Line data Source code
1 : /************************* sha384-512.c ************************/
2 : /***************** See RFC 6234 for details. *******************/
3 : /* Copyright (c) 2011 IETF Trust and the persons identified as */
4 : /* authors of the code. All rights reserved. */
5 : /* See sha.h for terms of use and redistribution. */
6 :
7 : /*
8 : * Description:
9 : * This file implements the Secure Hash Algorithms SHA-384 and
10 : * SHA-512 as defined in the U.S. National Institute of Standards
11 : * and Technology Federal Information Processing Standards
12 : * Publication (FIPS PUB) 180-3 published in October 2008
13 : * and formerly defined in its predecessors, FIPS PUB 180-1
14 : * and FIP PUB 180-2.
15 : *
16 : * A combined document showing all algorithms is available at
17 : * http://csrc.nist.gov/publications/fips/
18 : * fips180-3/fips180-3_final.pdf
19 : *
20 : * The SHA-384 and SHA-512 algorithms produce 384-bit and 512-bit
21 : * message digests for a given data stream. It should take about
22 : * 2**n steps to find a message with the same digest as a given
23 : * message and 2**(n/2) to find any two messages with the same
24 : * digest, when n is the digest size in bits. Therefore, this
25 : * algorithm can serve as a means of providing a
26 : * "fingerprint" for a message.
27 : *
28 : * Portability Issues:
29 : * SHA-384 and SHA-512 are defined in terms of 64-bit "words",
30 : * but if USE_32BIT_ONLY is #defined, this code is implemented in
31 : * terms of 32-bit "words". This code uses <stdint.h> (included
32 : * via "sha.h") to define the 64-, 32- and 8-bit unsigned integer
33 : * types. If your C compiler does not support 64-bit unsigned
34 : * integers and you do not #define USE_32BIT_ONLY, this code is
35 : * not appropriate.
36 : *
37 : * Caveats:
38 : * SHA-384 and SHA-512 are designed to work with messages less
39 : * than 2^128 bits long. This implementation uses SHA384/512Input()
40 : * to hash the bits that are a multiple of the size of an 8-bit
41 : * octet, and then optionally uses SHA384/256FinalBits()
42 : * to hash the final few bits of the input.
43 : *
44 : */
45 :
46 : #include "sha.h"
47 :
48 : #ifdef USE_32BIT_ONLY
49 : /*
50 : * Define 64-bit arithmetic in terms of 32-bit arithmetic.
51 : * Each 64-bit number is represented in a 2-word array.
52 : * All macros are defined such that the result is the last parameter.
53 : */
54 :
55 : /*
56 : * Define shift, rotate left, and rotate right functions
57 : */
58 : #define SHA512_SHR(bits, word, ret) ( \
59 : /* (((uint64_t)((word))) >> (bits)) */ \
60 : (ret)[0] = (((bits) < 32) && ((bits) >= 0)) ? \
61 : ((word)[0] >> (bits)) : 0, \
62 : (ret)[1] = ((bits) > 32) ? ((word)[0] >> ((bits) - 32)) : \
63 : ((bits) == 32) ? (word)[0] : \
64 : ((bits) >= 0) ? \
65 : (((word)[0] << (32 - (bits))) | \
66 : ((word)[1] >> (bits))) : 0 )
67 :
68 : #define SHA512_SHL(bits, word, ret) ( \
69 : /* (((uint64_t)(word)) << (bits)) */ \
70 : (ret)[0] = ((bits) > 32) ? ((word)[1] << ((bits) - 32)) : \
71 : ((bits) == 32) ? (word)[1] : \
72 : ((bits) >= 0) ? \
73 : (((word)[0] << (bits)) | \
74 : ((word)[1] >> (32 - (bits)))) : \
75 : 0, \
76 : (ret)[1] = (((bits) < 32) && ((bits) >= 0)) ? \
77 : ((word)[1] << (bits)) : 0 )
78 :
79 : /*
80 : * Define 64-bit OR
81 : */
82 : #define SHA512_OR(word1, word2, ret) ( \
83 : (ret)[0] = (word1)[0] | (word2)[0], \
84 : (ret)[1] = (word1)[1] | (word2)[1] )
85 :
86 : /*
87 : * Define 64-bit XOR
88 : */
89 : #define SHA512_XOR(word1, word2, ret) ( \
90 : (ret)[0] = (word1)[0] ^ (word2)[0], \
91 : (ret)[1] = (word1)[1] ^ (word2)[1] )
92 :
93 : /*
94 : * Define 64-bit AND
95 : */
96 : #define SHA512_AND(word1, word2, ret) ( \
97 : (ret)[0] = (word1)[0] & (word2)[0], \
98 : (ret)[1] = (word1)[1] & (word2)[1] )
99 :
100 : /*
101 : * Define 64-bit TILDA
102 : */
103 : #define SHA512_TILDA(word, ret) \
104 : ( (ret)[0] = ~(word)[0], (ret)[1] = ~(word)[1] )
105 :
106 : /*
107 : * Define 64-bit ADD
108 : */
109 : #define SHA512_ADD(word1, word2, ret) ( \
110 : (ret)[1] = (word1)[1], (ret)[1] += (word2)[1], \
111 : (ret)[0] = (word1)[0] + (word2)[0] + ((ret)[1] < (word1)[1]) )
112 :
113 : /*
114 : * Add the 4word value in word2 to word1.
115 : */
116 : #define SHA512_ADDTO4(word1, word2) ( \
117 : ADDTO4_temp = (word1)[3], \
118 : (word1)[3] += (word2)[3], \
119 : ADDTO4_temp2 = (word1)[2], \
120 : (word1)[2] += (word2)[2] + ((word1)[3] < ADDTO4_temp), \
121 : ADDTO4_temp = (word1)[1], \
122 : (word1)[1] += (word2)[1] + ((word1)[2] < ADDTO4_temp2), \
123 : (word1)[0] += (word2)[0] + ((word1)[1] < ADDTO4_temp) )
124 :
125 : /*
126 : * Add the 2word value in word2 to word1.
127 : */
128 : #define SHA512_ADDTO2(word1, word2) ( \
129 : ADDTO2_temp = (word1)[1], \
130 : (word1)[1] += (word2)[1], \
131 : (word1)[0] += (word2)[0] + ((word1)[1] < ADDTO2_temp) )
132 :
133 : /*
134 : * SHA rotate ((word >> bits) | (word << (64-bits)))
135 : */
136 : #define SHA512_ROTR(bits, word, ret) ( \
137 : SHA512_SHR((bits), (word), ROTR_temp1), \
138 : SHA512_SHL(64-(bits), (word), ROTR_temp2), \
139 : SHA512_OR(ROTR_temp1, ROTR_temp2, (ret)) )
140 :
141 : /*
142 : * Define the SHA SIGMA and sigma macros
143 : *
144 : * SHA512_ROTR(28,word) ^ SHA512_ROTR(34,word) ^ SHA512_ROTR(39,word)
145 : */
146 : #define SHA512_SIGMA0(word, ret) ( \
147 : SHA512_ROTR(28, (word), SIGMA0_temp1), \
148 : SHA512_ROTR(34, (word), SIGMA0_temp2), \
149 : SHA512_ROTR(39, (word), SIGMA0_temp3), \
150 : SHA512_XOR(SIGMA0_temp2, SIGMA0_temp3, SIGMA0_temp4), \
151 : SHA512_XOR(SIGMA0_temp1, SIGMA0_temp4, (ret)) )
152 :
153 : /*
154 : * SHA512_ROTR(14,word) ^ SHA512_ROTR(18,word) ^ SHA512_ROTR(41,word)
155 : */
156 : #define SHA512_SIGMA1(word, ret) ( \
157 : SHA512_ROTR(14, (word), SIGMA1_temp1), \
158 : SHA512_ROTR(18, (word), SIGMA1_temp2), \
159 : SHA512_ROTR(41, (word), SIGMA1_temp3), \
160 : SHA512_XOR(SIGMA1_temp2, SIGMA1_temp3, SIGMA1_temp4), \
161 : SHA512_XOR(SIGMA1_temp1, SIGMA1_temp4, (ret)) )
162 :
163 : /*
164 : * (SHA512_ROTR( 1,word) ^ SHA512_ROTR( 8,word) ^ SHA512_SHR( 7,word))
165 : */
166 : #define SHA512_sigma0(word, ret) ( \
167 : SHA512_ROTR( 1, (word), sigma0_temp1), \
168 : SHA512_ROTR( 8, (word), sigma0_temp2), \
169 : SHA512_SHR( 7, (word), sigma0_temp3), \
170 : SHA512_XOR(sigma0_temp2, sigma0_temp3, sigma0_temp4), \
171 : SHA512_XOR(sigma0_temp1, sigma0_temp4, (ret)) )
172 :
173 : /*
174 : * (SHA512_ROTR(19,word) ^ SHA512_ROTR(61,word) ^ SHA512_SHR( 6,word))
175 : */
176 : #define SHA512_sigma1(word, ret) ( \
177 : SHA512_ROTR(19, (word), sigma1_temp1), \
178 : SHA512_ROTR(61, (word), sigma1_temp2), \
179 : SHA512_SHR( 6, (word), sigma1_temp3), \
180 : SHA512_XOR(sigma1_temp2, sigma1_temp3, sigma1_temp4), \
181 : SHA512_XOR(sigma1_temp1, sigma1_temp4, (ret)) )
182 :
183 : #ifndef USE_MODIFIED_MACROS
184 : /*
185 : * These definitions are the ones used in FIPS 180-3, section 4.1.3
186 : * Ch(x,y,z) ((x & y) ^ (~x & z))
187 : */
188 : #define SHA_Ch(x, y, z, ret) ( \
189 : SHA512_AND(x, y, Ch_temp1), \
190 : SHA512_TILDA(x, Ch_temp2), \
191 : SHA512_AND(Ch_temp2, z, Ch_temp3), \
192 : SHA512_XOR(Ch_temp1, Ch_temp3, (ret)) )
193 :
194 : /*
195 : * Maj(x,y,z) (((x)&(y)) ^ ((x)&(z)) ^ ((y)&(z)))
196 : */
197 : #define SHA_Maj(x, y, z, ret) ( \
198 : SHA512_AND(x, y, Maj_temp1), \
199 : SHA512_AND(x, z, Maj_temp2), \
200 : SHA512_AND(y, z, Maj_temp3), \
201 : SHA512_XOR(Maj_temp2, Maj_temp3, Maj_temp4), \
202 : SHA512_XOR(Maj_temp1, Maj_temp4, (ret)) )
203 : #else /* !USE_MODIFIED_MACROS */
204 : /*
205 : * These definitions are potentially faster equivalents for the ones
206 : * used in FIPS 180-3, section 4.1.3.
207 : * ((x & y) ^ (~x & z)) becomes
208 : * ((x & (y ^ z)) ^ z)
209 : */
210 : #define SHA_Ch(x, y, z, ret) ( \
211 : (ret)[0] = (((x)[0] & ((y)[0] ^ (z)[0])) ^ (z)[0]), \
212 : (ret)[1] = (((x)[1] & ((y)[1] ^ (z)[1])) ^ (z)[1]) )
213 :
214 : /*
215 : * ((x & y) ^ (x & z) ^ (y & z)) becomes
216 : * ((x & (y | z)) | (y & z))
217 : */
218 : #define SHA_Maj(x, y, z, ret) ( \
219 : ret[0] = (((x)[0] & ((y)[0] | (z)[0])) | ((y)[0] & (z)[0])), \
220 : ret[1] = (((x)[1] & ((y)[1] | (z)[1])) | ((y)[1] & (z)[1])) )
221 : #endif /* USE_MODIFIED_MACROS */
222 :
223 : /*
224 : * Add "length" to the length.
225 : * Set Corrupted when overflow has occurred.
226 : */
227 : #define SHA384_512AddLength(context, length) ( \
228 : addTemp[3] = (length), SHA512_ADDTO4((context)->Length, addTemp), \
229 : (context)->Corrupted = (((context)->Length[3] < (length)) && \
230 : ((context)->Length[2] == 0) && ((context)->Length[1] == 0) && \
231 : ((context)->Length[0] == 0)) ? shaInputTooLong : \
232 : (context)->Corrupted )
233 :
234 : /* Local Function Prototypes */
235 : static int SHA384_512Reset(SHA512Context *context,
236 : uint32_t H0[SHA512HashSize/4]);
237 : static void SHA384_512ProcessMessageBlock(SHA512Context *context);
238 : static void SHA384_512Finalize(SHA512Context *context,
239 : uint8_t Pad_Byte);
240 : static void SHA384_512PadMessage(SHA512Context *context,
241 : uint8_t Pad_Byte);
242 : static int SHA384_512ResultN( SHA512Context *context,
243 : uint8_t Message_Digest[ ], int HashSize);
244 :
245 : /* Initial Hash Values: FIPS 180-3 sections 5.3.4 and 5.3.5 */
246 : static uint32_t SHA384_H0[SHA512HashSize/4] = {
247 : 0xCBBB9D5D, 0xC1059ED8, 0x629A292A, 0x367CD507, 0x9159015A,
248 : 0x3070DD17, 0x152FECD8, 0xF70E5939, 0x67332667, 0xFFC00B31,
249 : 0x8EB44A87, 0x68581511, 0xDB0C2E0D, 0x64F98FA7, 0x47B5481D,
250 : 0xBEFA4FA4
251 : };
252 : static uint32_t SHA512_H0[SHA512HashSize/4] = {
253 : 0x6A09E667, 0xF3BCC908, 0xBB67AE85, 0x84CAA73B, 0x3C6EF372,
254 : 0xFE94F82B, 0xA54FF53A, 0x5F1D36F1, 0x510E527F, 0xADE682D1,
255 : 0x9B05688C, 0x2B3E6C1F, 0x1F83D9AB, 0xFB41BD6B, 0x5BE0CD19,
256 : 0x137E2179
257 : };
258 :
259 : #else /* !USE_32BIT_ONLY */
260 :
261 : #include "sha-private.h"
262 :
263 : /* Define the SHA shift, rotate left and rotate right macros */
264 : #define SHA512_SHR(bits,word) (((uint64_t)(word)) >> (bits))
265 : #define SHA512_ROTR(bits,word) ((((uint64_t)(word)) >> (bits)) | \
266 : (((uint64_t)(word)) << (64-(bits))))
267 :
268 : /*
269 : * Define the SHA SIGMA and sigma macros
270 : *
271 : * SHA512_ROTR(28,word) ^ SHA512_ROTR(34,word) ^ SHA512_ROTR(39,word)
272 : */
273 : #define SHA512_SIGMA0(word) \
274 : (SHA512_ROTR(28,word) ^ SHA512_ROTR(34,word) ^ SHA512_ROTR(39,word))
275 : #define SHA512_SIGMA1(word) \
276 : (SHA512_ROTR(14,word) ^ SHA512_ROTR(18,word) ^ SHA512_ROTR(41,word))
277 : #define SHA512_sigma0(word) \
278 : (SHA512_ROTR( 1,word) ^ SHA512_ROTR( 8,word) ^ SHA512_SHR( 7,word))
279 : #define SHA512_sigma1(word) \
280 : (SHA512_ROTR(19,word) ^ SHA512_ROTR(61,word) ^ SHA512_SHR( 6,word))
281 :
282 : /*
283 : * Add "length" to the length.
284 : * Set Corrupted when overflow has occurred.
285 : */
286 : #define SHA384_512AddLength(context, length) \
287 : (addTemp = context->Length_Low, context->Corrupted = \
288 : ((context->Length_Low += length) < addTemp) && \
289 : (++context->Length_High == 0) ? shaInputTooLong : \
290 : (context)->Corrupted)
291 :
292 : /* Local Function Prototypes */
293 : static int SHA384_512Reset(SHA512Context *context,
294 : uint64_t H0[SHA512HashSize/8]);
295 : static void SHA384_512ProcessMessageBlock(SHA512Context *context);
296 : static void SHA384_512Finalize(SHA512Context *context,
297 : uint8_t Pad_Byte);
298 : static void SHA384_512PadMessage(SHA512Context *context,
299 : uint8_t Pad_Byte);
300 : static int SHA384_512ResultN(SHA512Context *context,
301 : uint8_t Message_Digest[ ], int HashSize);
302 :
303 : /* Initial Hash Values: FIPS 180-3 sections 5.3.4 and 5.3.5 */
304 : static uint64_t SHA384_H0[ ] = {
305 : 0xCBBB9D5DC1059ED8ll, 0x629A292A367CD507ll, 0x9159015A3070DD17ll,
306 : 0x152FECD8F70E5939ll, 0x67332667FFC00B31ll, 0x8EB44A8768581511ll,
307 : 0xDB0C2E0D64F98FA7ll, 0x47B5481DBEFA4FA4ll
308 : };
309 : static uint64_t SHA512_H0[ ] = {
310 : 0x6A09E667F3BCC908ll, 0xBB67AE8584CAA73Bll, 0x3C6EF372FE94F82Bll,
311 : 0xA54FF53A5F1D36F1ll, 0x510E527FADE682D1ll, 0x9B05688C2B3E6C1Fll,
312 : 0x1F83D9ABFB41BD6Bll, 0x5BE0CD19137E2179ll
313 : };
314 :
315 : #endif /* USE_32BIT_ONLY */
316 :
317 : /*
318 : * SHA384Reset
319 : *
320 : * Description:
321 : * This function will initialize the SHA384Context in preparation
322 : * for computing a new SHA384 message digest.
323 : *
324 : * Parameters:
325 : * context: [in/out]
326 : * The context to reset.
327 : *
328 : * Returns:
329 : * sha Error Code.
330 : *
331 : */
332 1 : int SHA384Reset(SHA384Context *context)
333 : {
334 1 : return SHA384_512Reset(context, SHA384_H0);
335 : }
336 :
337 : /*
338 : * SHA384Input
339 : *
340 : * Description:
341 : * This function accepts an array of octets as the next portion
342 : * of the message.
343 : *
344 : * Parameters:
345 : * context: [in/out]
346 : * The SHA context to update.
347 : * message_array[ ]: [in]
348 : * An array of octets representing the next portion of
349 : * the message.
350 : * length: [in]
351 : * The length of the message in message_array.
352 : *
353 : * Returns:
354 : * sha Error Code.
355 : *
356 : */
357 1 : int SHA384Input(SHA384Context *context,
358 : const uint8_t *message_array, unsigned int length)
359 : {
360 1 : return SHA512Input(context, message_array, length);
361 : }
362 :
363 : /*
364 : * SHA384FinalBits
365 : *
366 : * Description:
367 : * This function will add in any final bits of the message.
368 : *
369 : * Parameters:
370 : * context: [in/out]
371 : * The SHA context to update.
372 : * message_bits: [in]
373 : * The final bits of the message, in the upper portion of the
374 : * byte. (Use 0b###00000 instead of 0b00000### to input the
375 : * three bits ###.)
376 : * length: [in]
377 : * The number of bits in message_bits, between 1 and 7.
378 : *
379 : * Returns:
380 : * sha Error Code.
381 : *
382 : */
383 0 : int SHA384FinalBits(SHA384Context *context,
384 : uint8_t message_bits, unsigned int length)
385 : {
386 0 : return SHA512FinalBits(context, message_bits, length);
387 : }
388 :
389 : /*
390 : * SHA384Result
391 : *
392 : * Description:
393 : * This function will return the 384-bit message digest
394 : * into the Message_Digest array provided by the caller.
395 : * NOTE:
396 : * The first octet of hash is stored in the element with index 0,
397 : * the last octet of hash in the element with index 47.
398 : *
399 : * Parameters:
400 : * context: [in/out]
401 : * The context to use to calculate the SHA hash.
402 : * Message_Digest[ ]: [out]
403 : * Where the digest is returned.
404 : *
405 : * Returns:
406 : * sha Error Code.
407 : *
408 : */
409 1 : int SHA384Result(SHA384Context *context,
410 : uint8_t Message_Digest[SHA384HashSize])
411 : {
412 1 : return SHA384_512ResultN(context, Message_Digest, SHA384HashSize);
413 : }
414 :
415 : /*
416 : * SHA512Reset
417 : *
418 : * Description:
419 : * This function will initialize the SHA512Context in preparation
420 : * for computing a new SHA512 message digest.
421 : *
422 : * Parameters:
423 : * context: [in/out]
424 : * The context to reset.
425 : *
426 : * Returns:
427 : * sha Error Code.
428 : *
429 : */
430 713 : int SHA512Reset(SHA512Context *context)
431 : {
432 713 : return SHA384_512Reset(context, SHA512_H0);
433 : }
434 :
435 : /*
436 : * SHA512Input
437 : *
438 : * Description:
439 : * This function accepts an array of octets as the next portion
440 : * of the message.
441 : *
442 : * Parameters:
443 : * context: [in/out]
444 : * The SHA context to update.
445 : * message_array[ ]: [in]
446 : * An array of octets representing the next portion of
447 : * the message.
448 : * length: [in]
449 : * The length of the message in message_array.
450 : *
451 : * Returns:
452 : * sha Error Code.
453 : *
454 : */
455 896 : int SHA512Input(SHA512Context *context,
456 : const uint8_t *message_array,
457 : unsigned int length)
458 : {
459 896 : if (!context) return shaNull;
460 896 : if (!length) return shaSuccess;
461 896 : if (!message_array) return shaNull;
462 896 : if (context->Computed) return context->Corrupted = shaStateError;
463 896 : if (context->Corrupted) return context->Corrupted;
464 :
465 29533 : while (length--) {
466 28637 : context->Message_Block[context->Message_Block_Index++] =
467 28637 : *message_array;
468 :
469 :
470 : #ifndef USE_32BIT_ONLY
471 28637 : uint64_t addTemp;
472 : #else
473 : uint32_t addTemp[4] = { 0, 0, 0, 0 };
474 : uint32_t ADDTO4_temp, ADDTO4_temp2;
475 : #endif
476 28637 : if ((SHA384_512AddLength(context, 8) == shaSuccess) &&
477 : (context->Message_Block_Index == SHA512_Message_Block_Size))
478 182 : SHA384_512ProcessMessageBlock(context);
479 :
480 28637 : message_array++;
481 : }
482 :
483 896 : return context->Corrupted;
484 : }
485 :
486 : /*
487 : * SHA512FinalBits
488 : *
489 : * Description:
490 : * This function will add in any final bits of the message.
491 : *
492 : * Parameters:
493 : * context: [in/out]
494 : * The SHA context to update.
495 : * message_bits: [in]
496 : * The final bits of the message, in the upper portion of the
497 : * byte. (Use 0b###00000 instead of 0b00000### to input the
498 : * three bits ###.)
499 : * length: [in]
500 : * The number of bits in message_bits, between 1 and 7.
501 : *
502 : * Returns:
503 : * sha Error Code.
504 : *
505 : */
506 0 : int SHA512FinalBits(SHA512Context *context,
507 : uint8_t message_bits, unsigned int length)
508 : {
509 0 : static uint8_t masks[8] = {
510 : /* 0 0b00000000 */ 0x00, /* 1 0b10000000 */ 0x80,
511 : /* 2 0b11000000 */ 0xC0, /* 3 0b11100000 */ 0xE0,
512 : /* 4 0b11110000 */ 0xF0, /* 5 0b11111000 */ 0xF8,
513 : /* 6 0b11111100 */ 0xFC, /* 7 0b11111110 */ 0xFE
514 : };
515 0 : static uint8_t markbit[8] = {
516 : /* 0 0b10000000 */ 0x80, /* 1 0b01000000 */ 0x40,
517 : /* 2 0b00100000 */ 0x20, /* 3 0b00010000 */ 0x10,
518 : /* 4 0b00001000 */ 0x08, /* 5 0b00000100 */ 0x04,
519 : /* 6 0b00000010 */ 0x02, /* 7 0b00000001 */ 0x01
520 : };
521 :
522 0 : if (!context) return shaNull;
523 0 : if (!length) return shaSuccess;
524 0 : if (context->Corrupted) return context->Corrupted;
525 0 : if (context->Computed) return context->Corrupted = shaStateError;
526 0 : if (length >= 8) return context->Corrupted = shaBadParam;
527 :
528 : #ifndef USE_32BIT_ONLY
529 0 : uint64_t addTemp;
530 : #else
531 : uint32_t addTemp[4] = { 0, 0, 0, 0 };
532 : uint32_t ADDTO4_temp, ADDTO4_temp2;
533 : #endif
534 :
535 0 : SHA384_512AddLength(context, length);
536 0 : SHA384_512Finalize(context, (uint8_t)
537 0 : ((message_bits & masks[length]) | markbit[length]));
538 :
539 0 : return context->Corrupted;
540 : }
541 :
542 : /*
543 : * SHA512Result
544 : *
545 : * Description:
546 : * This function will return the 512-bit message digest
547 : * into the Message_Digest array provided by the caller.
548 : * NOTE:
549 : * The first octet of hash is stored in the element with index 0,
550 : * the last octet of hash in the element with index 63.
551 : *
552 : * Parameters:
553 : * context: [in/out]
554 : * The context to use to calculate the SHA hash.
555 : * Message_Digest[ ]: [out]
556 : * Where the digest is returned.
557 : *
558 : * Returns:
559 : * sha Error Code.
560 : *
561 : */
562 713 : int SHA512Result(SHA512Context *context,
563 : uint8_t Message_Digest[SHA512HashSize])
564 : {
565 713 : return SHA384_512ResultN(context, Message_Digest, SHA512HashSize);
566 : }
567 :
568 : /*
569 : * SHA384_512Reset
570 : *
571 : * Description:
572 : * This helper function will initialize the SHA512Context in
573 : * preparation for computing a new SHA384 or SHA512 message
574 : * digest.
575 : *
576 : * Parameters:
577 : * context: [in/out]
578 : * The context to reset.
579 : * H0[ ]: [in]
580 : * The initial hash value array to use.
581 : *
582 : * Returns:
583 : * sha Error Code.
584 : *
585 : */
586 : #ifdef USE_32BIT_ONLY
587 : static int SHA384_512Reset(SHA512Context *context,
588 : uint32_t H0[SHA512HashSize/4])
589 : #else /* !USE_32BIT_ONLY */
590 714 : static int SHA384_512Reset(SHA512Context *context,
591 : uint64_t H0[SHA512HashSize/8])
592 : #endif /* USE_32BIT_ONLY */
593 : {
594 714 : int i;
595 714 : if (!context) return shaNull;
596 :
597 714 : context->Message_Block_Index = 0;
598 :
599 : #ifdef USE_32BIT_ONLY
600 : context->Length[0] = context->Length[1] =
601 : context->Length[2] = context->Length[3] = 0;
602 :
603 : for (i = 0; i < SHA512HashSize/4; i++)
604 : context->Intermediate_Hash[i] = H0[i];
605 : #else /* !USE_32BIT_ONLY */
606 714 : context->Length_High = context->Length_Low = 0;
607 :
608 6426 : for (i = 0; i < SHA512HashSize/8; i++)
609 5712 : context->Intermediate_Hash[i] = H0[i];
610 : #endif /* USE_32BIT_ONLY */
611 :
612 714 : context->Computed = 0;
613 714 : context->Corrupted = shaSuccess;
614 :
615 714 : return shaSuccess;
616 : }
617 :
618 : /*
619 : * SHA384_512ProcessMessageBlock
620 : *
621 : * Description:
622 : * This helper function will process the next 1024 bits of the
623 : * message stored in the Message_Block array.
624 : *
625 : * Parameters:
626 : * context: [in/out]
627 : * The SHA context to update.
628 : *
629 : * Returns:
630 : * Nothing.
631 : *
632 : * Comments:
633 : * Many of the variable names in this code, especially the
634 : * single character names, were used because those were the
635 : * names used in the Secure Hash Standard.
636 : *
637 : *
638 : */
639 896 : static void SHA384_512ProcessMessageBlock(SHA512Context *context)
640 : {
641 : #ifdef USE_32BIT_ONLY
642 : /* Constants defined in FIPS 180-3, section 4.2.3 */
643 : static const uint32_t K[80*2] = {
644 : 0x428A2F98, 0xD728AE22, 0x71374491, 0x23EF65CD, 0xB5C0FBCF,
645 : 0xEC4D3B2F, 0xE9B5DBA5, 0x8189DBBC, 0x3956C25B, 0xF348B538,
646 : 0x59F111F1, 0xB605D019, 0x923F82A4, 0xAF194F9B, 0xAB1C5ED5,
647 : 0xDA6D8118, 0xD807AA98, 0xA3030242, 0x12835B01, 0x45706FBE,
648 : 0x243185BE, 0x4EE4B28C, 0x550C7DC3, 0xD5FFB4E2, 0x72BE5D74,
649 : 0xF27B896F, 0x80DEB1FE, 0x3B1696B1, 0x9BDC06A7, 0x25C71235,
650 : 0xC19BF174, 0xCF692694, 0xE49B69C1, 0x9EF14AD2, 0xEFBE4786,
651 : 0x384F25E3, 0x0FC19DC6, 0x8B8CD5B5, 0x240CA1CC, 0x77AC9C65,
652 : 0x2DE92C6F, 0x592B0275, 0x4A7484AA, 0x6EA6E483, 0x5CB0A9DC,
653 : 0xBD41FBD4, 0x76F988DA, 0x831153B5, 0x983E5152, 0xEE66DFAB,
654 : 0xA831C66D, 0x2DB43210, 0xB00327C8, 0x98FB213F, 0xBF597FC7,
655 : 0xBEEF0EE4, 0xC6E00BF3, 0x3DA88FC2, 0xD5A79147, 0x930AA725,
656 : 0x06CA6351, 0xE003826F, 0x14292967, 0x0A0E6E70, 0x27B70A85,
657 : 0x46D22FFC, 0x2E1B2138, 0x5C26C926, 0x4D2C6DFC, 0x5AC42AED,
658 : 0x53380D13, 0x9D95B3DF, 0x650A7354, 0x8BAF63DE, 0x766A0ABB,
659 : 0x3C77B2A8, 0x81C2C92E, 0x47EDAEE6, 0x92722C85, 0x1482353B,
660 : 0xA2BFE8A1, 0x4CF10364, 0xA81A664B, 0xBC423001, 0xC24B8B70,
661 : 0xD0F89791, 0xC76C51A3, 0x0654BE30, 0xD192E819, 0xD6EF5218,
662 : 0xD6990624, 0x5565A910, 0xF40E3585, 0x5771202A, 0x106AA070,
663 : 0x32BBD1B8, 0x19A4C116, 0xB8D2D0C8, 0x1E376C08, 0x5141AB53,
664 : 0x2748774C, 0xDF8EEB99, 0x34B0BCB5, 0xE19B48A8, 0x391C0CB3,
665 : 0xC5C95A63, 0x4ED8AA4A, 0xE3418ACB, 0x5B9CCA4F, 0x7763E373,
666 : 0x682E6FF3, 0xD6B2B8A3, 0x748F82EE, 0x5DEFB2FC, 0x78A5636F,
667 : 0x43172F60, 0x84C87814, 0xA1F0AB72, 0x8CC70208, 0x1A6439EC,
668 : 0x90BEFFFA, 0x23631E28, 0xA4506CEB, 0xDE82BDE9, 0xBEF9A3F7,
669 : 0xB2C67915, 0xC67178F2, 0xE372532B, 0xCA273ECE, 0xEA26619C,
670 : 0xD186B8C7, 0x21C0C207, 0xEADA7DD6, 0xCDE0EB1E, 0xF57D4F7F,
671 : 0xEE6ED178, 0x06F067AA, 0x72176FBA, 0x0A637DC5, 0xA2C898A6,
672 : 0x113F9804, 0xBEF90DAE, 0x1B710B35, 0x131C471B, 0x28DB77F5,
673 : 0x23047D84, 0x32CAAB7B, 0x40C72493, 0x3C9EBE0A, 0x15C9BEBC,
674 : 0x431D67C4, 0x9C100D4C, 0x4CC5D4BE, 0xCB3E42B6, 0x597F299C,
675 : 0xFC657E2A, 0x5FCB6FAB, 0x3AD6FAEC, 0x6C44198C, 0x4A475817
676 : };
677 : int t, t2, t8; /* Loop counter */
678 : uint32_t temp1[2], temp2[2], /* Temporary word values */
679 : temp3[2], temp4[2], temp5[2];
680 : uint32_t W[2*80]; /* Word sequence */
681 : uint32_t A[2], B[2], C[2], D[2], /* Word buffers */
682 : E[2], F[2], G[2], H[2];
683 :
684 : /* Initialize the first 16 words in the array W */
685 : for (t = t2 = t8 = 0; t < 16; t++, t8 += 8) {
686 : W[t2++] = ((((uint32_t)context->Message_Block[t8 ])) << 24) |
687 : ((((uint32_t)context->Message_Block[t8 + 1])) << 16) |
688 : ((((uint32_t)context->Message_Block[t8 + 2])) << 8) |
689 : ((((uint32_t)context->Message_Block[t8 + 3])));
690 : W[t2++] = ((((uint32_t)context->Message_Block[t8 + 4])) << 24) |
691 : ((((uint32_t)context->Message_Block[t8 + 5])) << 16) |
692 : ((((uint32_t)context->Message_Block[t8 + 6])) << 8) |
693 : ((((uint32_t)context->Message_Block[t8 + 7])));
694 : }
695 :
696 : for (t = 16; t < 80; t++, t2 += 2) {
697 : /* W[t] = SHA512_sigma1(W[t-2]) + W[t-7] +
698 : SHA512_sigma0(W[t-15]) + W[t-16]; */
699 : uint32_t *Wt2 = &W[t2-2*2];
700 : uint32_t *Wt7 = &W[t2-7*2];
701 : uint32_t *Wt15 = &W[t2-15*2];
702 : uint32_t *Wt16 = &W[t2-16*2];
703 : uint32_t sigma1_temp1[2], sigma1_temp2[2], sigma1_temp3[2], sigma1_temp4[2];
704 : uint32_t ROTR_temp1[2], ROTR_temp2[2];
705 : SHA512_sigma1(Wt2, temp1);
706 : SHA512_ADD(temp1, Wt7, temp2);
707 :
708 : uint32_t sigma0_temp1[2], sigma0_temp2[2], sigma0_temp3[2], sigma0_temp4[2];
709 : SHA512_sigma0(Wt15, temp1);
710 : SHA512_ADD(temp1, Wt16, temp3);
711 : SHA512_ADD(temp2, temp3, &W[t2]);
712 : }
713 :
714 : A[0] = context->Intermediate_Hash[0];
715 : A[1] = context->Intermediate_Hash[1];
716 : B[0] = context->Intermediate_Hash[2];
717 : B[1] = context->Intermediate_Hash[3];
718 : C[0] = context->Intermediate_Hash[4];
719 : C[1] = context->Intermediate_Hash[5];
720 : D[0] = context->Intermediate_Hash[6];
721 : D[1] = context->Intermediate_Hash[7];
722 : E[0] = context->Intermediate_Hash[8];
723 : E[1] = context->Intermediate_Hash[9];
724 : F[0] = context->Intermediate_Hash[10];
725 : F[1] = context->Intermediate_Hash[11];
726 : G[0] = context->Intermediate_Hash[12];
727 : G[1] = context->Intermediate_Hash[13];
728 : H[0] = context->Intermediate_Hash[14];
729 : H[1] = context->Intermediate_Hash[15];
730 :
731 : for (t = t2 = 0; t < 80; t++, t2 += 2) {
732 : /*
733 : * temp1 = H + SHA512_SIGMA1(E) + SHA_Ch(E,F,G) + K[t] + W[t];
734 : */
735 :
736 : uint32_t ROTR_temp1[2], ROTR_temp2[2];
737 :
738 : uint32_t SIGMA1_temp1[2], SIGMA1_temp2[2], SIGMA1_temp3[2], SIGMA1_temp4[2];
739 : SHA512_SIGMA1(E,temp1);
740 : SHA512_ADD(H, temp1, temp2);
741 : uint32_t Ch_temp1[2], Ch_temp2[2], Ch_temp3[2];
742 : SHA_Ch(E,F,G,temp3);
743 : SHA512_ADD(temp2, temp3, temp4);
744 : SHA512_ADD(&K[t2], &W[t2], temp5);
745 : SHA512_ADD(temp4, temp5, temp1);
746 : /*
747 : * temp2 = SHA512_SIGMA0(A) + SHA_Maj(A,B,C);
748 : */
749 : uint32_t SIGMA0_temp1[2], SIGMA0_temp2[2], SIGMA0_temp3[2], SIGMA0_temp4[2];
750 : SHA512_SIGMA0(A,temp3);
751 : uint32_t Maj_temp1[2], Maj_temp2[2], Maj_temp3[2], Maj_temp4[2];
752 : SHA_Maj(A,B,C,temp4);
753 : SHA512_ADD(temp3, temp4, temp2);
754 : H[0] = G[0]; H[1] = G[1];
755 : G[0] = F[0]; G[1] = F[1];
756 : F[0] = E[0]; F[1] = E[1];
757 : SHA512_ADD(D, temp1, E);
758 : D[0] = C[0]; D[1] = C[1];
759 : C[0] = B[0]; C[1] = B[1];
760 : B[0] = A[0]; B[1] = A[1];
761 : SHA512_ADD(temp1, temp2, A);
762 : }
763 :
764 : uint32_t ADDTO2_temp;
765 : SHA512_ADDTO2(&context->Intermediate_Hash[0], A);
766 : SHA512_ADDTO2(&context->Intermediate_Hash[2], B);
767 : SHA512_ADDTO2(&context->Intermediate_Hash[4], C);
768 : SHA512_ADDTO2(&context->Intermediate_Hash[6], D);
769 : SHA512_ADDTO2(&context->Intermediate_Hash[8], E);
770 : SHA512_ADDTO2(&context->Intermediate_Hash[10], F);
771 : SHA512_ADDTO2(&context->Intermediate_Hash[12], G);
772 : SHA512_ADDTO2(&context->Intermediate_Hash[14], H);
773 :
774 : #else /* !USE_32BIT_ONLY */
775 : /* Constants defined in FIPS 180-3, section 4.2.3 */
776 896 : static const uint64_t K[80] = {
777 : 0x428A2F98D728AE22ll, 0x7137449123EF65CDll, 0xB5C0FBCFEC4D3B2Fll,
778 : 0xE9B5DBA58189DBBCll, 0x3956C25BF348B538ll, 0x59F111F1B605D019ll,
779 : 0x923F82A4AF194F9Bll, 0xAB1C5ED5DA6D8118ll, 0xD807AA98A3030242ll,
780 : 0x12835B0145706FBEll, 0x243185BE4EE4B28Cll, 0x550C7DC3D5FFB4E2ll,
781 : 0x72BE5D74F27B896Fll, 0x80DEB1FE3B1696B1ll, 0x9BDC06A725C71235ll,
782 : 0xC19BF174CF692694ll, 0xE49B69C19EF14AD2ll, 0xEFBE4786384F25E3ll,
783 : 0x0FC19DC68B8CD5B5ll, 0x240CA1CC77AC9C65ll, 0x2DE92C6F592B0275ll,
784 : 0x4A7484AA6EA6E483ll, 0x5CB0A9DCBD41FBD4ll, 0x76F988DA831153B5ll,
785 : 0x983E5152EE66DFABll, 0xA831C66D2DB43210ll, 0xB00327C898FB213Fll,
786 : 0xBF597FC7BEEF0EE4ll, 0xC6E00BF33DA88FC2ll, 0xD5A79147930AA725ll,
787 : 0x06CA6351E003826Fll, 0x142929670A0E6E70ll, 0x27B70A8546D22FFCll,
788 : 0x2E1B21385C26C926ll, 0x4D2C6DFC5AC42AEDll, 0x53380D139D95B3DFll,
789 : 0x650A73548BAF63DEll, 0x766A0ABB3C77B2A8ll, 0x81C2C92E47EDAEE6ll,
790 : 0x92722C851482353Bll, 0xA2BFE8A14CF10364ll, 0xA81A664BBC423001ll,
791 : 0xC24B8B70D0F89791ll, 0xC76C51A30654BE30ll, 0xD192E819D6EF5218ll,
792 : 0xD69906245565A910ll, 0xF40E35855771202All, 0x106AA07032BBD1B8ll,
793 : 0x19A4C116B8D2D0C8ll, 0x1E376C085141AB53ll, 0x2748774CDF8EEB99ll,
794 : 0x34B0BCB5E19B48A8ll, 0x391C0CB3C5C95A63ll, 0x4ED8AA4AE3418ACBll,
795 : 0x5B9CCA4F7763E373ll, 0x682E6FF3D6B2B8A3ll, 0x748F82EE5DEFB2FCll,
796 : 0x78A5636F43172F60ll, 0x84C87814A1F0AB72ll, 0x8CC702081A6439ECll,
797 : 0x90BEFFFA23631E28ll, 0xA4506CEBDE82BDE9ll, 0xBEF9A3F7B2C67915ll,
798 : 0xC67178F2E372532Bll, 0xCA273ECEEA26619Cll, 0xD186B8C721C0C207ll,
799 : 0xEADA7DD6CDE0EB1Ell, 0xF57D4F7FEE6ED178ll, 0x06F067AA72176FBAll,
800 : 0x0A637DC5A2C898A6ll, 0x113F9804BEF90DAEll, 0x1B710B35131C471Bll,
801 : 0x28DB77F523047D84ll, 0x32CAAB7B40C72493ll, 0x3C9EBE0A15C9BEBCll,
802 : 0x431D67C49C100D4Cll, 0x4CC5D4BECB3E42B6ll, 0x597F299CFC657E2All,
803 : 0x5FCB6FAB3AD6FAECll, 0x6C44198C4A475817ll
804 : };
805 896 : int t, t8; /* Loop counter */
806 896 : uint64_t temp1, temp2; /* Temporary word value */
807 896 : uint64_t W[80]; /* Word sequence */
808 896 : uint64_t A, B, C, D, E, F, G, H; /* Word buffers */
809 :
810 : /*
811 : * Initialize the first 16 words in the array W
812 : */
813 15232 : for (t = t8 = 0; t < 16; t++, t8 += 8)
814 14336 : W[t] = ((uint64_t)(context->Message_Block[t8 ]) << 56) |
815 14336 : ((uint64_t)(context->Message_Block[t8 + 1]) << 48) |
816 14336 : ((uint64_t)(context->Message_Block[t8 + 2]) << 40) |
817 14336 : ((uint64_t)(context->Message_Block[t8 + 3]) << 32) |
818 14336 : ((uint64_t)(context->Message_Block[t8 + 4]) << 24) |
819 14336 : ((uint64_t)(context->Message_Block[t8 + 5]) << 16) |
820 14336 : ((uint64_t)(context->Message_Block[t8 + 6]) << 8) |
821 14336 : ((uint64_t)(context->Message_Block[t8 + 7]));
822 :
823 58240 : for (t = 16; t < 80; t++)
824 57344 : W[t] = SHA512_sigma1(W[t-2]) + W[t-7] +
825 57344 : SHA512_sigma0(W[t-15]) + W[t-16];
826 896 : A = context->Intermediate_Hash[0];
827 896 : B = context->Intermediate_Hash[1];
828 896 : C = context->Intermediate_Hash[2];
829 896 : D = context->Intermediate_Hash[3];
830 896 : E = context->Intermediate_Hash[4];
831 896 : F = context->Intermediate_Hash[5];
832 896 : G = context->Intermediate_Hash[6];
833 896 : H = context->Intermediate_Hash[7];
834 :
835 72576 : for (t = 0; t < 80; t++) {
836 71680 : temp1 = H + SHA512_SIGMA1(E) + SHA_Ch(E,F,G) + K[t] + W[t];
837 71680 : temp2 = SHA512_SIGMA0(A) + SHA_Maj(A,B,C);
838 71680 : H = G;
839 71680 : G = F;
840 71680 : F = E;
841 71680 : E = D + temp1;
842 71680 : D = C;
843 71680 : C = B;
844 71680 : B = A;
845 71680 : A = temp1 + temp2;
846 : }
847 :
848 896 : context->Intermediate_Hash[0] += A;
849 896 : context->Intermediate_Hash[1] += B;
850 896 : context->Intermediate_Hash[2] += C;
851 896 : context->Intermediate_Hash[3] += D;
852 896 : context->Intermediate_Hash[4] += E;
853 896 : context->Intermediate_Hash[5] += F;
854 896 : context->Intermediate_Hash[6] += G;
855 896 : context->Intermediate_Hash[7] += H;
856 : #endif /* USE_32BIT_ONLY */
857 :
858 896 : context->Message_Block_Index = 0;
859 896 : }
860 :
861 : /*
862 : * SHA384_512Finalize
863 : *
864 : * Description:
865 : * This helper function finishes off the digest calculations.
866 : *
867 : * Parameters:
868 : * context: [in/out]
869 : * The SHA context to update.
870 : * Pad_Byte: [in]
871 : * The last byte to add to the message block before the 0-padding
872 : * and length. This will contain the last bits of the message
873 : * followed by another single bit. If the message was an
874 : * exact multiple of 8-bits long, Pad_Byte will be 0x80.
875 : *
876 : * Returns:
877 : * sha Error Code.
878 : *
879 : */
880 714 : static void SHA384_512Finalize(SHA512Context *context,
881 : uint8_t Pad_Byte)
882 : {
883 714 : int_least16_t i;
884 714 : SHA384_512PadMessage(context, Pad_Byte);
885 : /* message may be sensitive, clear it out */
886 92820 : for (i = 0; i < SHA512_Message_Block_Size; ++i)
887 91392 : context->Message_Block[i] = 0;
888 : #ifdef USE_32BIT_ONLY /* and clear length */
889 : context->Length[0] = context->Length[1] = 0;
890 : context->Length[2] = context->Length[3] = 0;
891 : #else /* !USE_32BIT_ONLY */
892 714 : context->Length_High = context->Length_Low = 0;
893 : #endif /* USE_32BIT_ONLY */
894 714 : context->Computed = 1;
895 714 : }
896 :
897 : /*
898 : * SHA384_512PadMessage
899 : *
900 : * Description:
901 : * According to the standard, the message must be padded to the next
902 : * even multiple of 1024 bits. The first padding bit must be a '1'.
903 : * The last 128 bits represent the length of the original message.
904 : * All bits in between should be 0. This helper function will
905 : * pad the message according to those rules by filling the
906 : * Message_Block array accordingly. When it returns, it can be
907 : * assumed that the message digest has been computed.
908 : *
909 : * Parameters:
910 : * context: [in/out]
911 : * The context to pad.
912 : * Pad_Byte: [in]
913 : * The last byte to add to the message block before the 0-padding
914 : * and length. This will contain the last bits of the message
915 : * followed by another single bit. If the message was an
916 : * exact multiple of 8-bits long, Pad_Byte will be 0x80.
917 : *
918 : * Returns:
919 : * Nothing.
920 : *
921 : */
922 714 : static void SHA384_512PadMessage(SHA512Context *context,
923 : uint8_t Pad_Byte)
924 : {
925 : /*
926 : * Check to see if the current message block is too small to hold
927 : * the initial padding bits and length. If so, we will pad the
928 : * block, process it, and then continue padding into a second
929 : * block.
930 : */
931 714 : if (context->Message_Block_Index >= (SHA512_Message_Block_Size-16)) {
932 0 : context->Message_Block[context->Message_Block_Index++] = Pad_Byte;
933 0 : while (context->Message_Block_Index < SHA512_Message_Block_Size)
934 0 : context->Message_Block[context->Message_Block_Index++] = 0;
935 :
936 0 : SHA384_512ProcessMessageBlock(context);
937 : } else
938 714 : context->Message_Block[context->Message_Block_Index++] = Pad_Byte;
939 :
940 74627 : while (context->Message_Block_Index < (SHA512_Message_Block_Size-16))
941 73913 : context->Message_Block[context->Message_Block_Index++] = 0;
942 :
943 : /*
944 : * Store the message length as the last 16 octets
945 : */
946 : #ifdef USE_32BIT_ONLY
947 : context->Message_Block[112] = (uint8_t)(context->Length[0] >> 24);
948 : context->Message_Block[113] = (uint8_t)(context->Length[0] >> 16);
949 : context->Message_Block[114] = (uint8_t)(context->Length[0] >> 8);
950 : context->Message_Block[115] = (uint8_t)(context->Length[0]);
951 : context->Message_Block[116] = (uint8_t)(context->Length[1] >> 24);
952 : context->Message_Block[117] = (uint8_t)(context->Length[1] >> 16);
953 : context->Message_Block[118] = (uint8_t)(context->Length[1] >> 8);
954 : context->Message_Block[119] = (uint8_t)(context->Length[1]);
955 :
956 : context->Message_Block[120] = (uint8_t)(context->Length[2] >> 24);
957 : context->Message_Block[121] = (uint8_t)(context->Length[2] >> 16);
958 : context->Message_Block[122] = (uint8_t)(context->Length[2] >> 8);
959 : context->Message_Block[123] = (uint8_t)(context->Length[2]);
960 : context->Message_Block[124] = (uint8_t)(context->Length[3] >> 24);
961 : context->Message_Block[125] = (uint8_t)(context->Length[3] >> 16);
962 : context->Message_Block[126] = (uint8_t)(context->Length[3] >> 8);
963 : context->Message_Block[127] = (uint8_t)(context->Length[3]);
964 : #else /* !USE_32BIT_ONLY */
965 714 : context->Message_Block[112] = (uint8_t)(context->Length_High >> 56);
966 714 : context->Message_Block[113] = (uint8_t)(context->Length_High >> 48);
967 714 : context->Message_Block[114] = (uint8_t)(context->Length_High >> 40);
968 714 : context->Message_Block[115] = (uint8_t)(context->Length_High >> 32);
969 714 : context->Message_Block[116] = (uint8_t)(context->Length_High >> 24);
970 714 : context->Message_Block[117] = (uint8_t)(context->Length_High >> 16);
971 714 : context->Message_Block[118] = (uint8_t)(context->Length_High >> 8);
972 714 : context->Message_Block[119] = (uint8_t)(context->Length_High);
973 :
974 714 : context->Message_Block[120] = (uint8_t)(context->Length_Low >> 56);
975 714 : context->Message_Block[121] = (uint8_t)(context->Length_Low >> 48);
976 714 : context->Message_Block[122] = (uint8_t)(context->Length_Low >> 40);
977 714 : context->Message_Block[123] = (uint8_t)(context->Length_Low >> 32);
978 714 : context->Message_Block[124] = (uint8_t)(context->Length_Low >> 24);
979 714 : context->Message_Block[125] = (uint8_t)(context->Length_Low >> 16);
980 714 : context->Message_Block[126] = (uint8_t)(context->Length_Low >> 8);
981 714 : context->Message_Block[127] = (uint8_t)(context->Length_Low);
982 : #endif /* USE_32BIT_ONLY */
983 :
984 714 : SHA384_512ProcessMessageBlock(context);
985 714 : }
986 :
987 : /*
988 : * SHA384_512ResultN
989 : *
990 : * Description:
991 : * This helper function will return the 384-bit or 512-bit message
992 : * digest into the Message_Digest array provided by the caller.
993 : * NOTE:
994 : * The first octet of hash is stored in the element with index 0,
995 : * the last octet of hash in the element with index 47/63.
996 : *
997 : * Parameters:
998 : * context: [in/out]
999 : * The context to use to calculate the SHA hash.
1000 : * Message_Digest[ ]: [out]
1001 : * Where the digest is returned.
1002 : * HashSize: [in]
1003 : * The size of the hash, either 48 or 64.
1004 : *
1005 : * Returns:
1006 : * sha Error Code.
1007 : *
1008 : */
1009 714 : static int SHA384_512ResultN(SHA512Context *context,
1010 : uint8_t Message_Digest[ ], int HashSize)
1011 : {
1012 714 : int i;
1013 : #ifdef USE_32BIT_ONLY
1014 : int i2;
1015 : #endif /* USE_32BIT_ONLY */
1016 :
1017 714 : if (!context) return shaNull;
1018 714 : if (!Message_Digest) return shaNull;
1019 714 : if (context->Corrupted) return context->Corrupted;
1020 :
1021 714 : if (!context->Computed)
1022 714 : SHA384_512Finalize(context, 0x80);
1023 :
1024 : #ifdef USE_32BIT_ONLY
1025 : for (i = i2 = 0; i < HashSize; ) {
1026 : Message_Digest[i++]=(uint8_t)(context->Intermediate_Hash[i2]>>24);
1027 : Message_Digest[i++]=(uint8_t)(context->Intermediate_Hash[i2]>>16);
1028 : Message_Digest[i++]=(uint8_t)(context->Intermediate_Hash[i2]>>8);
1029 : Message_Digest[i++]=(uint8_t)(context->Intermediate_Hash[i2++]);
1030 : Message_Digest[i++]=(uint8_t)(context->Intermediate_Hash[i2]>>24);
1031 : Message_Digest[i++]=(uint8_t)(context->Intermediate_Hash[i2]>>16);
1032 : Message_Digest[i++]=(uint8_t)(context->Intermediate_Hash[i2]>>8);
1033 : Message_Digest[i++]=(uint8_t)(context->Intermediate_Hash[i2++]);
1034 : }
1035 : #else /* !USE_32BIT_ONLY */
1036 46394 : for (i = 0; i < HashSize; ++i)
1037 45680 : Message_Digest[i] = (uint8_t)
1038 45680 : (context->Intermediate_Hash[i>>3] >> 8 * ( 7 - ( i % 8 ) ));
1039 : #endif /* USE_32BIT_ONLY */
1040 :
1041 : return shaSuccess;
1042 : }
|
