sha512.c source code [glibc/crypt/sha512.c]

1	/ Functions to compute SHA512 message digest of files or memory blocks.*
2	according to the definition of SHA512 in FIPS 180-2.
3	Copyright (C) 2007-2022 Free Software Foundation, Inc.
4	This file is part of the GNU C Library.
5
6	The GNU C Library is free software; you can redistribute it and/or
7	modify it under the terms of the GNU Lesser General Public
8	License as published by the Free Software Foundation; either
9	version 2.1 of the License, or (at your option) any later version.
10
11	The GNU C Library is distributed in the hope that it will be useful,
12	but WITHOUT ANY WARRANTY; without even the implied warranty of
13	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14	Lesser General Public License for more details.
15
16	You should have received a copy of the GNU Lesser General Public
17	License along with the GNU C Library; if not, see
18	<https://www.gnu.org/licenses/>. /*
19
20
21	#ifdef HAVE_CONFIG_H
22	# include <config.h>
23	#endif
24
25	#include <endian.h>
26	#include <stdlib.h>
27	#include <string.h>
28	#include <stdint.h>
29	#include <sys/types.h>
30
31	#include "sha512.h"
32
33	#if __BYTE_ORDER == __LITTLE_ENDIAN
34	# ifdef _LIBC
35	# include <byteswap.h>
36	# define SWAP(n) bswap_64 (n)
37	# else
38	# define SWAP(n) \
39	(((n) << 56) \
40	\| (((n) & 0xff00) << 40) \
41	\| (((n) & 0xff0000) << 24) \
42	\| (((n) & 0xff000000) << 8) \
43	\| (((n) >> 8) & 0xff000000) \
44	\| (((n) >> 24) & 0xff0000) \
45	\| (((n) >> 40) & 0xff00) \
46	\| ((n) >> 56))
47	# endif
48	#else
49	# define SWAP(n) (n)
50	#endif
51
52
53	/ This array contains the bytes used to pad the buffer to the next*
54	64-byte boundary. (FIPS 180-2:5.1.2) /*
55	static const unsigned char fillbuf[`128`] = { `0x80`, `0` / , 0, 0, ... / };
56
57
58	/ Constants for SHA512 from FIPS 180-2:4.2.3. /
59	static const uint64_t K[`80`] =
60	{
61	UINT64_C (`0x428a2f98d728ae22`), UINT64_C (`0x7137449123ef65cd`),
62	UINT64_C (`0xb5c0fbcfec4d3b2f`), UINT64_C (`0xe9b5dba58189dbbc`),
63	UINT64_C (`0x3956c25bf348b538`), UINT64_C (`0x59f111f1b605d019`),
64	UINT64_C (`0x923f82a4af194f9b`), UINT64_C (`0xab1c5ed5da6d8118`),
65	UINT64_C (`0xd807aa98a3030242`), UINT64_C (`0x12835b0145706fbe`),
66	UINT64_C (`0x243185be4ee4b28c`), UINT64_C (`0x550c7dc3d5ffb4e2`),
67	UINT64_C (`0x72be5d74f27b896f`), UINT64_C (`0x80deb1fe3b1696b1`),
68	UINT64_C (`0x9bdc06a725c71235`), UINT64_C (`0xc19bf174cf692694`),
69	UINT64_C (`0xe49b69c19ef14ad2`), UINT64_C (`0xefbe4786384f25e3`),
70	UINT64_C (`0x0fc19dc68b8cd5b5`), UINT64_C (`0x240ca1cc77ac9c65`),
71	UINT64_C (`0x2de92c6f592b0275`), UINT64_C (`0x4a7484aa6ea6e483`),
72	UINT64_C (`0x5cb0a9dcbd41fbd4`), UINT64_C (`0x76f988da831153b5`),
73	UINT64_C (`0x983e5152ee66dfab`), UINT64_C (`0xa831c66d2db43210`),
74	UINT64_C (`0xb00327c898fb213f`), UINT64_C (`0xbf597fc7beef0ee4`),
75	UINT64_C (`0xc6e00bf33da88fc2`), UINT64_C (`0xd5a79147930aa725`),
76	UINT64_C (`0x06ca6351e003826f`), UINT64_C (`0x142929670a0e6e70`),
77	UINT64_C (`0x27b70a8546d22ffc`), UINT64_C (`0x2e1b21385c26c926`),
78	UINT64_C (`0x4d2c6dfc5ac42aed`), UINT64_C (`0x53380d139d95b3df`),
79	UINT64_C (`0x650a73548baf63de`), UINT64_C (`0x766a0abb3c77b2a8`),
80	UINT64_C (`0x81c2c92e47edaee6`), UINT64_C (`0x92722c851482353b`),
81	UINT64_C (`0xa2bfe8a14cf10364`), UINT64_C (`0xa81a664bbc423001`),
82	UINT64_C (`0xc24b8b70d0f89791`), UINT64_C (`0xc76c51a30654be30`),
83	UINT64_C (`0xd192e819d6ef5218`), UINT64_C (`0xd69906245565a910`),
84	UINT64_C (`0xf40e35855771202a`), UINT64_C (`0x106aa07032bbd1b8`),
85	UINT64_C (`0x19a4c116b8d2d0c8`), UINT64_C (`0x1e376c085141ab53`),
86	UINT64_C (`0x2748774cdf8eeb99`), UINT64_C (`0x34b0bcb5e19b48a8`),
87	UINT64_C (`0x391c0cb3c5c95a63`), UINT64_C (`0x4ed8aa4ae3418acb`),
88	UINT64_C (`0x5b9cca4f7763e373`), UINT64_C (`0x682e6ff3d6b2b8a3`),
89	UINT64_C (`0x748f82ee5defb2fc`), UINT64_C (`0x78a5636f43172f60`),
90	UINT64_C (`0x84c87814a1f0ab72`), UINT64_C (`0x8cc702081a6439ec`),
91	UINT64_C (`0x90befffa23631e28`), UINT64_C (`0xa4506cebde82bde9`),
92	UINT64_C (`0xbef9a3f7b2c67915`), UINT64_C (`0xc67178f2e372532b`),
93	UINT64_C (`0xca273eceea26619c`), UINT64_C (`0xd186b8c721c0c207`),
94	UINT64_C (`0xeada7dd6cde0eb1e`), UINT64_C (`0xf57d4f7fee6ed178`),
95	UINT64_C (`0x06f067aa72176fba`), UINT64_C (`0x0a637dc5a2c898a6`),
96	UINT64_C (`0x113f9804bef90dae`), UINT64_C (`0x1b710b35131c471b`),
97	UINT64_C (`0x28db77f523047d84`), UINT64_C (`0x32caab7b40c72493`),
98	UINT64_C (`0x3c9ebe0a15c9bebc`), UINT64_C (`0x431d67c49c100d4c`),
99	UINT64_C (`0x4cc5d4becb3e42b6`), UINT64_C (`0x597f299cfc657e2a`),
100	UINT64_C (`0x5fcb6fab3ad6faec`), UINT64_C (`0x6c44198c4a475817`)
101	};
102
103	void __sha512_process_block (const void *buffer, size_t len,
104	struct sha512_ctx *ctx);
105
106	/ Initialize structure containing state of computation.*
107	(FIPS 180-2:5.3.3) /*
108	void
109	__sha512_init_ctx (struct sha512_ctx *ctx)
110	{
111	ctx->H[`0`] = UINT64_C (`0x6a09e667f3bcc908`);
112	ctx->H[`1`] = UINT64_C (`0xbb67ae8584caa73b`);
113	ctx->H[`2`] = UINT64_C (`0x3c6ef372fe94f82b`);
114	ctx->H[`3`] = UINT64_C (`0xa54ff53a5f1d36f1`);
115	ctx->H[`4`] = UINT64_C (`0x510e527fade682d1`);
116	ctx->H[`5`] = UINT64_C (`0x9b05688c2b3e6c1f`);
117	ctx->H[`6`] = UINT64_C (`0x1f83d9abfb41bd6b`);
118	ctx->H[`7`] = UINT64_C (`0x5be0cd19137e2179`);
119
120	ctx->total[`0`] = ctx->total[`1`] = `0`;
121	ctx->buflen = `0`;
122	}
123
124
125	/ Process the remaining bytes in the internal buffer and the usual*
126	prolog according to the standard and write the result to RESBUF.
127
128	IMPORTANT: On some systems it is required that RESBUF is correctly
129	aligned for a 32 bits value. /*
130	void *
131	__sha512_finish_ctx (struct sha512_ctx ctx, void* *resbuf)
132	{
133	/ Take yet unprocessed bytes into account. /
134	uint64_t bytes = ctx->buflen;
135	size_t pad;
136
137	/ Now count remaining bytes. /
138	#ifdef USE_TOTAL128
139	ctx->total128 += bytes;
140	#else
141	ctx->total[TOTAL128_low] += bytes;
142	if (ctx->total[TOTAL128_low] < bytes)
143	++ctx->total[TOTAL128_high];
144	#endif
145
146	pad = bytes >= `112` ? `128` + `112` - bytes : `112` - bytes;
147	memcpy (dest: &ctx->buffer[bytes], src: fillbuf, n: pad);
148
149	/ Put the 128-bit file length in bits at the end of the buffer. /
150	ctx->buffer64[(bytes + pad + `8`) / `8`] = SWAP (ctx->total[TOTAL128_low] << `3`);
151	ctx->buffer64[(bytes + pad) / `8`] = SWAP ((ctx->total[TOTAL128_high] << `3`)
152	\| (ctx->total[TOTAL128_low] >> `61`));
153
154	/ Process last bytes. /
155	__sha512_process_block (buffer: ctx->buffer, len: bytes + pad + `16`, ctx);
156
157	/ Put result from CTX in first 64 bytes following RESBUF. /
158	for (unsigned int i = `0`; i < `8`; ++i)
159	((uint64_t *) resbuf)[i] = SWAP (ctx->H[i]);
160
161	return resbuf;
162	}
163
164
165	void
166	__sha512_process_bytes (const void buffer, size_t len, struct* sha512_ctx *ctx)
167	{
168	/ When we already have some bits in our internal buffer concatenate*
169	both inputs first. /*
170	if (ctx->buflen != `0`)
171	{
172	size_t left_over = ctx->buflen;
173	size_t add = `256` - left_over > len ? len : `256` - left_over;
174
175	memcpy (dest: &ctx->buffer[left_over], src: buffer, n: add);
176	ctx->buflen += add;
177
178	if (ctx->buflen > `128`)
179	{
180	__sha512_process_block (buffer: ctx->buffer, len: ctx->buflen & ~`127`, ctx);
181
182	ctx->buflen &= `127`;
183	/ The regions in the following copy operation cannot overlap. /
184	memcpy (dest: ctx->buffer, src: &ctx->buffer[(left_over + add) & ~`127`],
185	n: ctx->buflen);
186	}
187
188	buffer = (const char *) buffer + add;
189	len -= add;
190	}
191
192	/ Process available complete blocks. /
193	if (len >= `128`)
194	{
195	#if !_STRING_ARCH_unaligned
196	/ To check alignment gcc has an appropriate operator. Other*
197	compilers don't. /*
198	# if __GNUC__ >= 2
199	# define UNALIGNED_P(p) (((uintptr_t) p) % __alignof__ (uint64_t) != 0)
200	# else
201	# define UNALIGNED_P(p) (((uintptr_t) p) % sizeof (uint64_t) != 0)
202	# endif
203	if (UNALIGNED_P (buffer))
204	while (len > `128`)
205	{
206	__sha512_process_block (memcpy (ctx->buffer, buffer, `128`), `128`,
207	ctx);
208	buffer = (const char *) buffer + `128`;
209	len -= `128`;
210	}
211	else
212	#endif
213	{
214	__sha512_process_block (buffer, len: len & ~`127`, ctx);
215	buffer = (const char *) buffer + (len & ~`127`);
216	len &= `127`;
217	}
218	}
219
220	/ Move remaining bytes into internal buffer. /
221	if (len > `0`)
222	{
223	size_t left_over = ctx->buflen;
224
225	memcpy (dest: &ctx->buffer[left_over], src: buffer, n: len);
226	left_over += len;
227	if (left_over >= `128`)
228	{
229	__sha512_process_block (buffer: ctx->buffer, len: `128`, ctx);
230	left_over -= `128`;
231	memcpy (dest: ctx->buffer, src: &ctx->buffer[`128`], n: left_over);
232	}
233	ctx->buflen = left_over;
234	}
235	}
236
237	#include <sha512-block.c>
238

source code of glibc/crypt/sha512.c