sl@0: /* crypto/sha/sha512.c */ sl@0: /* ==================================================================== sl@0: * Copyright (c) 2004 The OpenSSL Project. All rights reserved sl@0: * according to the OpenSSL license [found here]. sl@0: * ==================================================================== sl@0: */ sl@0: sl@0: /* ==================================================================== sl@0: * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved. sl@0: * sl@0: * Redistribution and use in source and binary forms, with or without sl@0: * modification, are permitted provided that the following conditions sl@0: * are met: sl@0: * sl@0: * 1. Redistributions of source code must retain the above copyright sl@0: * notice, this list of conditions and the following disclaimer. sl@0: * sl@0: * 2. Redistributions in binary form must reproduce the above copyright sl@0: * notice, this list of conditions and the following disclaimer in sl@0: * the documentation and/or other materials provided with the sl@0: * distribution. sl@0: * sl@0: * 3. All advertising materials mentioning features or use of this sl@0: * software must display the following acknowledgment: sl@0: * "This product includes software developed by the OpenSSL Project sl@0: * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" sl@0: * sl@0: * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to sl@0: * endorse or promote products derived from this software without sl@0: * prior written permission. For written permission, please contact sl@0: * openssl-core@openssl.org. sl@0: * sl@0: * 5. Products derived from this software may not be called "OpenSSL" sl@0: * nor may "OpenSSL" appear in their names without prior written sl@0: * permission of the OpenSSL Project. sl@0: * sl@0: * 6. Redistributions of any form whatsoever must retain the following sl@0: * acknowledgment: sl@0: * "This product includes software developed by the OpenSSL Project sl@0: * for use in the OpenSSL Toolkit (http://www.openssl.org/)" sl@0: * sl@0: * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY sl@0: * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE sl@0: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR sl@0: * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR sl@0: * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, sl@0: * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT sl@0: * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; sl@0: * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) sl@0: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, sl@0: * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) sl@0: * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED sl@0: * OF THE POSSIBILITY OF SUCH DAMAGE. sl@0: * ==================================================================== sl@0: * sl@0: * This product includes cryptographic software written by Eric Young sl@0: * (eay@cryptsoft.com). This product includes software written by Tim sl@0: * Hudson (tjh@cryptsoft.com). sl@0: * sl@0: */ sl@0: sl@0: /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) sl@0: * All rights reserved. sl@0: * sl@0: * This package is an SSL implementation written sl@0: * by Eric Young (eay@cryptsoft.com). sl@0: * The implementation was written so as to conform with Netscapes SSL. sl@0: * sl@0: * This library is free for commercial and non-commercial use as long as sl@0: * the following conditions are aheared to. The following conditions sl@0: * apply to all code found in this distribution, be it the RC4, RSA, sl@0: * lhash, DES, etc., code; not just the SSL code. The SSL documentation sl@0: * included with this distribution is covered by the same copyright terms sl@0: * except that the holder is Tim Hudson (tjh@cryptsoft.com). sl@0: * sl@0: * Copyright remains Eric Young's, and as such any Copyright notices in sl@0: * the code are not to be removed. sl@0: * If this package is used in a product, Eric Young should be given attribution sl@0: * as the author of the parts of the library used. sl@0: * This can be in the form of a textual message at program startup or sl@0: * in documentation (online or textual) provided with the package. sl@0: * sl@0: * Redistribution and use in source and binary forms, with or without sl@0: * modification, are permitted provided that the following conditions sl@0: * are met: sl@0: * 1. Redistributions of source code must retain the copyright sl@0: * notice, this list of conditions and the following disclaimer. sl@0: * 2. Redistributions in binary form must reproduce the above copyright sl@0: * notice, this list of conditions and the following disclaimer in the sl@0: * documentation and/or other materials provided with the distribution. sl@0: * 3. All advertising materials mentioning features or use of this software sl@0: * must display the following acknowledgement: sl@0: * "This product includes cryptographic software written by sl@0: * Eric Young (eay@cryptsoft.com)" sl@0: * The word 'cryptographic' can be left out if the rouines from the library sl@0: * being used are not cryptographic related :-). sl@0: * 4. If you include any Windows specific code (or a derivative thereof) from sl@0: * the apps directory (application code) you must include an acknowledgement: sl@0: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" sl@0: * sl@0: * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND sl@0: * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE sl@0: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE sl@0: * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE sl@0: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL sl@0: * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS sl@0: * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) sl@0: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT sl@0: * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY sl@0: * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF sl@0: * SUCH DAMAGE. sl@0: * sl@0: * The licence and distribution terms for any publically available version or sl@0: * derivative of this code cannot be changed. i.e. this code cannot simply be sl@0: * copied and put under another distribution licence sl@0: * [including the GNU Public Licence.] sl@0: */ sl@0: /* sl@0: © Portions copyright (c) 2010 Nokia Corporation. All rights reserved. sl@0: */ sl@0: sl@0: #include sl@0: #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA512) sl@0: /* sl@0: * IMPLEMENTATION NOTES. sl@0: * sl@0: * As you might have noticed 32-bit hash algorithms: sl@0: * sl@0: * - permit SHA_LONG to be wider than 32-bit (case on CRAY); sl@0: * - optimized versions implement two transform functions: one operating sl@0: * on [aligned] data in host byte order and one - on data in input sl@0: * stream byte order; sl@0: * - share common byte-order neutral collector and padding function sl@0: * implementations, ../md32_common.h; sl@0: * sl@0: * Neither of the above applies to this SHA-512 implementations. Reasons sl@0: * [in reverse order] are: sl@0: * sl@0: * - it's the only 64-bit hash algorithm for the moment of this writing, sl@0: * there is no need for common collector/padding implementation [yet]; sl@0: * - by supporting only one transform function [which operates on sl@0: * *aligned* data in input stream byte order, big-endian in this case] sl@0: * we minimize burden of maintenance in two ways: a) collector/padding sl@0: * function is simpler; b) only one transform function to stare at; sl@0: * - SHA_LONG64 is required to be exactly 64-bit in order to be able to sl@0: * apply a number of optimizations to mitigate potential performance sl@0: * penalties caused by previous design decision; sl@0: * sl@0: * Caveat lector. sl@0: * sl@0: * Implementation relies on the fact that "long long" is 64-bit on sl@0: * both 32- and 64-bit platforms. If some compiler vendor comes up sl@0: * with 128-bit long long, adjustment to sha.h would be required. sl@0: * As this implementation relies on 64-bit integer type, it's totally sl@0: * inappropriate for platforms which don't support it, most notably sl@0: * 16-bit platforms. sl@0: * sl@0: */ sl@0: #include sl@0: #include sl@0: sl@0: #include sl@0: #include sl@0: #include sl@0: sl@0: #include "cryptlib.h" sl@0: sl@0: const char SHA512_version[]="SHA-512" OPENSSL_VERSION_PTEXT; sl@0: sl@0: #if defined(_M_IX86) || defined(_M_AMD64) || defined(__i386) || defined(__x86_64) sl@0: #define SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA sl@0: #endif sl@0: sl@0: EXPORT_C int SHA384_Init (SHA512_CTX *c) sl@0: { sl@0: c->h[0]=U64(0xcbbb9d5dc1059ed8); sl@0: c->h[1]=U64(0x629a292a367cd507); sl@0: c->h[2]=U64(0x9159015a3070dd17); sl@0: c->h[3]=U64(0x152fecd8f70e5939); sl@0: c->h[4]=U64(0x67332667ffc00b31); sl@0: c->h[5]=U64(0x8eb44a8768581511); sl@0: c->h[6]=U64(0xdb0c2e0d64f98fa7); sl@0: c->h[7]=U64(0x47b5481dbefa4fa4); sl@0: c->Nl=0; c->Nh=0; sl@0: c->num=0; c->md_len=SHA384_DIGEST_LENGTH; sl@0: return 1; sl@0: } sl@0: sl@0: EXPORT_C int SHA512_Init (SHA512_CTX *c) sl@0: { sl@0: c->h[0]=U64(0x6a09e667f3bcc908); sl@0: c->h[1]=U64(0xbb67ae8584caa73b); sl@0: c->h[2]=U64(0x3c6ef372fe94f82b); sl@0: c->h[3]=U64(0xa54ff53a5f1d36f1); sl@0: c->h[4]=U64(0x510e527fade682d1); sl@0: c->h[5]=U64(0x9b05688c2b3e6c1f); sl@0: c->h[6]=U64(0x1f83d9abfb41bd6b); sl@0: c->h[7]=U64(0x5be0cd19137e2179); sl@0: c->Nl=0; c->Nh=0; sl@0: c->num=0; c->md_len=SHA512_DIGEST_LENGTH; sl@0: return 1; sl@0: } sl@0: sl@0: #ifndef SHA512_ASM sl@0: static sl@0: #endif sl@0: void sha512_block (SHA512_CTX *ctx, const void *in, size_t num); sl@0: sl@0: EXPORT_C int SHA512_Final (unsigned char *md, SHA512_CTX *c) sl@0: { sl@0: unsigned char *p=(unsigned char *)c->u.p; sl@0: size_t n=c->num; sl@0: sl@0: p[n]=0x80; /* There always is a room for one */ sl@0: n++; sl@0: if (n > (sizeof(c->u)-16)) sl@0: memset (p+n,0,sizeof(c->u)-n), n=0, sl@0: sha512_block (c,p,1); sl@0: sl@0: memset (p+n,0,sizeof(c->u)-16-n); sl@0: #ifdef B_ENDIAN sl@0: c->u.d[SHA_LBLOCK-2] = c->Nh; sl@0: c->u.d[SHA_LBLOCK-1] = c->Nl; sl@0: #else sl@0: p[sizeof(c->u)-1] = (unsigned char)(c->Nl); sl@0: p[sizeof(c->u)-2] = (unsigned char)(c->Nl>>8); sl@0: p[sizeof(c->u)-3] = (unsigned char)(c->Nl>>16); sl@0: p[sizeof(c->u)-4] = (unsigned char)(c->Nl>>24); sl@0: p[sizeof(c->u)-5] = (unsigned char)(c->Nl>>32); sl@0: p[sizeof(c->u)-6] = (unsigned char)(c->Nl>>40); sl@0: p[sizeof(c->u)-7] = (unsigned char)(c->Nl>>48); sl@0: p[sizeof(c->u)-8] = (unsigned char)(c->Nl>>56); sl@0: p[sizeof(c->u)-9] = (unsigned char)(c->Nh); sl@0: p[sizeof(c->u)-10] = (unsigned char)(c->Nh>>8); sl@0: p[sizeof(c->u)-11] = (unsigned char)(c->Nh>>16); sl@0: p[sizeof(c->u)-12] = (unsigned char)(c->Nh>>24); sl@0: p[sizeof(c->u)-13] = (unsigned char)(c->Nh>>32); sl@0: p[sizeof(c->u)-14] = (unsigned char)(c->Nh>>40); sl@0: p[sizeof(c->u)-15] = (unsigned char)(c->Nh>>48); sl@0: p[sizeof(c->u)-16] = (unsigned char)(c->Nh>>56); sl@0: #endif sl@0: sl@0: sha512_block (c,p,1); sl@0: sl@0: if (md==0) return 0; sl@0: sl@0: switch (c->md_len) sl@0: { sl@0: /* Let compiler decide if it's appropriate to unroll... */ sl@0: case SHA384_DIGEST_LENGTH: sl@0: for (n=0;nh[n]; sl@0: sl@0: *(md++) = (unsigned char)(t>>56); sl@0: *(md++) = (unsigned char)(t>>48); sl@0: *(md++) = (unsigned char)(t>>40); sl@0: *(md++) = (unsigned char)(t>>32); sl@0: *(md++) = (unsigned char)(t>>24); sl@0: *(md++) = (unsigned char)(t>>16); sl@0: *(md++) = (unsigned char)(t>>8); sl@0: *(md++) = (unsigned char)(t); sl@0: } sl@0: break; sl@0: case SHA512_DIGEST_LENGTH: sl@0: for (n=0;nh[n]; sl@0: sl@0: *(md++) = (unsigned char)(t>>56); sl@0: *(md++) = (unsigned char)(t>>48); sl@0: *(md++) = (unsigned char)(t>>40); sl@0: *(md++) = (unsigned char)(t>>32); sl@0: *(md++) = (unsigned char)(t>>24); sl@0: *(md++) = (unsigned char)(t>>16); sl@0: *(md++) = (unsigned char)(t>>8); sl@0: *(md++) = (unsigned char)(t); sl@0: } sl@0: break; sl@0: /* ... as well as make sure md_len is not abused. */ sl@0: default: return 0; sl@0: } sl@0: sl@0: return 1; sl@0: } sl@0: sl@0: EXPORT_C int SHA384_Final (unsigned char *md,SHA512_CTX *c) sl@0: { return SHA512_Final (md,c); } sl@0: sl@0: EXPORT_C int SHA512_Update (SHA512_CTX *c, const void *_data, size_t len) sl@0: { sl@0: SHA_LONG64 l; sl@0: unsigned char *p=c->u.p; sl@0: const unsigned char *data=(const unsigned char *)_data; sl@0: sl@0: if (len==0) return 1; sl@0: sl@0: l = (c->Nl+(((SHA_LONG64)len)<<3))&U64(0xffffffffffffffff); sl@0: if (l < c->Nl) c->Nh++; sl@0: if (sizeof(len)>=8) c->Nh+=(((SHA_LONG64)len)>>61); sl@0: c->Nl=l; sl@0: sl@0: if (c->num != 0) sl@0: { sl@0: size_t n = sizeof(c->u) - c->num; sl@0: sl@0: if (len < n) sl@0: { sl@0: memcpy (p+c->num,data,len), c->num += len; sl@0: return 1; sl@0: } sl@0: else { sl@0: memcpy (p+c->num,data,n), c->num = 0; sl@0: len-=n, data+=n; sl@0: sha512_block (c,p,1); sl@0: } sl@0: } sl@0: sl@0: if (len >= sizeof(c->u)) sl@0: { sl@0: #ifndef SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA sl@0: if ((size_t)data%sizeof(c->u.d[0]) != 0) sl@0: while (len >= sizeof(c->u)) sl@0: memcpy (p,data,sizeof(c->u)), sl@0: sha512_block (c,p,1), sl@0: len -= sizeof(c->u), sl@0: data += sizeof(c->u); sl@0: else sl@0: #endif sl@0: sha512_block (c,data,len/sizeof(c->u)), sl@0: data += len, sl@0: len %= sizeof(c->u), sl@0: data -= len; sl@0: } sl@0: sl@0: if (len != 0) memcpy (p,data,len), c->num = (int)len; sl@0: sl@0: return 1; sl@0: } sl@0: sl@0: EXPORT_C int SHA384_Update (SHA512_CTX *c, const void *data, size_t len) sl@0: { return SHA512_Update (c,data,len); } sl@0: sl@0: EXPORT_C void SHA512_Transform (SHA512_CTX *c, const unsigned char *data) sl@0: { sha512_block (c,data,1); } sl@0: sl@0: EXPORT_C unsigned char *SHA384(const unsigned char *d, size_t n, unsigned char *md) sl@0: { sl@0: SHA512_CTX c; sl@0: static unsigned char m[SHA384_DIGEST_LENGTH]; sl@0: sl@0: if (md == NULL) md=m; sl@0: SHA384_Init(&c); sl@0: SHA512_Update(&c,d,n); sl@0: SHA512_Final(md,&c); sl@0: OPENSSL_cleanse(&c,sizeof(c)); sl@0: return(md); sl@0: } sl@0: sl@0: EXPORT_C unsigned char *SHA512(const unsigned char *d, size_t n, unsigned char *md) sl@0: { sl@0: SHA512_CTX c; sl@0: static unsigned char m[SHA512_DIGEST_LENGTH]; sl@0: sl@0: if (md == NULL) md=m; sl@0: SHA512_Init(&c); sl@0: SHA512_Update(&c,d,n); sl@0: SHA512_Final(md,&c); sl@0: OPENSSL_cleanse(&c,sizeof(c)); sl@0: return(md); sl@0: } sl@0: sl@0: #ifndef SHA512_ASM sl@0: static const SHA_LONG64 K512[80] = { sl@0: U64(0x428a2f98d728ae22),U64(0x7137449123ef65cd), sl@0: U64(0xb5c0fbcfec4d3b2f),U64(0xe9b5dba58189dbbc), sl@0: U64(0x3956c25bf348b538),U64(0x59f111f1b605d019), sl@0: U64(0x923f82a4af194f9b),U64(0xab1c5ed5da6d8118), sl@0: U64(0xd807aa98a3030242),U64(0x12835b0145706fbe), sl@0: U64(0x243185be4ee4b28c),U64(0x550c7dc3d5ffb4e2), sl@0: U64(0x72be5d74f27b896f),U64(0x80deb1fe3b1696b1), sl@0: U64(0x9bdc06a725c71235),U64(0xc19bf174cf692694), sl@0: U64(0xe49b69c19ef14ad2),U64(0xefbe4786384f25e3), sl@0: U64(0x0fc19dc68b8cd5b5),U64(0x240ca1cc77ac9c65), sl@0: U64(0x2de92c6f592b0275),U64(0x4a7484aa6ea6e483), sl@0: U64(0x5cb0a9dcbd41fbd4),U64(0x76f988da831153b5), sl@0: U64(0x983e5152ee66dfab),U64(0xa831c66d2db43210), sl@0: U64(0xb00327c898fb213f),U64(0xbf597fc7beef0ee4), sl@0: U64(0xc6e00bf33da88fc2),U64(0xd5a79147930aa725), sl@0: U64(0x06ca6351e003826f),U64(0x142929670a0e6e70), sl@0: U64(0x27b70a8546d22ffc),U64(0x2e1b21385c26c926), sl@0: U64(0x4d2c6dfc5ac42aed),U64(0x53380d139d95b3df), sl@0: U64(0x650a73548baf63de),U64(0x766a0abb3c77b2a8), sl@0: U64(0x81c2c92e47edaee6),U64(0x92722c851482353b), sl@0: U64(0xa2bfe8a14cf10364),U64(0xa81a664bbc423001), sl@0: U64(0xc24b8b70d0f89791),U64(0xc76c51a30654be30), sl@0: U64(0xd192e819d6ef5218),U64(0xd69906245565a910), sl@0: U64(0xf40e35855771202a),U64(0x106aa07032bbd1b8), sl@0: U64(0x19a4c116b8d2d0c8),U64(0x1e376c085141ab53), sl@0: U64(0x2748774cdf8eeb99),U64(0x34b0bcb5e19b48a8), sl@0: U64(0x391c0cb3c5c95a63),U64(0x4ed8aa4ae3418acb), sl@0: U64(0x5b9cca4f7763e373),U64(0x682e6ff3d6b2b8a3), sl@0: U64(0x748f82ee5defb2fc),U64(0x78a5636f43172f60), sl@0: U64(0x84c87814a1f0ab72),U64(0x8cc702081a6439ec), sl@0: U64(0x90befffa23631e28),U64(0xa4506cebde82bde9), sl@0: U64(0xbef9a3f7b2c67915),U64(0xc67178f2e372532b), sl@0: U64(0xca273eceea26619c),U64(0xd186b8c721c0c207), sl@0: U64(0xeada7dd6cde0eb1e),U64(0xf57d4f7fee6ed178), sl@0: U64(0x06f067aa72176fba),U64(0x0a637dc5a2c898a6), sl@0: U64(0x113f9804bef90dae),U64(0x1b710b35131c471b), sl@0: U64(0x28db77f523047d84),U64(0x32caab7b40c72493), sl@0: U64(0x3c9ebe0a15c9bebc),U64(0x431d67c49c100d4c), sl@0: U64(0x4cc5d4becb3e42b6),U64(0x597f299cfc657e2a), sl@0: U64(0x5fcb6fab3ad6faec),U64(0x6c44198c4a475817) }; sl@0: sl@0: #ifndef PEDANTIC sl@0: # if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) sl@0: # if defined(__x86_64) || defined(__x86_64__) sl@0: # define PULL64(x) ({ SHA_LONG64 ret=*((const SHA_LONG64 *)(&(x))); \ sl@0: asm ("bswapq %0" \ sl@0: : "=r"(ret) \ sl@0: : "0"(ret)); ret; }) sl@0: # endif sl@0: # endif sl@0: #endif sl@0: sl@0: #ifndef PULL64 sl@0: #define B(x,j) (((SHA_LONG64)(*(((const unsigned char *)(&x))+j)))<<((7-j)*8)) sl@0: #define PULL64(x) (B(x,0)|B(x,1)|B(x,2)|B(x,3)|B(x,4)|B(x,5)|B(x,6)|B(x,7)) sl@0: #endif sl@0: sl@0: #ifndef PEDANTIC sl@0: # if defined(_MSC_VER) sl@0: # if defined(_WIN64) /* applies to both IA-64 and AMD64 */ sl@0: # define ROTR(a,n) _rotr64((a),n) sl@0: # endif sl@0: # elif defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) sl@0: # if defined(__x86_64) || defined(__x86_64__) sl@0: # define ROTR(a,n) ({ unsigned long ret; \ sl@0: asm ("rorq %1,%0" \ sl@0: : "=r"(ret) \ sl@0: : "J"(n),"0"(a) \ sl@0: : "cc"); ret; }) sl@0: # elif defined(_ARCH_PPC) && defined(__64BIT__) sl@0: # define ROTR(a,n) ({ unsigned long ret; \ sl@0: asm ("rotrdi %0,%1,%2" \ sl@0: : "=r"(ret) \ sl@0: : "r"(a),"K"(n)); ret; }) sl@0: # endif sl@0: # endif sl@0: #endif sl@0: sl@0: #ifndef ROTR sl@0: #define ROTR(x,s) (((x)>>s) | (x)<<(64-s)) sl@0: #endif sl@0: sl@0: #define Sigma0(x) (ROTR((x),28) ^ ROTR((x),34) ^ ROTR((x),39)) sl@0: #define Sigma1(x) (ROTR((x),14) ^ ROTR((x),18) ^ ROTR((x),41)) sl@0: #define sigma0(x) (ROTR((x),1) ^ ROTR((x),8) ^ ((x)>>7)) sl@0: #define sigma1(x) (ROTR((x),19) ^ ROTR((x),61) ^ ((x)>>6)) sl@0: sl@0: #define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z))) sl@0: #define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) sl@0: sl@0: #if defined(OPENSSL_IA32_SSE2) && !defined(OPENSSL_NO_ASM) && !defined(I386_ONLY) sl@0: #define GO_FOR_SSE2(ctx,in,num) do { \ sl@0: void sha512_block_sse2(void *,const void *,size_t); \ sl@0: if (!(OPENSSL_ia32cap_P & (1<<26))) break; \ sl@0: sha512_block_sse2(ctx->h,in,num); return; \ sl@0: } while (0) sl@0: #endif sl@0: sl@0: #ifdef OPENSSL_SMALL_FOOTPRINT sl@0: sl@0: static void sha512_block (SHA512_CTX *ctx, const void *in, size_t num) sl@0: { sl@0: const SHA_LONG64 *W=in; sl@0: SHA_LONG64 a,b,c,d,e,f,g,h,s0,s1,T1,T2; sl@0: SHA_LONG64 X[16]; sl@0: int i; sl@0: sl@0: #ifdef GO_FOR_SSE2 sl@0: GO_FOR_SSE2(ctx,in,num); sl@0: #endif sl@0: sl@0: while (num--) { sl@0: sl@0: a = ctx->h[0]; b = ctx->h[1]; c = ctx->h[2]; d = ctx->h[3]; sl@0: e = ctx->h[4]; f = ctx->h[5]; g = ctx->h[6]; h = ctx->h[7]; sl@0: sl@0: for (i=0;i<16;i++) sl@0: { sl@0: #ifdef B_ENDIAN sl@0: T1 = X[i] = W[i]; sl@0: #else sl@0: T1 = X[i] = PULL64(W[i]); sl@0: #endif sl@0: T1 += h + Sigma1(e) + Ch(e,f,g) + K512[i]; sl@0: T2 = Sigma0(a) + Maj(a,b,c); sl@0: h = g; g = f; f = e; e = d + T1; sl@0: d = c; c = b; b = a; a = T1 + T2; sl@0: } sl@0: sl@0: for (;i<80;i++) sl@0: { sl@0: s0 = X[(i+1)&0x0f]; s0 = sigma0(s0); sl@0: s1 = X[(i+14)&0x0f]; s1 = sigma1(s1); sl@0: sl@0: T1 = X[i&0xf] += s0 + s1 + X[(i+9)&0xf]; sl@0: T1 += h + Sigma1(e) + Ch(e,f,g) + K512[i]; sl@0: T2 = Sigma0(a) + Maj(a,b,c); sl@0: h = g; g = f; f = e; e = d + T1; sl@0: d = c; c = b; b = a; a = T1 + T2; sl@0: } sl@0: sl@0: ctx->h[0] += a; ctx->h[1] += b; ctx->h[2] += c; ctx->h[3] += d; sl@0: ctx->h[4] += e; ctx->h[5] += f; ctx->h[6] += g; ctx->h[7] += h; sl@0: sl@0: W+=SHA_LBLOCK; sl@0: } sl@0: } sl@0: sl@0: #else sl@0: sl@0: #define ROUND_00_15(i,a,b,c,d,e,f,g,h) do { \ sl@0: T1 += h + Sigma1(e) + Ch(e,f,g) + K512[i]; \ sl@0: h = Sigma0(a) + Maj(a,b,c); \ sl@0: d += T1; h += T1; } while (0) sl@0: sl@0: #define ROUND_16_80(i,a,b,c,d,e,f,g,h,X) do { \ sl@0: s0 = X[(i+1)&0x0f]; s0 = sigma0(s0); \ sl@0: s1 = X[(i+14)&0x0f]; s1 = sigma1(s1); \ sl@0: T1 = X[(i)&0x0f] += s0 + s1 + X[(i+9)&0x0f]; \ sl@0: ROUND_00_15(i,a,b,c,d,e,f,g,h); } while (0) sl@0: sl@0: static void sha512_block (SHA512_CTX *ctx, const void *in, size_t num) sl@0: { sl@0: const SHA_LONG64 *W=in; sl@0: SHA_LONG64 a,b,c,d,e,f,g,h,s0,s1,T1; sl@0: SHA_LONG64 X[16]; sl@0: int i; sl@0: sl@0: #ifdef GO_FOR_SSE2 sl@0: GO_FOR_SSE2(ctx,in,num); sl@0: #endif sl@0: sl@0: while (num--) { sl@0: sl@0: a = ctx->h[0]; b = ctx->h[1]; c = ctx->h[2]; d = ctx->h[3]; sl@0: e = ctx->h[4]; f = ctx->h[5]; g = ctx->h[6]; h = ctx->h[7]; sl@0: sl@0: #ifdef B_ENDIAN sl@0: T1 = X[0] = W[0]; ROUND_00_15(0,a,b,c,d,e,f,g,h); sl@0: T1 = X[1] = W[1]; ROUND_00_15(1,h,a,b,c,d,e,f,g); sl@0: T1 = X[2] = W[2]; ROUND_00_15(2,g,h,a,b,c,d,e,f); sl@0: T1 = X[3] = W[3]; ROUND_00_15(3,f,g,h,a,b,c,d,e); sl@0: T1 = X[4] = W[4]; ROUND_00_15(4,e,f,g,h,a,b,c,d); sl@0: T1 = X[5] = W[5]; ROUND_00_15(5,d,e,f,g,h,a,b,c); sl@0: T1 = X[6] = W[6]; ROUND_00_15(6,c,d,e,f,g,h,a,b); sl@0: T1 = X[7] = W[7]; ROUND_00_15(7,b,c,d,e,f,g,h,a); sl@0: T1 = X[8] = W[8]; ROUND_00_15(8,a,b,c,d,e,f,g,h); sl@0: T1 = X[9] = W[9]; ROUND_00_15(9,h,a,b,c,d,e,f,g); sl@0: T1 = X[10] = W[10]; ROUND_00_15(10,g,h,a,b,c,d,e,f); sl@0: T1 = X[11] = W[11]; ROUND_00_15(11,f,g,h,a,b,c,d,e); sl@0: T1 = X[12] = W[12]; ROUND_00_15(12,e,f,g,h,a,b,c,d); sl@0: T1 = X[13] = W[13]; ROUND_00_15(13,d,e,f,g,h,a,b,c); sl@0: T1 = X[14] = W[14]; ROUND_00_15(14,c,d,e,f,g,h,a,b); sl@0: T1 = X[15] = W[15]; ROUND_00_15(15,b,c,d,e,f,g,h,a); sl@0: #else sl@0: T1 = X[0] = PULL64(W[0]); ROUND_00_15(0,a,b,c,d,e,f,g,h); sl@0: T1 = X[1] = PULL64(W[1]); ROUND_00_15(1,h,a,b,c,d,e,f,g); sl@0: T1 = X[2] = PULL64(W[2]); ROUND_00_15(2,g,h,a,b,c,d,e,f); sl@0: T1 = X[3] = PULL64(W[3]); ROUND_00_15(3,f,g,h,a,b,c,d,e); sl@0: T1 = X[4] = PULL64(W[4]); ROUND_00_15(4,e,f,g,h,a,b,c,d); sl@0: T1 = X[5] = PULL64(W[5]); ROUND_00_15(5,d,e,f,g,h,a,b,c); sl@0: T1 = X[6] = PULL64(W[6]); ROUND_00_15(6,c,d,e,f,g,h,a,b); sl@0: T1 = X[7] = PULL64(W[7]); ROUND_00_15(7,b,c,d,e,f,g,h,a); sl@0: T1 = X[8] = PULL64(W[8]); ROUND_00_15(8,a,b,c,d,e,f,g,h); sl@0: T1 = X[9] = PULL64(W[9]); ROUND_00_15(9,h,a,b,c,d,e,f,g); sl@0: T1 = X[10] = PULL64(W[10]); ROUND_00_15(10,g,h,a,b,c,d,e,f); sl@0: T1 = X[11] = PULL64(W[11]); ROUND_00_15(11,f,g,h,a,b,c,d,e); sl@0: T1 = X[12] = PULL64(W[12]); ROUND_00_15(12,e,f,g,h,a,b,c,d); sl@0: T1 = X[13] = PULL64(W[13]); ROUND_00_15(13,d,e,f,g,h,a,b,c); sl@0: T1 = X[14] = PULL64(W[14]); ROUND_00_15(14,c,d,e,f,g,h,a,b); sl@0: T1 = X[15] = PULL64(W[15]); ROUND_00_15(15,b,c,d,e,f,g,h,a); sl@0: #endif sl@0: sl@0: for (i=16;i<80;i+=8) sl@0: { sl@0: ROUND_16_80(i+0,a,b,c,d,e,f,g,h,X); sl@0: ROUND_16_80(i+1,h,a,b,c,d,e,f,g,X); sl@0: ROUND_16_80(i+2,g,h,a,b,c,d,e,f,X); sl@0: ROUND_16_80(i+3,f,g,h,a,b,c,d,e,X); sl@0: ROUND_16_80(i+4,e,f,g,h,a,b,c,d,X); sl@0: ROUND_16_80(i+5,d,e,f,g,h,a,b,c,X); sl@0: ROUND_16_80(i+6,c,d,e,f,g,h,a,b,X); sl@0: ROUND_16_80(i+7,b,c,d,e,f,g,h,a,X); sl@0: } sl@0: sl@0: ctx->h[0] += a; ctx->h[1] += b; ctx->h[2] += c; ctx->h[3] += d; sl@0: ctx->h[4] += e; ctx->h[5] += f; ctx->h[6] += g; ctx->h[7] += h; sl@0: sl@0: W+=SHA_LBLOCK; sl@0: } sl@0: } sl@0: sl@0: #endif sl@0: sl@0: #endif /* SHA512_ASM */ sl@0: sl@0: #endif /* OPENSSL_NO_SHA512 */