Mercurial > dropbear

comparison sha512.c @ 20:b939f2d4431e libtomcrypt

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Include files accidentally zeroed when merging 0.96 release
author Matt Johnston <matt@ucc.asn.au>
date Tue, 15 Jun 2004 16:47:55 +0000
parents 09ab3354aa21
children 7ed585a2c53b
comparison
equal deleted inserted replaced
18:712dd6dfb0eb 20:b939f2d4431e
1 /* LibTomCrypt, modular cryptographic library -- Tom St Denis
2 *
3 * LibTomCrypt is a library that provides various cryptographic
4 * algorithms in a highly modular and flexible manner.
5 *
6 * The library is free for all purposes without any express
7 * guarantee it works.
8 *
9 * Tom St Denis, [email protected], http://libtomcrypt.org
10 */
11
12 /* SHA512 by Tom St Denis */
13
14 #include "mycrypt.h"
15
16 #ifdef SHA512
17
18 const struct _hash_descriptor sha512_desc =
19 {
20 "sha512",
21 5,
22 64,
23 128,
24
25 /* DER identifier */
26 { 0x30, 0x51, 0x30, 0x0D, 0x06, 0x09, 0x60, 0x86,
27 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x05,
28 0x00, 0x04, 0x40 },
29 19,
30
31 &sha512_init,
32 &sha512_process,
33 &sha512_done,
34 &sha512_test
35 };
36
37 /* the K array */
38 static const ulong64 K[80] = {
39 CONST64(0x428a2f98d728ae22), CONST64(0x7137449123ef65cd),
40 CONST64(0xb5c0fbcfec4d3b2f), CONST64(0xe9b5dba58189dbbc),
41 CONST64(0x3956c25bf348b538), CONST64(0x59f111f1b605d019),
42 CONST64(0x923f82a4af194f9b), CONST64(0xab1c5ed5da6d8118),
43 CONST64(0xd807aa98a3030242), CONST64(0x12835b0145706fbe),
44 CONST64(0x243185be4ee4b28c), CONST64(0x550c7dc3d5ffb4e2),
45 CONST64(0x72be5d74f27b896f), CONST64(0x80deb1fe3b1696b1),
46 CONST64(0x9bdc06a725c71235), CONST64(0xc19bf174cf692694),
47 CONST64(0xe49b69c19ef14ad2), CONST64(0xefbe4786384f25e3),
48 CONST64(0x0fc19dc68b8cd5b5), CONST64(0x240ca1cc77ac9c65),
49 CONST64(0x2de92c6f592b0275), CONST64(0x4a7484aa6ea6e483),
50 CONST64(0x5cb0a9dcbd41fbd4), CONST64(0x76f988da831153b5),
51 CONST64(0x983e5152ee66dfab), CONST64(0xa831c66d2db43210),
52 CONST64(0xb00327c898fb213f), CONST64(0xbf597fc7beef0ee4),
53 CONST64(0xc6e00bf33da88fc2), CONST64(0xd5a79147930aa725),
54 CONST64(0x06ca6351e003826f), CONST64(0x142929670a0e6e70),
55 CONST64(0x27b70a8546d22ffc), CONST64(0x2e1b21385c26c926),
56 CONST64(0x4d2c6dfc5ac42aed), CONST64(0x53380d139d95b3df),
57 CONST64(0x650a73548baf63de), CONST64(0x766a0abb3c77b2a8),
58 CONST64(0x81c2c92e47edaee6), CONST64(0x92722c851482353b),
59 CONST64(0xa2bfe8a14cf10364), CONST64(0xa81a664bbc423001),
60 CONST64(0xc24b8b70d0f89791), CONST64(0xc76c51a30654be30),
61 CONST64(0xd192e819d6ef5218), CONST64(0xd69906245565a910),
62 CONST64(0xf40e35855771202a), CONST64(0x106aa07032bbd1b8),
63 CONST64(0x19a4c116b8d2d0c8), CONST64(0x1e376c085141ab53),
64 CONST64(0x2748774cdf8eeb99), CONST64(0x34b0bcb5e19b48a8),
65 CONST64(0x391c0cb3c5c95a63), CONST64(0x4ed8aa4ae3418acb),
66 CONST64(0x5b9cca4f7763e373), CONST64(0x682e6ff3d6b2b8a3),
67 CONST64(0x748f82ee5defb2fc), CONST64(0x78a5636f43172f60),
68 CONST64(0x84c87814a1f0ab72), CONST64(0x8cc702081a6439ec),
69 CONST64(0x90befffa23631e28), CONST64(0xa4506cebde82bde9),
70 CONST64(0xbef9a3f7b2c67915), CONST64(0xc67178f2e372532b),
71 CONST64(0xca273eceea26619c), CONST64(0xd186b8c721c0c207),
72 CONST64(0xeada7dd6cde0eb1e), CONST64(0xf57d4f7fee6ed178),
73 CONST64(0x06f067aa72176fba), CONST64(0x0a637dc5a2c898a6),
74 CONST64(0x113f9804bef90dae), CONST64(0x1b710b35131c471b),
75 CONST64(0x28db77f523047d84), CONST64(0x32caab7b40c72493),
76 CONST64(0x3c9ebe0a15c9bebc), CONST64(0x431d67c49c100d4c),
77 CONST64(0x4cc5d4becb3e42b6), CONST64(0x597f299cfc657e2a),
78 CONST64(0x5fcb6fab3ad6faec), CONST64(0x6c44198c4a475817)
79 };
80
81 /* Various logical functions */
82 #define Ch(x,y,z) (z ^ (x & (y ^ z)))
83 #define Maj(x,y,z) (((x | y) & z) | (x & y))
84 #define S(x, n) ROR64((x),(n))
85 #define R(x, n) (((x)&CONST64(0xFFFFFFFFFFFFFFFF))>>((ulong64)n))
86 #define Sigma0(x) (S(x, 28) ^ S(x, 34) ^ S(x, 39))
87 #define Sigma1(x) (S(x, 14) ^ S(x, 18) ^ S(x, 41))
88 #define Gamma0(x) (S(x, 1) ^ S(x, 8) ^ R(x, 7))
89 #define Gamma1(x) (S(x, 19) ^ S(x, 61) ^ R(x, 6))
90
91 /* compress 1024-bits */
92 #ifdef CLEAN_STACK
93 static void _sha512_compress(hash_state * md, unsigned char *buf)
94 #else
95 static void sha512_compress(hash_state * md, unsigned char *buf)
96 #endif
97 {
98 ulong64 S[8], W[80], t0, t1;
99 int i;
100
101 /* copy state into S */
102 for (i = 0; i < 8; i++) {
103 S[i] = md->sha512.state[i];
104 }
105
106 /* copy the state into 1024-bits into W[0..15] */
107 for (i = 0; i < 16; i++) {
108 LOAD64H(W[i], buf + (8*i));
109 }
110
111 /* fill W[16..79] */
112 for (i = 16; i < 80; i++) {
113 W[i] = Gamma1(W[i - 2]) + W[i - 7] + Gamma0(W[i - 15]) + W[i - 16];
114 }
115
116 /* Compress */
117 #ifdef SMALL_CODE
118 for (i = 0; i < 80; i++) {
119 t0 = S[7] + Sigma1(S[4]) + Ch(S[4], S[5], S[6]) + K[i] + W[i];
120 t1 = Sigma0(S[0]) + Maj(S[0], S[1], S[2]);
121 S[7] = S[6];
122 S[6] = S[5];
123 S[5] = S[4];
124 S[4] = S[3] + t0;
125 S[3] = S[2];
126 S[2] = S[1];
127 S[1] = S[0];
128 S[0] = t0 + t1;
129 }
130 #else
131 #define RND(a,b,c,d,e,f,g,h,i) \
132 t0 = h + Sigma1(e) + Ch(e, f, g) + K[i] + W[i]; \
133 t1 = Sigma0(a) + Maj(a, b, c); \
134 d += t0; \
135 h = t0 + t1;
136
137 for (i = 0; i < 80; i += 8) {
138 RND(S[0],S[1],S[2],S[3],S[4],S[5],S[6],S[7],i+0);
139 RND(S[7],S[0],S[1],S[2],S[3],S[4],S[5],S[6],i+1);
140 RND(S[6],S[7],S[0],S[1],S[2],S[3],S[4],S[5],i+2);
141 RND(S[5],S[6],S[7],S[0],S[1],S[2],S[3],S[4],i+3);
142 RND(S[4],S[5],S[6],S[7],S[0],S[1],S[2],S[3],i+4);
143 RND(S[3],S[4],S[5],S[6],S[7],S[0],S[1],S[2],i+5);
144 RND(S[2],S[3],S[4],S[5],S[6],S[7],S[0],S[1],i+6);
145 RND(S[1],S[2],S[3],S[4],S[5],S[6],S[7],S[0],i+7);
146 }
147 #endif
148
149
150 /* feedback */
151 for (i = 0; i < 8; i++) {
152 md->sha512.state[i] = md->sha512.state[i] + S[i];
153 }
154 }
155
156 /* compress 1024-bits */
157 #ifdef CLEAN_STACK
158 static void sha512_compress(hash_state * md, unsigned char *buf)
159 {
160 _sha512_compress(md, buf);
161 burn_stack(sizeof(ulong64) * 90 + sizeof(int));
162 }
163 #endif
164
165 /* init the sha512 state */
166 void sha512_init(hash_state * md)
167 {
168 _ARGCHK(md != NULL);
169
170 md->sha512.curlen = 0;
171 md->sha512.length = 0;
172 md->sha512.state[0] = CONST64(0x6a09e667f3bcc908);
173 md->sha512.state[1] = CONST64(0xbb67ae8584caa73b);
174 md->sha512.state[2] = CONST64(0x3c6ef372fe94f82b);
175 md->sha512.state[3] = CONST64(0xa54ff53a5f1d36f1);
176 md->sha512.state[4] = CONST64(0x510e527fade682d1);
177 md->sha512.state[5] = CONST64(0x9b05688c2b3e6c1f);
178 md->sha512.state[6] = CONST64(0x1f83d9abfb41bd6b);
179 md->sha512.state[7] = CONST64(0x5be0cd19137e2179);
180 }
181
182 HASH_PROCESS(sha512_process, sha512_compress, sha512, 128)
183
184 int sha512_done(hash_state * md, unsigned char *hash)
185 {
186 int i;
187
188 _ARGCHK(md != NULL);
189 _ARGCHK(hash != NULL);
190
191 if (md->sha512.curlen >= sizeof(md->sha512.buf)) {
192 return CRYPT_INVALID_ARG;
193 }
194
195 /* increase the length of the message */
196 md->sha512.length += md->sha512.curlen * CONST64(8);
197
198 /* append the '1' bit */
199 md->sha512.buf[md->sha512.curlen++] = (unsigned char)0x80;
200
201 /* if the length is currently above 112 bytes we append zeros
202 * then compress. Then we can fall back to padding zeros and length
203 * encoding like normal.
204 */
205 if (md->sha512.curlen > 112) {
206 while (md->sha512.curlen < 128) {
207 md->sha512.buf[md->sha512.curlen++] = (unsigned char)0;
208 }
209 sha512_compress(md, md->sha512.buf);
210 md->sha512.curlen = 0;
211 }
212
213 /* pad upto 120 bytes of zeroes
214 * note: that from 112 to 120 is the 64 MSB of the length. We assume that you won't hash
215 * > 2^64 bits of data... :-)
216 */
217 while (md->sha512.curlen < 120) {
218 md->sha512.buf[md->sha512.curlen++] = (unsigned char)0;
219 }
220
221 /* store length */
222 STORE64H(md->sha512.length, md->sha512.buf+120);
223 sha512_compress(md, md->sha512.buf);
224
225 /* copy output */
226 for (i = 0; i < 8; i++) {
227 STORE64H(md->sha512.state[i], hash+(8*i));
228 }
229 #ifdef CLEAN_STACK
230 zeromem(md, sizeof(hash_state));
231 #endif
232 return CRYPT_OK;
233 }
234
235 int sha512_test(void)
236 {
237 #ifndef LTC_TEST
238 return CRYPT_NOP;
239 #else
240 static const struct {
241 char *msg;
242 unsigned char hash[64];
243 } tests[] = {
244 { "abc",
245 { 0xdd, 0xaf, 0x35, 0xa1, 0x93, 0x61, 0x7a, 0xba,
246 0xcc, 0x41, 0x73, 0x49, 0xae, 0x20, 0x41, 0x31,
247 0x12, 0xe6, 0xfa, 0x4e, 0x89, 0xa9, 0x7e, 0xa2,
248 0x0a, 0x9e, 0xee, 0xe6, 0x4b, 0x55, 0xd3, 0x9a,
249 0x21, 0x92, 0x99, 0x2a, 0x27, 0x4f, 0xc1, 0xa8,
250 0x36, 0xba, 0x3c, 0x23, 0xa3, 0xfe, 0xeb, 0xbd,
251 0x45, 0x4d, 0x44, 0x23, 0x64, 0x3c, 0xe8, 0x0e,
252 0x2a, 0x9a, 0xc9, 0x4f, 0xa5, 0x4c, 0xa4, 0x9f }
253 },
254 { "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu",
255 { 0x8e, 0x95, 0x9b, 0x75, 0xda, 0xe3, 0x13, 0xda,
256 0x8c, 0xf4, 0xf7, 0x28, 0x14, 0xfc, 0x14, 0x3f,
257 0x8f, 0x77, 0x79, 0xc6, 0xeb, 0x9f, 0x7f, 0xa1,
258 0x72, 0x99, 0xae, 0xad, 0xb6, 0x88, 0x90, 0x18,
259 0x50, 0x1d, 0x28, 0x9e, 0x49, 0x00, 0xf7, 0xe4,
260 0x33, 0x1b, 0x99, 0xde, 0xc4, 0xb5, 0x43, 0x3a,
261 0xc7, 0xd3, 0x29, 0xee, 0xb6, 0xdd, 0x26, 0x54,
262 0x5e, 0x96, 0xe5, 0x5b, 0x87, 0x4b, 0xe9, 0x09 }
263 },
264 };
265
266 int i;
267 unsigned char tmp[64];
268 hash_state md;
269
270 for (i = 0; i < (int)(sizeof(tests) / sizeof(tests[0])); i++) {
271 sha512_init(&md);
272 sha512_process(&md, (unsigned char *)tests[i].msg, (unsigned long)strlen(tests[i].msg));
273 sha512_done(&md, tmp);
274 if (memcmp(tmp, tests[i].hash, 64) != 0) {
275 return CRYPT_FAIL_TESTVECTOR;
276 }
277 }
278 return CRYPT_OK;
279 #endif
280 }
281
282 #ifdef SHA384
283 #include "sha384.c"
284 #endif
285
286 #endif
287
288
289