Path: blob/main/crypto/libecc/src/hash/sha512_core.c
34879 views
/*1* Copyright (C) 2017 - This file is part of libecc project2*3* Authors:4* Ryad BENADJILA <[email protected]>5* Arnaud EBALARD <[email protected]>6* Jean-Pierre FLORI <[email protected]>7*8* Contributors:9* Nicolas VIVET <[email protected]>10* Karim KHALFALLAH <[email protected]>11*12* This software is licensed under a dual BSD and GPL v2 license.13* See LICENSE file at the root folder of the project.14*/15#include <libecc/lib_ecc_config.h>16#if defined(WITH_HASH_SHA512) || defined(WITH_HASH_SHA512_224) || defined(WITH_HASH_SHA512_256)17#include <libecc/hash/sha512_core.h>1819/* SHA-2 core processing. Returns 0 on success, -1 on error. */20ATTRIBUTE_WARN_UNUSED_RET static int sha512_core_process(sha512_core_context *ctx,21const u8 data[SHA512_CORE_BLOCK_SIZE])22{23u64 a, b, c, d, e, f, g, h;24u64 W[80];25unsigned int i;26int ret;2728MUST_HAVE(((ctx != NULL) && (data != NULL)), ret, err);2930/* Init our inner variables */31a = ctx->sha512_state[0];32b = ctx->sha512_state[1];33c = ctx->sha512_state[2];34d = ctx->sha512_state[3];35e = ctx->sha512_state[4];36f = ctx->sha512_state[5];37g = ctx->sha512_state[6];38h = ctx->sha512_state[7];3940for (i = 0; i < 16; i++) {41GET_UINT64_BE(W[i], data, 8 * i);42SHA2CORE_SHA512(a, b, c, d, e, f, g, h, W[i], K_SHA512[i]);43}4445for (i = 16; i < 80; i++) {46SHA2CORE_SHA512(a, b, c, d, e, f, g, h, UPDATEW_SHA512(W, i),47K_SHA512[i]);48}4950/* Update state */51ctx->sha512_state[0] += a;52ctx->sha512_state[1] += b;53ctx->sha512_state[2] += c;54ctx->sha512_state[3] += d;55ctx->sha512_state[4] += e;56ctx->sha512_state[5] += f;57ctx->sha512_state[6] += g;58ctx->sha512_state[7] += h;5960ret = 0;6162err:63return ret;64}6566/* Core update hash function. Returns 0 on success, -1 on error. */67int sha512_core_update(sha512_core_context *ctx, const u8 *input, u32 ilen)68{69const u8 *data_ptr = input;70u32 remain_ilen = ilen;71u16 fill;72u8 left;73int ret;7475MUST_HAVE(((ctx != NULL) && ((input != NULL) || (ilen == 0))), ret, err);7677/* Nothing to process, return */78if (ilen == 0) {79ret = 0;80goto err;81}8283/* Get what's left in our local buffer */84left = ctx->sha512_total[0] & 0x7F;85fill = (u16)(SHA512_CORE_BLOCK_SIZE - left);8687ADD_UINT128_UINT64(ctx->sha512_total[0], ctx->sha512_total[1], ilen);8889if ((left > 0) && (remain_ilen >= fill)) {90/* Copy data at the end of the buffer */91ret = local_memcpy(ctx->sha512_buffer + left, data_ptr, fill); EG(ret, err);92ret = sha512_core_process(ctx, ctx->sha512_buffer); EG(ret, err);93data_ptr += fill;94remain_ilen -= fill;95left = 0;96}9798while (remain_ilen >= SHA512_CORE_BLOCK_SIZE) {99ret = sha512_core_process(ctx, data_ptr); EG(ret, err);100data_ptr += SHA512_CORE_BLOCK_SIZE;101remain_ilen -= SHA512_CORE_BLOCK_SIZE;102}103104if (remain_ilen > 0) {105ret = local_memcpy(ctx->sha512_buffer + left, data_ptr, remain_ilen); EG(ret, err);106}107108ret = 0;109110err:111return ret;112}113114/* Core finalize. Returns 0 on success, -1 on error. */115int sha512_core_final(sha512_core_context *ctx, u8 *output, u32 output_size)116{117unsigned int block_present = 0;118u8 last_padded_block[2 * SHA512_CORE_BLOCK_SIZE];119int ret;120121MUST_HAVE(((ctx != NULL) && (output != NULL)), ret, err);122123/* Fill in our last block with zeroes */124ret = local_memset(last_padded_block, 0, sizeof(last_padded_block)); EG(ret, err);125126/* This is our final step, so we proceed with the padding */127block_present = ctx->sha512_total[0] % SHA512_CORE_BLOCK_SIZE;128if (block_present != 0) {129/* Copy what's left in our temporary context buffer */130ret = local_memcpy(last_padded_block, ctx->sha512_buffer,131block_present); EG(ret, err);132}133134/* Put the 0x80 byte, beginning of padding */135last_padded_block[block_present] = 0x80;136137/* Handle possible additional block */138if (block_present > (SHA512_CORE_BLOCK_SIZE - 1 - (2 * sizeof(u64)))) {139/* We need an additional block */140PUT_MUL8_UINT128_BE(ctx->sha512_total[0], ctx->sha512_total[1],141last_padded_block,1422 * (SHA512_CORE_BLOCK_SIZE - sizeof(u64)));143ret = sha512_core_process(ctx, last_padded_block); EG(ret, err);144ret = sha512_core_process(ctx, last_padded_block + SHA512_CORE_BLOCK_SIZE); EG(ret, err);145} else {146/* We do not need an additional block */147PUT_MUL8_UINT128_BE(ctx->sha512_total[0], ctx->sha512_total[1],148last_padded_block,149SHA512_CORE_BLOCK_SIZE - (2 * sizeof(u64)));150ret = sha512_core_process(ctx, last_padded_block); EG(ret, err);151}152153/* Output the hash result truncated to the output size */154if(output_size >= SHA512_CORE_DIGEST_SIZE){155PUT_UINT64_BE(ctx->sha512_state[0], output, 0);156PUT_UINT64_BE(ctx->sha512_state[1], output, 8);157PUT_UINT64_BE(ctx->sha512_state[2], output, 16);158PUT_UINT64_BE(ctx->sha512_state[3], output, 24);159PUT_UINT64_BE(ctx->sha512_state[4], output, 32);160PUT_UINT64_BE(ctx->sha512_state[5], output, 40);161PUT_UINT64_BE(ctx->sha512_state[6], output, 48);162PUT_UINT64_BE(ctx->sha512_state[7], output, 56);163} else {164u8 tmp_output[SHA512_CORE_DIGEST_SIZE] = { 0 };165PUT_UINT64_BE(ctx->sha512_state[0], tmp_output, 0);166PUT_UINT64_BE(ctx->sha512_state[1], tmp_output, 8);167PUT_UINT64_BE(ctx->sha512_state[2], tmp_output, 16);168PUT_UINT64_BE(ctx->sha512_state[3], tmp_output, 24);169PUT_UINT64_BE(ctx->sha512_state[4], tmp_output, 32);170PUT_UINT64_BE(ctx->sha512_state[5], tmp_output, 40);171PUT_UINT64_BE(ctx->sha512_state[6], tmp_output, 48);172PUT_UINT64_BE(ctx->sha512_state[7], tmp_output, 56);173ret = local_memcpy(output, tmp_output, output_size); EG(ret, err);174}175176ret = 0;177178err:179return ret;180}181182#else /* defined(WITH_HASH_SHA512) || defined(WITH_HASH_SHA512_224) || defined(WITH_HASH_SHA512_256) */183184/*185* Dummy definition to avoid the empty translation unit ISO C warning186*/187typedef int dummy;188#endif /* WITH_HASH_SHA512 */189190191