,d,e,f,g,h,a,b,c)
1121 ROUND(46,c,d,e,f,g,h,a,b)
1122 ROUND(47,b,c,d,e,f,g,h,a)
1123
1124 ROUND(48,a,b,c,d,e,f,g,h)
1125 ROUND(49,h,a,b,c,d,e,f,g)
1126 ROUND(50,g,h,a,b,c,d,e,f)
1127 ROUND(51,f,g,h,a,b,c,d,e)
1128 ROUND(52,e,f,g,h,a,b,c,d)
1129 ROUND(53,d,e,f,g,h,a,b,c)
1130 ROUND(54,c,d,e,f,g,h,a,b)
1131 ROUND(55,b,c,d,e,f,g,h,a)
1132
1133 ROUND(56,a,b,c,d,e,f,g,h)
1134 ROUND(57,h,a,b,c,d,e,f,g)
1135 ROUND(58,g,h,a,b,c,d,e,f)
1136 ROUND(59,f,g,h,a,b,c,d,e)
1137 ROUND(60,e,f,g,h,a,b,c,d)
1138 ROUND(61,d,e,f,g,h,a,b,c)
1139 ROUND(62,c,d,e,f,g,h,a,b)
1140 ROUND(63,b,c,d,e,f,g,h,a)
1141
1142 ROUND(64,a,b,c,d,e,f,g,h)
1143 ROUND(65,h,a,b,c,d,e,f,g)
1144 ROUND(66,g,h,a,b,c,d,e,f)
1145 ROUND(67,f,g,h,a,b,c,d,e)
1146 ROUND(68,e,f,g,h,a,b,c,d)
1147 ROUND(69,d,e,f,g,h,a,b,c)
1148 ROUND(70,c,d,e,f,g,h,a,b)
1149 ROUND(71,b,c,d,e,f,g,h,a)
1150
1151 ROUND(72,a,b,c,d,e,f,g,h)
1152 ROUND(73,h,a,b,c,d,e,f,g)
1153 ROUND(74,g,h,a,b,c,d,e,f)
1154 ROUND(75,f,g,h,a,b,c,d,e)
1155 ROUND(76,e,f,g,h,a,b,c,d)
1156 ROUND(77,d,e,f,g,h,a,b,c)
1157 ROUND(78,c,d,e,f,g,h,a,b)
1158 ROUND(79,b,c,d,e,f,g,h,a)
1159 #endif
1160
1161 ADDTO(a,H[0]);
1162 ADDTO(b,H[1]);
1163 ADDTO(c,H[2]);
1164 ADDTO(d,H[3]);
1165 ADDTO(e,H[4]);
1166 ADDTO(f,H[5]);
1167 ADDTO(g,H[6]);
1168 ADDTO(h,H[7]);
1169 }
1170 }
1171
1172 void
1173 SHA512_Update(SHA512Context *ctx, const unsigned char *input,
1174 unsigned int inputLen)
1175 {
1176 unsigned int inBuf;
1177 if (!inputLen)
1178 return;
1179
1180 #if defined(HAVE_LONG_LONG)
1181 inBuf = (unsigned int)ctx->sizeLo & 0x7f;
1182 /* Add inputLen into the count of bytes processed, before processing */
1183 ctx->sizeLo += inputLen;
1184 #else
1185 inBuf = (unsigned int)ctx->sizeLo.lo & 0x7f;
1186 ctx->sizeLo.lo += inputLen;
1187 if (ctx->sizeLo.lo < inputLen) ctx->sizeLo.hi++;
1188 #endif
1189
1190 /* if data already in buffer, attemp to fill rest of buffer */
1191 if (inBuf) {
1192 unsigned int todo = SHA512_BLOCK_LENGTH - inBuf;
1193 if (inputLen < todo)
1194 todo = inputLen;
1195 memcpy(B + inBuf, input, todo);
1196 input += todo;
1197 inputLen -= todo;
1198 if (inBuf + todo == SHA512_BLOCK_LENGTH)
1199 SHA512_Compress(ctx);
1200 }
1201
1202 /* if enough data to fill one or more whole buffers, process them. */
1203 while (inputLen >= SHA512_BLOCK_LENGTH) {
1204 memcpy(B, input, SHA512_BLOCK_LENGTH);
1205 input += SHA512_BLOCK_LENGTH;
1206 inputLen -= SHA512_BLOCK_LENGTH;
1207 SHA512_Compress(ctx);
1208 }
1209 /* if data left over, fill it into buffer */
1210 if (inputLen)
1211 memcpy(B, input, inputLen);
1212 }
1213
1214 void
1215 SHA512_End(SHA512Context *ctx, unsigned char *digest,
1216 unsigned int *digestLen, unsigned int maxDigestLen)
1217 {
1218 #if defined(HAVE_LONG_LONG)
1219 unsigned int inBuf = (unsigned int)ctx->sizeLo & 0x7f;
1220 #else
1221 unsigned int inBuf = (unsigned int)ctx->sizeLo.lo & 0x7f;
1222 #endif
1223 unsigned int padLen = (inBuf < 112) ? (112 - inBuf) : (112 + 128 - inBuf);
1224 PRUint64 lo;
1225 LL_SHL(lo, ctx->sizeLo, 3);
1226
1227 SHA512_Update(ctx, pad, padLen);
1228
1229 #if defined(HAVE_LONG_LONG)
1230 W[14] = 0;
1231 #else
1232 W[14].lo = 0;
1233 W[14].hi = 0;
1234 #endif
1235
1236 W[15] = lo;
1237 #if defined(IS_LITTLE_ENDIAN)
1238 BYTESWAP8(W[15]);
1239 #endif
1240 SHA512_Compress(ctx);
1241
1242 /* now output the answer */
1243 #if defined(IS_LITTLE_ENDIAN)
1244 BYTESWAP8(H[0]);
1245 BYTESWAP8(H[1]);
1246 BYTESWAP8(H[2]);
1247 BYTESWAP8(H[3]);
1248 BYTESWAP8(H[4]);
1249 BYTESWAP8(H[5]);
1250 BYTESWAP8(H[6]);
1251 BYTESWAP8(H[7]);
1252 #endif
1253 padLen = PR_MIN(SHA512_LENGTH, maxDigestLen);
1254 memcpy(digest, H, padLen);
1255 if (digestLen)
1256 *digestLen = padLen;
1257 }
1258
1259 void
1260 SHA512_EndRaw(SHA512Context *ctx, unsigned char *digest,
1261 unsigned int *digestLen, unsigned int maxDigestLen)
1262 {
1263 PRUint64 h[8];
1264 unsigned int len;
1265
1266 memcpy(h, ctx->h, sizeof(h));
1267
1268 #if defined(IS_LITTLE_ENDIAN)
1269 BYTESWAP8(h[0]);
1270 BYTESWAP8(h[1]);
1271 BYTESWAP8(h[2]);
1272 BYTESWAP8(h[3]);
1273 BYTESWAP8(h[4]);
1274 BYTESWAP8(h[5]);
1275 BYTESWAP8(h[6]);
1276 BYTESWAP8(h[7]);
1277 #endif
1278 len = PR_MIN(SHA512_LENGTH, maxDigestLen);
1279 memcpy(digest, h, len);
1280 if (digestLen)
1281 *digestLen = len;
1282 }
1283
1284 SECStatus
1285 SHA512_HashBuf(unsigned char *dest, const unsigned char *src,
1286 PRUint32 src_length)
1287 {
1288 SHA512Context ctx;
1289 unsigned int outLen;
1290
1291 SHA512_Begin(&ctx);
1292 SHA512_Update(&ctx, src, src_length);
1293 SHA512_End(&ctx, dest, &outLen, SHA512_LENGTH);
1294 memset(&ctx, 0, sizeof ctx);
1295
1296 return SECSuccess;
1297 }
1298
1299
1300 SECStatus
1301 SHA512_Hash(unsigned char *dest, const char *src)
1302 {
1303 return SHA512_HashBuf(dest, (const unsigned char *)src, PORT_Strlen(src));
1304 }
1305
1306
1307 void SHA512_TraceState(SHA512Context *ctx) { }
1308
1309 unsigned int
1310 SHA512_FlattenSize(SHA512Context *ctx)
1311 {
1312 return sizeof *ctx;
1313 }
1314
1315 SECStatus
1316 SHA512_Flatten(SHA512Context *ctx,unsigned char *space)
1317 {
1318 PORT_Memcpy(space, ctx, sizeof *ctx);
1319 return SECSuccess;
1320 }
1321
1322 SHA512Context *
1323 SHA512_Resurrect(unsigned char *space, void *arg)
1324 {
1325 SHA512Context *ctx = SHA512_NewContext();
1326 if (ctx)
1327 PORT_Memcpy(ctx, space, sizeof *ctx);
1328 return ctx;
1329 }
1330
1331 void SHA512_Clone(SHA512Context *dest, SHA512Context *src)
1332 {
1333 memcpy(dest, src, sizeof *dest);
1334 }
1335
1336 /* ======================================================================= */
1337 /* SHA384 uses a SHA512Context as the real context.
1338 ** The only differences between SHA384 an SHA512 are:
1339 ** a) the intialization values for the context, and
1340 ** b) the number of bytes of data produced as output.
1341 */
1342
1343 /* SHA-384 initial hash values */
1344 static const PRUint64 H384[8] = {
1345 #if PR_BYTES_PER_LONG == 8
1346 0xcbbb9d5dc1059ed8UL , 0x629a292a367cd507UL ,
1347 0x9159015a3070dd17UL , 0x152fecd8f70e5939UL ,
1348 0x67332667ffc00b31UL , 0x8eb44a8768581511UL ,
1349 0xdb0c2e0d64f98fa7UL , 0x47b5481dbefa4fa4UL
1350 #else
1351 ULLC(cbbb9d5d,c1059ed8), ULLC(629a292a,367cd507),
1352 ULLC(9159015a,3070dd17), ULLC(152fecd8,f70e5939),
1353 ULLC(67332667,ffc00b31), ULLC(8eb44a87,68581511),
1354 ULLC(db0c2e0d,64f98fa7), ULLC(47b5481d,befa4fa4)
1355 #endif
1356 };
1357
1358 SHA384Context *
1359 SHA384_NewContext(void)
1360 {
1361 return SHA512_NewContext();
1362 }
1363
1364 void
1365 SHA384_DestroyContext(SHA384Context *ctx, PRBool freeit)
1366 {
1367 SHA512_DestroyContext(ctx, freeit);
1368 }
1369
1370 void
1371 SHA384_Begin(SHA384Context *ctx)
1372 {
1373 memset(ctx, 0, sizeof *ctx);
1374 memcpy(H, H384, sizeof H384);
1375 }
1376
1377 void
1378 SHA384_Update(SHA384Context *ctx, const unsigned char *input,
1379 unsigned int inputLen)
1380 {
1381 SHA512_Update(ctx, input, inputLen);
1382 }
1383
1384 void
1385 SHA384_End(SHA384Context *ctx, unsigned char *digest,
1386 unsigned int *digestLen, unsigned int maxDigestLen)
1387 {
1388 unsigned int maxLen = SHA_MIN(maxDigestLen, SHA384_LENGTH);
1389 SHA512_End(ctx, digest, digestLen, maxLen);
1390 }
1391
1392 void
1393 SHA384_EndRaw(SHA384Context *ctx, unsigned char *digest,
1394 unsigned int *digestLen, unsigned int maxDigestLen)
1395 {
1396 unsigned int maxLen = SHA_MIN(maxDigestLen, SHA384_LENGTH);
1397 SHA512_EndRaw(ctx, digest, digestLen, maxLen);
1398 }
1399
1400 SECStatus
1401 SHA384_HashBuf(unsigned char *dest, const unsigned char *src,
1402 PRUint32 src_length)
1403 {
1404 SHA512Context ctx;
1405 unsigned int outLen;
1406
1407 SHA384_Begin(&ctx);
1408 SHA512_Update(&ctx, src, src_length);
1409 SHA512_End(&ctx, dest, &outLen, SHA384_LENGTH);
1410 memset(&ctx, 0, sizeof ctx);
1411
1412 return SECSuccess;
1413 }
1414
1415 SECStatus
1416 SHA384_Hash(unsigned char *dest, const char *src)
1417 {
1418 return SHA384_HashBuf(dest, (const unsigned char *)src, PORT_Strlen(src));
1419 }
1420
1421 void SHA384_TraceState(SHA384Context *ctx) { }
1422
1423 unsigned int
1424 SHA384_FlattenSize(SHA384Context *ctx)
1425 {
1426 return sizeof(SHA384Context);
1427 }
1428
1429 SECStatus
1430 SHA384_Flatten(SHA384Context *ctx,unsigned char *space)
1431 {
1432 return SHA512_Flatten(ctx, space);
1433 }
1434
1435 SHA384Context *
1436 SHA384_Resurrect(unsigned char *space, void *arg)
1437 {
1438 return SHA512_Resurrect(space, arg);
1439 }
1440
1441 void SHA384_Clone(SHA384Context *dest, SHA384Context *src)
1442 {
1443 memcpy(dest, src, sizeof *dest);
1444 }
1445
1446 /* ======================================================================= */
1447 #ifdef SELFTEST
1448 #include <stdio.h>
1449
1450 static const char abc[] = { "abc" };
1451 static const char abcdbc[] = {
1452 "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
1453 };
1454 static const char abcdef[] = {
1455 "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn"
1456 "hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"
1457 };
1458
1459 void
1460 dumpHash32(const unsigned char *buf, unsigned int bufLen)
1461 {
1462 unsigned int i;
1463 for (i = 0; i < bufLen; i += 4) {
1464 printf(" %02x%02x%02x%02x", buf[i], buf[i+1], buf[i+2], buf[i+3]);
1465 }
1466 printf("\n");
1467 }
1468
1469 void test256(void)
1470 {
1471 unsigned char outBuf[SHA256_LENGTH];
1472
1473 printf("SHA256, input = %s\n", abc);
1474 SHA256_Hash(outBuf, abc);
1475 dumpHash32(outBuf, sizeof outBuf);
1476
1477 printf("SHA256, input = %s\n", abcdbc);
1478 SHA256_Hash(outBuf, abcdbc);
1479 dumpHash32(outBuf, sizeof outBuf);
1480 }
1481
1482 void test224(void)
1483 {
1484 SHA224Context ctx;
1485 unsigned char a1000times[1000];
1486 unsigned int outLen;
1487 unsigned char outBuf[SHA224_LENGTH];
1488 int i;
1489
1490 /* Test Vector 1 */
1491 printf("SHA224, input = %s\n", abc);
1492 SHA224_Hash(outBuf, abc);
1493 dumpHash32(outBuf, sizeof outBuf);
1494
1495 /* Test Vector 2 */
1496 printf("SHA224, input = %s\n", abcdbc);
1497 SHA224_Hash(outBuf, abcdbc);
1498 dumpHash32(outBuf, sizeof outBuf);
1499
1500 /* Test Vector 3 */
1501
1502 /* to hash one million 'a's perform 1000
1503 * sha224 updates on a buffer with 1000 'a's
1504 */
1505 memset(a1000times, 'a', 1000);
1506 printf("SHA224, input = %s\n", "a one million times");
1507 SHA224_Begin(&ctx);
1508 for (i = 0; i < 1000; i++)
1509 SHA224_Update(&ctx, a1000times, 1000);
1510 SHA224_End(&ctx, outBuf, &outLen, SHA224_LENGTH);
1511 dumpHash32(outBuf, sizeof outBuf);
1512 }
1513
1514 void
1515 dumpHash64(const unsigned char *buf, unsigned int bufLen)
1516 {
1517 unsigned int i;
1518 for (i = 0; i < bufLen; i += 8) {
1519 if (i % 32 == 0)
1520 printf("\n");
1521 printf(" %02x%02x%02x%02x%02x%02x%02x%02x",
1522 buf[i ], buf[i+1], buf[i+2], buf[i+3],
1523 buf[i+4], buf[i+5], buf[i+6], buf[i+7]);
1524 }
1525 printf("\n");
1526 }
1527
1528 void test512(void)
1529 {
1530 unsigned char outBuf[SHA512_LENGTH];
1531
1532 printf("SHA512, input = %s\n", abc);
1533 SHA512_Hash(outBuf, abc);
1534 dumpHash64(outBuf, sizeof outBuf);
1535
1536 printf("SHA512, input = %s\n", abcdef);
1537 SHA512_Hash(outBuf, abcdef);
1538 dumpHash64(outBuf, sizeof outBuf);
1539 }
1540
1541 void time512(void)
1542 {
1543 unsigned char outBuf[SHA512_LENGTH];
1544
1545 SHA512_Hash(outBuf, abc);
1546 SHA512_Hash(outBuf, abcdef);
1547 }
1548
1549 void test384(void)
1550 {
1551 unsigned char outBuf[SHA384_LENGTH];
1552
1553 printf("SHA384, input = %s\n", abc);
1554 SHA384_Hash(outBuf, abc);
1555 dumpHash64(outBuf, sizeof outBuf);
1556
1557 printf("SHA384, input = %s\n", abcdef);
1558 SHA384_Hash(outBuf, abcdef);
1559 dumpHash64(outBuf, sizeof outBuf);
1560 }
1561
1562 int main (int argc, char *argv[], char *envp[])
1563 {
1564 int i = 1;
1565 if (argc > 1) {
1566 i = atoi(argv[1]);
1567 }
1568 if (i < 2) {
1569 test224();
1570 test256();
1571 test384();
1572 test512();
1573 } else {
1574 while (i-- > 0) {
1575 time512();
1576 }
1577 printf("done\n");
1578 }
1579 return 0;
1580 }
1581
1582 void *PORT_Alloc(size_t len) { return malloc(len); }
1583 void PORT_Free(void *ptr) { free(ptr); }
1584 void PORT_ZFree(void *ptr, size_t len) { memset(ptr, 0, len); free(ptr); }
1585 #endif
OLDNEW
« no previous file with comments | « nss/lib/freebl/sha256.h ('k') | nss/lib/freebl/sha_fast.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698