sha384_512.cpp

Go to the documentation of this file.

/*
 * libxcks
 * Copyright (C) 2022 Julien Couot
 *
 * This program is free software: you can redistribute it and/or modify it
 * under the terms of the GNU Lesser General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or (at your
 * option) any later version.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General Public
 * License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public License
 * along with this program.  If not, see <https://www.gnu.org/licenses/>.
 */
 
//---------------------------------------------------------------------------
#include <cstring>
 
#include "sha384_512.hpp"
//---------------------------------------------------------------------------
 
using namespace std;
//---------------------------------------------------------------------------
 
 
namespace libxcks
{
// For doxygen
//---------------------------------------------------------------------------
 
 
//###########################################################################
// Implementation of AbstractSHA512Impl
//###########################################################################
 
/*
 * Process the remaining bytes in the internal buffer and the usual
 * prolog according to the standard.
 */
void AbstractSHA512Impl::finish()
{
  uint64_t t, msb, lsb;
  uint8_t *p;
 
  update(nullptr, 0);  // flush
 
  t = nblocks;
  // multiply by 128 to make a byte count
  lsb = t << 7;
  msb = t >> 57;
  // add the count
  t = lsb;
  if ((lsb += count) < t)
    msb++;
  // multiply by 8 to make a bit count
  t = lsb;
  lsb <<= 3;
  msb <<= 3;
  msb |= t >> 61;
 
  if (count < 112)
  {  // enough room
    ibuffer[count++] = 0x80;  // pad
    while (count < 112)
      ibuffer[count++] = 0;  // pad
  }
  else
  {  // need one extra block
    ibuffer[count++] = 0x80;  // pad character
    while (count < 128)
    ibuffer[count++] = 0;
    update(nullptr, 0);  // flush
    memset(ibuffer, 0, 112);  // fill next block with zeroes
  }
  /* append the 128 bit count */
  ibuffer[112] = msb >> 56;
  ibuffer[113] = msb >> 48;
  ibuffer[114] = msb >> 40;
  ibuffer[115] = msb >> 32;
  ibuffer[116] = msb >> 24;
  ibuffer[117] = msb >> 16;
  ibuffer[118] = msb >> 8;
  ibuffer[119] = msb;
 
  ibuffer[120] = lsb >> 56;
  ibuffer[121] = lsb >> 48;
  ibuffer[122] = lsb >> 40;
  ibuffer[123] = lsb >> 32;
  ibuffer[124] = lsb >> 24;
  ibuffer[125] = lsb >> 16;
  ibuffer[126] = lsb >> 8;
  ibuffer[127] = lsb;
  transform(ibuffer);
  //_gcry_burn_stack (768);
 
  p = ibuffer;
  #if (LIBXCKS_BYTE_ORDER == LIBXCKS_BIG_ENDIAN)
  #define X(a) do { *(uint64_t*)p = h##a ; p += 8; } while (0)
  #else  // little endian
  #define X(a) do { *p++ = h##a >> 56; *p++ = h##a >> 48;         \
                    *p++ = h##a >> 40; *p++ = h##a >> 32;         \
                    *p++ = h##a >> 24; *p++ = h##a >> 16;         \
                    *p++ = h##a >> 8;  *p++ = h##a; } while (0)
  #endif
  X(0);
  X(1);
  X(2);
  X(3);
  X(4);
  X(5);
  // Note that these last two chunks are included even for SHA384.
  // We just ignore them.
  X(6);
  X(7);
  #undef X
}
//---------------------------------------------------------------------------
 
 
/*
 * Updates the SHA512 hash with specified array of bytes.
 */
void AbstractSHA512Impl::update(const uint8_t* buf, size_t len)
{
  if (count == 128)
  {  // flush the buffer
    transform(ibuffer);
    //_gcry_burn_stack (768);
    count = 0;
    nblocks++;
  }
  if (buf == nullptr)
    return;
 
  if (count != 0)
  {
    for (; len && count < 128; len--)
      ibuffer[count++] = *buf++;
    update(nullptr, 0);
    if (len == 0)
      return;
  }
 
  while (len >= 128)
  {
    uint8_t tmpBuf[sizeof(uint64_t) * 16];
    memcpy(tmpBuf, buf, sizeof(uint64_t) * 16);
    transform(tmpBuf);
    count = 0;
    nblocks++;
    len -= 128;
    buf += 128;
  }
  //_gcry_burn_stack (768);
  for (; len && count < 128; len--)
    ibuffer[count++] = *buf++;
}
//---------------------------------------------------------------------------
 
 
/*
 * Transform the message X which consists of 64 bytes.
 */
void AbstractSHA512Impl::transform(uint8_t* data)
{
  uint64_t a, b, c, d, e, f, g, h;
  uint64_t w[80];
  int t;
  static const uint64_t k[] =
  {
    UINT64_C(0x428a2f98d728ae22), UINT64_C(0x7137449123ef65cd),
    UINT64_C(0xb5c0fbcfec4d3b2f), UINT64_C(0xe9b5dba58189dbbc),
    UINT64_C(0x3956c25bf348b538), UINT64_C(0x59f111f1b605d019),
    UINT64_C(0x923f82a4af194f9b), UINT64_C(0xab1c5ed5da6d8118),
    UINT64_C(0xd807aa98a3030242), UINT64_C(0x12835b0145706fbe),
    UINT64_C(0x243185be4ee4b28c), UINT64_C(0x550c7dc3d5ffb4e2),
    UINT64_C(0x72be5d74f27b896f), UINT64_C(0x80deb1fe3b1696b1),
    UINT64_C(0x9bdc06a725c71235), UINT64_C(0xc19bf174cf692694),
    UINT64_C(0xe49b69c19ef14ad2), UINT64_C(0xefbe4786384f25e3),
    UINT64_C(0x0fc19dc68b8cd5b5), UINT64_C(0x240ca1cc77ac9c65),
    UINT64_C(0x2de92c6f592b0275), UINT64_C(0x4a7484aa6ea6e483),
    UINT64_C(0x5cb0a9dcbd41fbd4), UINT64_C(0x76f988da831153b5),
    UINT64_C(0x983e5152ee66dfab), UINT64_C(0xa831c66d2db43210),
    UINT64_C(0xb00327c898fb213f), UINT64_C(0xbf597fc7beef0ee4),
    UINT64_C(0xc6e00bf33da88fc2), UINT64_C(0xd5a79147930aa725),
    UINT64_C(0x06ca6351e003826f), UINT64_C(0x142929670a0e6e70),
    UINT64_C(0x27b70a8546d22ffc), UINT64_C(0x2e1b21385c26c926),
    UINT64_C(0x4d2c6dfc5ac42aed), UINT64_C(0x53380d139d95b3df),
    UINT64_C(0x650a73548baf63de), UINT64_C(0x766a0abb3c77b2a8),
    UINT64_C(0x81c2c92e47edaee6), UINT64_C(0x92722c851482353b),
    UINT64_C(0xa2bfe8a14cf10364), UINT64_C(0xa81a664bbc423001),
    UINT64_C(0xc24b8b70d0f89791), UINT64_C(0xc76c51a30654be30),
    UINT64_C(0xd192e819d6ef5218), UINT64_C(0xd69906245565a910),
    UINT64_C(0xf40e35855771202a), UINT64_C(0x106aa07032bbd1b8),
    UINT64_C(0x19a4c116b8d2d0c8), UINT64_C(0x1e376c085141ab53),
    UINT64_C(0x2748774cdf8eeb99), UINT64_C(0x34b0bcb5e19b48a8),
    UINT64_C(0x391c0cb3c5c95a63), UINT64_C(0x4ed8aa4ae3418acb),
    UINT64_C(0x5b9cca4f7763e373), UINT64_C(0x682e6ff3d6b2b8a3),
    UINT64_C(0x748f82ee5defb2fc), UINT64_C(0x78a5636f43172f60),
    UINT64_C(0x84c87814a1f0ab72), UINT64_C(0x8cc702081a6439ec),
    UINT64_C(0x90befffa23631e28), UINT64_C(0xa4506cebde82bde9),
    UINT64_C(0xbef9a3f7b2c67915), UINT64_C(0xc67178f2e372532b),
    UINT64_C(0xca273eceea26619c), UINT64_C(0xd186b8c721c0c207),
    UINT64_C(0xeada7dd6cde0eb1e), UINT64_C(0xf57d4f7fee6ed178),
    UINT64_C(0x06f067aa72176fba), UINT64_C(0x0a637dc5a2c898a6),
    UINT64_C(0x113f9804bef90dae), UINT64_C(0x1b710b35131c471b),
    UINT64_C(0x28db77f523047d84), UINT64_C(0x32caab7b40c72493),
    UINT64_C(0x3c9ebe0a15c9bebc), UINT64_C(0x431d67c49c100d4c),
    UINT64_C(0x4cc5d4becb3e42b6), UINT64_C(0x597f299cfc657e2a),
    UINT64_C(0x5fcb6fab3ad6faec), UINT64_C(0x6c44198c4a475817)
  };
 
  // get values from the chaining vars
  a = h0;
  b = h1;
  c = h2;
  d = h3;
  e = h4;
  f = h5;
  g = h6;
  h = h7;
 
  #if (LIBXCKS_BYTE_ORDER == LIBXCKS_BIG_ENDIAN)
  memcpy(w, data, 128);
  #else
  {
    int i;
    uint8_t *p2;
 
    for (i = 0, p2 = (uint8_t*)w; i < 16; i++, p2 += 8)
    {
      p2[7] = *data++;
      p2[6] = *data++;
      p2[5] = *data++;
      p2[4] = *data++;
      p2[3] = *data++;
      p2[2] = *data++;
      p2[1] = *data++;
      p2[0] = *data++;
    }
  }
  #endif
 
  #define ROTR(x,n) (((x)>>(n)) | ((x)<<(64-(n))))
  #define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z)))
  #define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
  #define Sum0(x) (ROTR((x),28) ^ ROTR((x),34) ^ ROTR((x),39))
  #define Sum1(x) (ROTR((x),14) ^ ROTR((x),18) ^ ROTR((x),41))
  #define S0(x) (ROTR((x),1) ^ ROTR((x),8) ^ ((x)>>7))
  #define S1(x) (ROTR((x),19) ^ ROTR((x),61) ^ ((x)>>6))
 
  for (t = 16; t < 80; t++)
    w[t] = S1(w[t - 2]) + w[t - 7] + S0(w[t - 15]) + w[t - 16];
 
  for (t = 0; t < 80; t++)
  {
    uint64_t t1, t2;
 
    t1 = h + Sum1(e) + Ch(e, f, g) + k[t] + w[t];
    t2 = Sum0(a) + Maj(a, b, c);
    h = g;
    g = f;
    f = e;
    e = d + t1;
    d = c;
    c = b;
    b = a;
    a = t1 + t2;
  }
 
  // update chaining vars
  h0 += a;
  h1 += b;
  h2 += c;
  h3 += d;
  h4 += e;
  h5 += f;
  h6 += g;
  h7 += h;
}
//---------------------------------------------------------------------------
 
 
//###########################################################################
// Implementation of SHA384
//###########################################################################
 
/*
 * Default constructor.
 */
SHA384::SHA384()
{
  reset();
}
//---------------------------------------------------------------------------
 
 
/*
 * Resets the SHA384 hash to initial value.
 */
void SHA384::reset()
{
  h0 = UINT64_C(0xcbbb9d5dc1059ed8);
  h1 = UINT64_C(0x629a292a367cd507);
  h2 = UINT64_C(0x9159015a3070dd17);
  h3 = UINT64_C(0x152fecd8f70e5939);
  h4 = UINT64_C(0x67332667ffc00b31);
  h5 = UINT64_C(0x8eb44a8768581511);
  h6 = UINT64_C(0xdb0c2e0d64f98fa7);
  h7 = UINT64_C(0x47b5481dbefa4fa4);
 
  nblocks = UINT64_C(0);
  count = 0;
}
//---------------------------------------------------------------------------
 
 
/*
 * Returns the SHA384 hash value in the first 48 bytes of the given address.
 */
uint8_t* SHA384::getValue(uint8_t* buffer) const
{
  SHA384 sha384(*this);
  sha384.finish();
 
  memcpy(buffer, sha384.ibuffer, getSize());
 
  return buffer;
}
//---------------------------------------------------------------------------
 
 
/*
 * Returns the alternative names of the SHA384 hash algorithm.
 */
ArrayString SHA384::getAlternativeNames()
{
  return ArrayString{ "SHA384", "SHA-384" };
}
//---------------------------------------------------------------------------
 
 
 
 
//###########################################################################
// Implementation of SHA512
//###########################################################################
 
/*
 * Default constructor.
 */
SHA512::SHA512()
{
  reset();
}
//---------------------------------------------------------------------------
 
 
/*
 * Resets the SHA512 hash to initial value.
 */
void SHA512::reset()
{
  h0 = UINT64_C(0x6a09e667f3bcc908);
  h1 = UINT64_C(0xbb67ae8584caa73b);
  h2 = UINT64_C(0x3c6ef372fe94f82b);
  h3 = UINT64_C(0xa54ff53a5f1d36f1);
  h4 = UINT64_C(0x510e527fade682d1);
  h5 = UINT64_C(0x9b05688c2b3e6c1f);
  h6 = UINT64_C(0x1f83d9abfb41bd6b);
  h7 = UINT64_C(0x5be0cd19137e2179);
 
  nblocks = UINT64_C(0);
  count = 0;
}
//---------------------------------------------------------------------------
 
 
/*
 * Returns the SHA512 hash value in the first 64 bytes of the given address.
 */
uint8_t* SHA512::getValue(uint8_t* buffer) const
{
  SHA512 sha512(*this);
  sha512.finish();
 
  memcpy(buffer, sha512.ibuffer, getSize());
 
  return buffer;
}
//---------------------------------------------------------------------------
 
 
/*
 * Returns the alternative names of the SHA512 hash algorithm.
 */
ArrayString SHA512::getAlternativeNames()
{
  return ArrayString{ "SHA512", "SHA-512" };
}
//---------------------------------------------------------------------------
}  // namespace libxcks
//---------------------------------------------------------------------------