LCOV - code coverage report
Current view: top level - src - sha512.c (source / functions) Coverage Total Hit
Test: coverage.info Lines: 0.0 % 74 0
Test Date: 2024-08-20 10:03:45 Functions: 0.0 % 5 0

            Line data    Source code
       1              : /*
       2              :  * Code originally from LibTomCrypt -- Licensed under the Public Domain/WTFPL2.0
       3              :  */
       4              : 
       5              : #include "sha512.h"
       6              : #include "sha.h"
       7              : 
       8              : /* the K array */
       9              : static const uint64_t K[80] = {
      10              :     CONST64(0x428a2f98d728ae22), CONST64(0x7137449123ef65cd),
      11              :     CONST64(0xb5c0fbcfec4d3b2f), CONST64(0xe9b5dba58189dbbc),
      12              :     CONST64(0x3956c25bf348b538), CONST64(0x59f111f1b605d019),
      13              :     CONST64(0x923f82a4af194f9b), CONST64(0xab1c5ed5da6d8118),
      14              :     CONST64(0xd807aa98a3030242), CONST64(0x12835b0145706fbe),
      15              :     CONST64(0x243185be4ee4b28c), CONST64(0x550c7dc3d5ffb4e2),
      16              :     CONST64(0x72be5d74f27b896f), CONST64(0x80deb1fe3b1696b1),
      17              :     CONST64(0x9bdc06a725c71235), CONST64(0xc19bf174cf692694),
      18              :     CONST64(0xe49b69c19ef14ad2), CONST64(0xefbe4786384f25e3),
      19              :     CONST64(0x0fc19dc68b8cd5b5), CONST64(0x240ca1cc77ac9c65),
      20              :     CONST64(0x2de92c6f592b0275), CONST64(0x4a7484aa6ea6e483),
      21              :     CONST64(0x5cb0a9dcbd41fbd4), CONST64(0x76f988da831153b5),
      22              :     CONST64(0x983e5152ee66dfab), CONST64(0xa831c66d2db43210),
      23              :     CONST64(0xb00327c898fb213f), CONST64(0xbf597fc7beef0ee4),
      24              :     CONST64(0xc6e00bf33da88fc2), CONST64(0xd5a79147930aa725),
      25              :     CONST64(0x06ca6351e003826f), CONST64(0x142929670a0e6e70),
      26              :     CONST64(0x27b70a8546d22ffc), CONST64(0x2e1b21385c26c926),
      27              :     CONST64(0x4d2c6dfc5ac42aed), CONST64(0x53380d139d95b3df),
      28              :     CONST64(0x650a73548baf63de), CONST64(0x766a0abb3c77b2a8),
      29              :     CONST64(0x81c2c92e47edaee6), CONST64(0x92722c851482353b),
      30              :     CONST64(0xa2bfe8a14cf10364), CONST64(0xa81a664bbc423001),
      31              :     CONST64(0xc24b8b70d0f89791), CONST64(0xc76c51a30654be30),
      32              :     CONST64(0xd192e819d6ef5218), CONST64(0xd69906245565a910),
      33              :     CONST64(0xf40e35855771202a), CONST64(0x106aa07032bbd1b8),
      34              :     CONST64(0x19a4c116b8d2d0c8), CONST64(0x1e376c085141ab53),
      35              :     CONST64(0x2748774cdf8eeb99), CONST64(0x34b0bcb5e19b48a8),
      36              :     CONST64(0x391c0cb3c5c95a63), CONST64(0x4ed8aa4ae3418acb),
      37              :     CONST64(0x5b9cca4f7763e373), CONST64(0x682e6ff3d6b2b8a3),
      38              :     CONST64(0x748f82ee5defb2fc), CONST64(0x78a5636f43172f60),
      39              :     CONST64(0x84c87814a1f0ab72), CONST64(0x8cc702081a6439ec),
      40              :     CONST64(0x90befffa23631e28), CONST64(0xa4506cebde82bde9),
      41              :     CONST64(0xbef9a3f7b2c67915), CONST64(0xc67178f2e372532b),
      42              :     CONST64(0xca273eceea26619c), CONST64(0xd186b8c721c0c207),
      43              :     CONST64(0xeada7dd6cde0eb1e), CONST64(0xf57d4f7fee6ed178),
      44              :     CONST64(0x06f067aa72176fba), CONST64(0x0a637dc5a2c898a6),
      45              :     CONST64(0x113f9804bef90dae), CONST64(0x1b710b35131c471b),
      46              :     CONST64(0x28db77f523047d84), CONST64(0x32caab7b40c72493),
      47              :     CONST64(0x3c9ebe0a15c9bebc), CONST64(0x431d67c49c100d4c),
      48              :     CONST64(0x4cc5d4becb3e42b6), CONST64(0x597f299cfc657e2a),
      49              :     CONST64(0x5fcb6fab3ad6faec), CONST64(0x6c44198c4a475817)};
      50              : 
      51              : /* Various logical functions */
      52              : #define Ch(x, y, z) (z ^ (x & (y ^ z)))
      53              : #define Maj(x, y, z) (((x | y) & z) | (x & y))
      54              : #define S(x, n) ROR64c(x, n)
      55              : #define R(x, n) (((x)&CONST64(0xFFFFFFFFFFFFFFFF)) >> ((uint64_t)n))
      56              : #define Sigma0(x) (S(x, 28) ^ S(x, 34) ^ S(x, 39))
      57              : #define Sigma1(x) (S(x, 14) ^ S(x, 18) ^ S(x, 41))
      58              : #define Gamma0(x) (S(x, 1) ^ S(x, 8) ^ R(x, 7))
      59              : #define Gamma1(x) (S(x, 19) ^ S(x, 61) ^ R(x, 6))
      60              : 
      61              : /* compress 1024-bits */
      62            0 : static void sha512_compress(sha512_context *md, const uint8_t *buf)
      63              : {
      64            0 :     uint64_t S[8], W[80], t0, t1;
      65            0 :     int i;
      66              : 
      67              :     /* copy state into S */
      68            0 :     for (i = 0; i < 8; i++) {
      69            0 :         S[i] = md->state[i];
      70              :     }
      71              : 
      72              :     /* copy the state into 1024-bits into W[0..15] */
      73            0 :     for (i = 0; i < 16; i++) {
      74            0 :         LOAD64H(W[i], buf + (8 * i));
      75              :     }
      76              : 
      77              :     /* fill W[16..79] */
      78            0 :     for (i = 16; i < 80; i++) {
      79            0 :         W[i] = Gamma1(W[i - 2]) + W[i - 7] + Gamma0(W[i - 15]) + W[i - 16];
      80              :     }
      81              : 
      82              :     /* Compress */
      83              : #define RND(a, b, c, d, e, f, g, h, i)              \
      84              :     t0 = h + Sigma1(e) + Ch(e, f, g) + K[i] + W[i]; \
      85              :     t1 = Sigma0(a) + Maj(a, b, c);                  \
      86              :     d += t0;                                        \
      87              :     h = t0 + t1;
      88              : 
      89            0 :     for (i = 0; i < 80; i += 8) {
      90            0 :         RND(S[0], S[1], S[2], S[3], S[4], S[5], S[6], S[7], i + 0);
      91            0 :         RND(S[7], S[0], S[1], S[2], S[3], S[4], S[5], S[6], i + 1);
      92            0 :         RND(S[6], S[7], S[0], S[1], S[2], S[3], S[4], S[5], i + 2);
      93            0 :         RND(S[5], S[6], S[7], S[0], S[1], S[2], S[3], S[4], i + 3);
      94            0 :         RND(S[4], S[5], S[6], S[7], S[0], S[1], S[2], S[3], i + 4);
      95            0 :         RND(S[3], S[4], S[5], S[6], S[7], S[0], S[1], S[2], i + 5);
      96            0 :         RND(S[2], S[3], S[4], S[5], S[6], S[7], S[0], S[1], i + 6);
      97            0 :         RND(S[1], S[2], S[3], S[4], S[5], S[6], S[7], S[0], i + 7);
      98              :     }
      99              : 
     100              :     /* feedback */
     101            0 :     for (i = 0; i < 8; i++) {
     102            0 :         md->state[i] = md->state[i] + S[i];
     103              :     }
     104            0 : }
     105              : 
     106            0 : void sha512_init(sha512_context *md)
     107              : {
     108            0 :     md->curlen = 0;
     109            0 :     md->length = 0;
     110            0 :     md->state[0] = CONST64(0x6a09e667f3bcc908);
     111            0 :     md->state[1] = CONST64(0xbb67ae8584caa73b);
     112            0 :     md->state[2] = CONST64(0x3c6ef372fe94f82b);
     113            0 :     md->state[3] = CONST64(0xa54ff53a5f1d36f1);
     114            0 :     md->state[4] = CONST64(0x510e527fade682d1);
     115            0 :     md->state[5] = CONST64(0x9b05688c2b3e6c1f);
     116            0 :     md->state[6] = CONST64(0x1f83d9abfb41bd6b);
     117            0 :     md->state[7] = CONST64(0x5be0cd19137e2179);
     118            0 : }
     119              : 
     120            0 : void sha512_process(sha512_context *md, const uint8_t *in, size_t inlen)
     121              : {
     122            0 :     size_t n;
     123            0 :     if (md->curlen > sizeof(md->buf)) {
     124              :         return;
     125              :     }
     126            0 :     if ((md->length + inlen) < md->length) {
     127              :         return;
     128              :     }
     129            0 :     while (inlen > 0) {
     130            0 :         if (md->curlen == 0 && inlen >= 128) {
     131            0 :             sha512_compress(md, in);
     132            0 :             md->length += 128 * 8;
     133            0 :             in += 128;
     134            0 :             inlen -= 128;
     135              :         } else {
     136            0 :             n = (((inlen) < ((128u - md->curlen))) ? (inlen)
     137              :                                                    : ((128u - md->curlen)));
     138            0 :             memcpy(md->buf + md->curlen, in, (size_t)n);
     139            0 :             md->curlen += n;
     140            0 :             in += n;
     141            0 :             inlen -= n;
     142            0 :             if (md->curlen == 128) {
     143            0 :                 sha512_compress(md, md->buf);
     144            0 :                 md->length += 8 * 128;
     145            0 :                 md->curlen = 0;
     146              :             }
     147              :         }
     148              :     }
     149              : }
     150              : 
     151            0 : void sha512_done(sha512_context *md, uint8_t *out)
     152              : {
     153            0 :     int i;
     154              : 
     155            0 :     if (md->curlen >= sizeof(md->buf)) {
     156              :         return;
     157              :     }
     158              : 
     159              :     /* increase the length of the message */
     160            0 :     md->length += md->curlen * CONST64(8);
     161              : 
     162              :     /* append the '1' bit */
     163            0 :     md->buf[md->curlen++] = (uint8_t)0x80;
     164              : 
     165              :     /* if the length is currently above 112 bytes we append zeros
     166              :      * then compress.  Then we can fall back to padding zeros and length
     167              :      * encoding like normal.
     168              :      */
     169            0 :     if (md->curlen > 112) {
     170            0 :         while (md->curlen < 128) {
     171            0 :             md->buf[md->curlen++] = (uint8_t)0;
     172              :         }
     173            0 :         sha512_compress(md, md->buf);
     174            0 :         md->curlen = 0;
     175              :     }
     176              : 
     177              :     /* pad upto 120 bytes of zeroes
     178              :      * note: that from 112 to 120 is the 64 MSB of the length.  We assume that
     179              :      * you won't hash > 2^64 bits of data... :-)
     180              :      */
     181            0 :     while (md->curlen < 120) {
     182            0 :         md->buf[md->curlen++] = (uint8_t)0;
     183              :     }
     184              : 
     185              :     /* store length */
     186            0 :     STORE64H(md->length, md->buf + 120);
     187            0 :     sha512_compress(md, md->buf);
     188              : 
     189              :     /* copy output */
     190            0 :     for (i = 0; i < 8; i++) {
     191            0 :         STORE64H(md->state[i], out + (8 * i));
     192              :     }
     193              : }
     194              : 
     195            0 : void sha512_hash(const uint8_t *data, size_t len, uint8_t *digest)
     196              : {
     197            0 :     sha512_context md;
     198            0 :     sha512_init(&md);
     199            0 :     sha512_process(&md, data, len);
     200            0 :     sha512_done(&md, digest);
     201            0 : }
        

Generated by: LCOV version 2.0-1