Mercurial > dropbear

comparison libtomcrypt/src/hashes/sha2/sha512.c @ 1471:6dba84798cd5

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Update to libtomcrypt 1.18.1, merged with Dropbear changes
author Matt Johnston <matt@ucc.asn.au>
date Fri, 09 Feb 2018 21:44:05 +0800
parents f849a5ca2efc
children
comparison
equal deleted inserted replaced
1470:8bba51a55704 1471:6dba84798cd5
3 * LibTomCrypt is a library that provides various cryptographic 3 * LibTomCrypt is a library that provides various cryptographic
4 * algorithms in a highly modular and flexible manner. 4 * algorithms in a highly modular and flexible manner.
5 * 5 *
6 * The library is free for all purposes without any express 6 * The library is free for all purposes without any express
7 * guarantee it works. 7 * guarantee it works.
8 *
9 * Tom St Denis, [email protected], http://libtom.org
10 */ 8 */
11 #include "tomcrypt.h" 9 #include "tomcrypt.h"
12 10
13 /** 11 /**
14 @param sha512.c 12 @param sha512.c
15 LTC_SHA512 by Tom St Denis 13 LTC_SHA512 by Tom St Denis
16 */ 14 */
17 15
18 #ifdef LTC_SHA512 16 #ifdef LTC_SHA512
19 17
20 const struct ltc_hash_descriptor sha512_desc = 18 const struct ltc_hash_descriptor sha512_desc =
35 NULL 33 NULL
36 }; 34 };
37 35
38 /* the K array */ 36 /* the K array */
39 static const ulong64 K[80] = { 37 static const ulong64 K[80] = {
40 CONST64(0x428a2f98d728ae22), CONST64(0x7137449123ef65cd), 38 CONST64(0x428a2f98d728ae22), CONST64(0x7137449123ef65cd),
41 CONST64(0xb5c0fbcfec4d3b2f), CONST64(0xe9b5dba58189dbbc), 39 CONST64(0xb5c0fbcfec4d3b2f), CONST64(0xe9b5dba58189dbbc),
42 CONST64(0x3956c25bf348b538), CONST64(0x59f111f1b605d019), 40 CONST64(0x3956c25bf348b538), CONST64(0x59f111f1b605d019),
43 CONST64(0x923f82a4af194f9b), CONST64(0xab1c5ed5da6d8118), 41 CONST64(0x923f82a4af194f9b), CONST64(0xab1c5ed5da6d8118),
44 CONST64(0xd807aa98a3030242), CONST64(0x12835b0145706fbe), 42 CONST64(0xd807aa98a3030242), CONST64(0x12835b0145706fbe),
45 CONST64(0x243185be4ee4b28c), CONST64(0x550c7dc3d5ffb4e2), 43 CONST64(0x243185be4ee4b28c), CONST64(0x550c7dc3d5ffb4e2),
46 CONST64(0x72be5d74f27b896f), CONST64(0x80deb1fe3b1696b1), 44 CONST64(0x72be5d74f27b896f), CONST64(0x80deb1fe3b1696b1),
47 CONST64(0x9bdc06a725c71235), CONST64(0xc19bf174cf692694), 45 CONST64(0x9bdc06a725c71235), CONST64(0xc19bf174cf692694),
48 CONST64(0xe49b69c19ef14ad2), CONST64(0xefbe4786384f25e3), 46 CONST64(0xe49b69c19ef14ad2), CONST64(0xefbe4786384f25e3),
49 CONST64(0x0fc19dc68b8cd5b5), CONST64(0x240ca1cc77ac9c65), 47 CONST64(0x0fc19dc68b8cd5b5), CONST64(0x240ca1cc77ac9c65),
50 CONST64(0x2de92c6f592b0275), CONST64(0x4a7484aa6ea6e483), 48 CONST64(0x2de92c6f592b0275), CONST64(0x4a7484aa6ea6e483),
51 CONST64(0x5cb0a9dcbd41fbd4), CONST64(0x76f988da831153b5), 49 CONST64(0x5cb0a9dcbd41fbd4), CONST64(0x76f988da831153b5),
52 CONST64(0x983e5152ee66dfab), CONST64(0xa831c66d2db43210), 50 CONST64(0x983e5152ee66dfab), CONST64(0xa831c66d2db43210),
53 CONST64(0xb00327c898fb213f), CONST64(0xbf597fc7beef0ee4), 51 CONST64(0xb00327c898fb213f), CONST64(0xbf597fc7beef0ee4),
54 CONST64(0xc6e00bf33da88fc2), CONST64(0xd5a79147930aa725), 52 CONST64(0xc6e00bf33da88fc2), CONST64(0xd5a79147930aa725),
55 CONST64(0x06ca6351e003826f), CONST64(0x142929670a0e6e70), 53 CONST64(0x06ca6351e003826f), CONST64(0x142929670a0e6e70),
56 CONST64(0x27b70a8546d22ffc), CONST64(0x2e1b21385c26c926), 54 CONST64(0x27b70a8546d22ffc), CONST64(0x2e1b21385c26c926),
57 CONST64(0x4d2c6dfc5ac42aed), CONST64(0x53380d139d95b3df), 55 CONST64(0x4d2c6dfc5ac42aed), CONST64(0x53380d139d95b3df),
58 CONST64(0x650a73548baf63de), CONST64(0x766a0abb3c77b2a8), 56 CONST64(0x650a73548baf63de), CONST64(0x766a0abb3c77b2a8),
59 CONST64(0x81c2c92e47edaee6), CONST64(0x92722c851482353b), 57 CONST64(0x81c2c92e47edaee6), CONST64(0x92722c851482353b),
60 CONST64(0xa2bfe8a14cf10364), CONST64(0xa81a664bbc423001), 58 CONST64(0xa2bfe8a14cf10364), CONST64(0xa81a664bbc423001),
61 CONST64(0xc24b8b70d0f89791), CONST64(0xc76c51a30654be30), 59 CONST64(0xc24b8b70d0f89791), CONST64(0xc76c51a30654be30),
62 CONST64(0xd192e819d6ef5218), CONST64(0xd69906245565a910), 60 CONST64(0xd192e819d6ef5218), CONST64(0xd69906245565a910),
63 CONST64(0xf40e35855771202a), CONST64(0x106aa07032bbd1b8), 61 CONST64(0xf40e35855771202a), CONST64(0x106aa07032bbd1b8),
64 CONST64(0x19a4c116b8d2d0c8), CONST64(0x1e376c085141ab53), 62 CONST64(0x19a4c116b8d2d0c8), CONST64(0x1e376c085141ab53),
65 CONST64(0x2748774cdf8eeb99), CONST64(0x34b0bcb5e19b48a8), 63 CONST64(0x2748774cdf8eeb99), CONST64(0x34b0bcb5e19b48a8),
66 CONST64(0x391c0cb3c5c95a63), CONST64(0x4ed8aa4ae3418acb), 64 CONST64(0x391c0cb3c5c95a63), CONST64(0x4ed8aa4ae3418acb),
67 CONST64(0x5b9cca4f7763e373), CONST64(0x682e6ff3d6b2b8a3), 65 CONST64(0x5b9cca4f7763e373), CONST64(0x682e6ff3d6b2b8a3),
68 CONST64(0x748f82ee5defb2fc), CONST64(0x78a5636f43172f60), 66 CONST64(0x748f82ee5defb2fc), CONST64(0x78a5636f43172f60),
69 CONST64(0x84c87814a1f0ab72), CONST64(0x8cc702081a6439ec), 67 CONST64(0x84c87814a1f0ab72), CONST64(0x8cc702081a6439ec),
70 CONST64(0x90befffa23631e28), CONST64(0xa4506cebde82bde9), 68 CONST64(0x90befffa23631e28), CONST64(0xa4506cebde82bde9),
71 CONST64(0xbef9a3f7b2c67915), CONST64(0xc67178f2e372532b), 69 CONST64(0xbef9a3f7b2c67915), CONST64(0xc67178f2e372532b),
72 CONST64(0xca273eceea26619c), CONST64(0xd186b8c721c0c207), 70 CONST64(0xca273eceea26619c), CONST64(0xd186b8c721c0c207),
73 CONST64(0xeada7dd6cde0eb1e), CONST64(0xf57d4f7fee6ed178), 71 CONST64(0xeada7dd6cde0eb1e), CONST64(0xf57d4f7fee6ed178),
74 CONST64(0x06f067aa72176fba), CONST64(0x0a637dc5a2c898a6), 72 CONST64(0x06f067aa72176fba), CONST64(0x0a637dc5a2c898a6),
75 CONST64(0x113f9804bef90dae), CONST64(0x1b710b35131c471b), 73 CONST64(0x113f9804bef90dae), CONST64(0x1b710b35131c471b),
76 CONST64(0x28db77f523047d84), CONST64(0x32caab7b40c72493), 74 CONST64(0x28db77f523047d84), CONST64(0x32caab7b40c72493),
77 CONST64(0x3c9ebe0a15c9bebc), CONST64(0x431d67c49c100d4c), 75 CONST64(0x3c9ebe0a15c9bebc), CONST64(0x431d67c49c100d4c),
78 CONST64(0x4cc5d4becb3e42b6), CONST64(0x597f299cfc657e2a), 76 CONST64(0x4cc5d4becb3e42b6), CONST64(0x597f299cfc657e2a),
79 CONST64(0x5fcb6fab3ad6faec), CONST64(0x6c44198c4a475817) 77 CONST64(0x5fcb6fab3ad6faec), CONST64(0x6c44198c4a475817)
80 }; 78 };
81 79
82 /* Various logical functions */ 80 /* Various logical functions */
83 #define Ch(x,y,z) (z ^ (x & (y ^ z))) 81 #define Ch(x,y,z) (z ^ (x & (y ^ z)))
84 #define Maj(x,y,z) (((x | y) & z) | (x & y)) 82 #define Maj(x,y,z) (((x | y) & z) | (x & y))
85 #define S(x, n) ROR64c(x, n) 83 #define S(x, n) ROR64c(x, n)
86 #define R(x, n) (((x)&CONST64(0xFFFFFFFFFFFFFFFF))>>((ulong64)n)) 84 #define R(x, n) (((x)&CONST64(0xFFFFFFFFFFFFFFFF))>>((ulong64)n))
87 #define Sigma0(x) (S(x, 28) ^ S(x, 34) ^ S(x, 39)) 85 #define Sigma0(x) (S(x, 28) ^ S(x, 34) ^ S(x, 39))
88 #define Sigma1(x) (S(x, 14) ^ S(x, 18) ^ S(x, 41)) 86 #define Sigma1(x) (S(x, 14) ^ S(x, 18) ^ S(x, 41))
89 #define Gamma0(x) (S(x, 1) ^ S(x, 8) ^ R(x, 7)) 87 #define Gamma0(x) (S(x, 1) ^ S(x, 8) ^ R(x, 7))
110 } 108 }
111 109
112 /* fill W[16..79] */ 110 /* fill W[16..79] */
113 for (i = 16; i < 80; i++) { 111 for (i = 16; i < 80; i++) {
114 W[i] = Gamma1(W[i - 2]) + W[i - 7] + Gamma0(W[i - 15]) + W[i - 16]; 112 W[i] = Gamma1(W[i - 2]) + W[i - 7] + Gamma0(W[i - 15]) + W[i - 16];
115 } 113 }
116 114
117 /* Compress */ 115 /* Compress */
118 #ifdef LTC_SMALL_CODE 116 #ifdef LTC_SMALL_CODE
119 for (i = 0; i < 80; i++) { 117 for (i = 0; i < 80; i++) {
120 t0 = S[7] + Sigma1(S[4]) + Ch(S[4], S[5], S[6]) + K[i] + W[i]; 118 t0 = S[7] + Sigma1(S[4]) + Ch(S[4], S[5], S[6]) + K[i] + W[i];
133 t0 = h + Sigma1(e) + Ch(e, f, g) + K[i] + W[i]; \ 131 t0 = h + Sigma1(e) + Ch(e, f, g) + K[i] + W[i]; \
134 t1 = Sigma0(a) + Maj(a, b, c); \ 132 t1 = Sigma0(a) + Maj(a, b, c); \
135 d += t0; \ 133 d += t0; \
136 h = t0 + t1; 134 h = t0 + t1;
137 135
138 for (i = 0; i < 80; i += 8) { 136 for (i = 0; i < 80; i += 8) {
139 RND(S[0],S[1],S[2],S[3],S[4],S[5],S[6],S[7],i+0); 137 RND(S[0],S[1],S[2],S[3],S[4],S[5],S[6],S[7],i+0);
140 RND(S[7],S[0],S[1],S[2],S[3],S[4],S[5],S[6],i+1); 138 RND(S[7],S[0],S[1],S[2],S[3],S[4],S[5],S[6],i+1);
141 RND(S[6],S[7],S[0],S[1],S[2],S[3],S[4],S[5],i+2); 139 RND(S[6],S[7],S[0],S[1],S[2],S[3],S[4],S[5],i+2);
142 RND(S[5],S[6],S[7],S[0],S[1],S[2],S[3],S[4],i+3); 140 RND(S[5],S[6],S[7],S[0],S[1],S[2],S[3],S[4],i+3);
143 RND(S[4],S[5],S[6],S[7],S[0],S[1],S[2],S[3],i+4); 141 RND(S[4],S[5],S[6],S[7],S[0],S[1],S[2],S[3],i+4);
144 RND(S[3],S[4],S[5],S[6],S[7],S[0],S[1],S[2],i+5); 142 RND(S[3],S[4],S[5],S[6],S[7],S[0],S[1],S[2],i+5);
145 RND(S[2],S[3],S[4],S[5],S[6],S[7],S[0],S[1],i+6); 143 RND(S[2],S[3],S[4],S[5],S[6],S[7],S[0],S[1],i+6);
146 RND(S[1],S[2],S[3],S[4],S[5],S[6],S[7],S[0],i+7); 144 RND(S[1],S[2],S[3],S[4],S[5],S[6],S[7],S[0],i+7);
147 } 145 }
148 #endif 146 #endif
149 147
150 148
151 /* feedback */ 149 /* feedback */
152 for (i = 0; i < 8; i++) { 150 for (i = 0; i < 8; i++) {
153 md->sha512.state[i] = md->sha512.state[i] + S[i]; 151 md->sha512.state[i] = md->sha512.state[i] + S[i];
230 } 228 }
231 sha512_compress(md, md->sha512.buf); 229 sha512_compress(md, md->sha512.buf);
232 md->sha512.curlen = 0; 230 md->sha512.curlen = 0;
233 } 231 }
234 232
235 /* pad upto 120 bytes of zeroes 233 /* pad upto 120 bytes of zeroes
236 * note: that from 112 to 120 is the 64 MSB of the length. We assume that you won't hash 234 * note: that from 112 to 120 is the 64 MSB of the length. We assume that you won't hash
237 * > 2^64 bits of data... :-) 235 * > 2^64 bits of data... :-)
238 */ 236 */
239 while (md->sha512.curlen < 120) { 237 while (md->sha512.curlen < 120) {
240 md->sha512.buf[md->sha512.curlen++] = (unsigned char)0; 238 md->sha512.buf[md->sha512.curlen++] = (unsigned char)0;
255 } 253 }
256 254
257 /** 255 /**
258 Self-test the hash 256 Self-test the hash
259 @return CRYPT_OK if successful, CRYPT_NOP if self-tests have been disabled 257 @return CRYPT_OK if successful, CRYPT_NOP if self-tests have been disabled
260 */ 258 */
261 int sha512_test(void) 259 int sha512_test(void)
262 { 260 {
263 #ifndef LTC_TEST 261 #ifndef LTC_TEST
264 return CRYPT_NOP; 262 return CRYPT_NOP;
265 #else 263 #else
266 static const struct { 264 static const struct {
267 char *msg; 265 const char *msg;
268 unsigned char hash[64]; 266 unsigned char hash[64];
269 } tests[] = { 267 } tests[] = {
270 { "abc", 268 { "abc",
271 { 0xdd, 0xaf, 0x35, 0xa1, 0x93, 0x61, 0x7a, 0xba, 269 { 0xdd, 0xaf, 0x35, 0xa1, 0x93, 0x61, 0x7a, 0xba,
272 0xcc, 0x41, 0x73, 0x49, 0xae, 0x20, 0x41, 0x31, 270 0xcc, 0x41, 0x73, 0x49, 0xae, 0x20, 0x41, 0x31,
295 293
296 for (i = 0; i < (int)(sizeof(tests) / sizeof(tests[0])); i++) { 294 for (i = 0; i < (int)(sizeof(tests) / sizeof(tests[0])); i++) {
297 sha512_init(&md); 295 sha512_init(&md);
298 sha512_process(&md, (unsigned char *)tests[i].msg, (unsigned long)strlen(tests[i].msg)); 296 sha512_process(&md, (unsigned char *)tests[i].msg, (unsigned long)strlen(tests[i].msg));
299 sha512_done(&md, tmp); 297 sha512_done(&md, tmp);
300 if (XMEMCMP(tmp, tests[i].hash, 64) != 0) { 298 if (compare_testvector(tmp, sizeof(tmp), tests[i].hash, sizeof(tests[i].hash), "SHA512", i)) {
301 return CRYPT_FAIL_TESTVECTOR; 299 return CRYPT_FAIL_TESTVECTOR;
302 } 300 }
303 } 301 }
304 return CRYPT_OK; 302 return CRYPT_OK;
305 #endif 303 #endif
306 } 304 }
307 305
308 #ifdef LTC_SHA384 306 #endif
309 #include "sha384.c" 307
310 #endif 308
311 309
312 #endif 310
313 311 /* ref: $Format:%D$ */
314 312 /* git commit: $Format:%H$ */
315 313 /* commit time: $Format:%ai$ */
316
317 /* $Source$ */
318 /* $Revision$ */
319 /* $Date$ */