1 /* $OpenBSD: blocks.c,v 1.3 2013/12/09 11:03:45 markus Exp $ */
2
3 /*
4 * Public Domain, Author: Daniel J. Bernstein
5 * Copied from nacl-20110221/crypto_hashblocks/sha512/ref/blocks.c
6 */
7
8 #include "includes.h"
9
10 #include "crypto_api.h"
11
12 typedef unsigned long long uint64;
13
load_bigendian(const unsigned char * x)14 static uint64 load_bigendian(const unsigned char *x)
15 {
16 return
17 (uint64) (x[7]) \
18 | (((uint64) (x[6])) << 8) \
19 | (((uint64) (x[5])) << 16) \
20 | (((uint64) (x[4])) << 24) \
21 | (((uint64) (x[3])) << 32) \
22 | (((uint64) (x[2])) << 40) \
23 | (((uint64) (x[1])) << 48) \
24 | (((uint64) (x[0])) << 56)
25 ;
26 }
27
store_bigendian(unsigned char * x,uint64 u)28 static void store_bigendian(unsigned char *x,uint64 u)
29 {
30 x[7] = u; u >>= 8;
31 x[6] = u; u >>= 8;
32 x[5] = u; u >>= 8;
33 x[4] = u; u >>= 8;
34 x[3] = u; u >>= 8;
35 x[2] = u; u >>= 8;
36 x[1] = u; u >>= 8;
37 x[0] = u;
38 }
39
40 #define SHR(x,c) ((x) >> (c))
41 #define ROTR(x,c) (((x) >> (c)) | ((x) << (64 - (c))))
42
43 #define Ch(x,y,z) ((x & y) ^ (~x & z))
44 #define Maj(x,y,z) ((x & y) ^ (x & z) ^ (y & z))
45 #define Sigma0(x) (ROTR(x,28) ^ ROTR(x,34) ^ ROTR(x,39))
46 #define Sigma1(x) (ROTR(x,14) ^ ROTR(x,18) ^ ROTR(x,41))
47 #define sigma0(x) (ROTR(x, 1) ^ ROTR(x, 8) ^ SHR(x,7))
48 #define sigma1(x) (ROTR(x,19) ^ ROTR(x,61) ^ SHR(x,6))
49
50 #define M(w0,w14,w9,w1) w0 = sigma1(w14) + w9 + sigma0(w1) + w0;
51
52 #define EXPAND \
53 M(w0 ,w14,w9 ,w1 ) \
54 M(w1 ,w15,w10,w2 ) \
55 M(w2 ,w0 ,w11,w3 ) \
56 M(w3 ,w1 ,w12,w4 ) \
57 M(w4 ,w2 ,w13,w5 ) \
58 M(w5 ,w3 ,w14,w6 ) \
59 M(w6 ,w4 ,w15,w7 ) \
60 M(w7 ,w5 ,w0 ,w8 ) \
61 M(w8 ,w6 ,w1 ,w9 ) \
62 M(w9 ,w7 ,w2 ,w10) \
63 M(w10,w8 ,w3 ,w11) \
64 M(w11,w9 ,w4 ,w12) \
65 M(w12,w10,w5 ,w13) \
66 M(w13,w11,w6 ,w14) \
67 M(w14,w12,w7 ,w15) \
68 M(w15,w13,w8 ,w0 )
69
70 #define F(w,k) \
71 T1 = h + Sigma1(e) + Ch(e,f,g) + k + w; \
72 T2 = Sigma0(a) + Maj(a,b,c); \
73 h = g; \
74 g = f; \
75 f = e; \
76 e = d + T1; \
77 d = c; \
78 c = b; \
79 b = a; \
80 a = T1 + T2;
81
crypto_hashblocks_sha512(unsigned char * statebytes,const unsigned char * in,unsigned long long inlen)82 int crypto_hashblocks_sha512(unsigned char *statebytes,const unsigned char *in,unsigned long long inlen)
83 {
84 uint64 state[8];
85 uint64 a;
86 uint64 b;
87 uint64 c;
88 uint64 d;
89 uint64 e;
90 uint64 f;
91 uint64 g;
92 uint64 h;
93 uint64 T1;
94 uint64 T2;
95
96 a = load_bigendian(statebytes + 0); state[0] = a;
97 b = load_bigendian(statebytes + 8); state[1] = b;
98 c = load_bigendian(statebytes + 16); state[2] = c;
99 d = load_bigendian(statebytes + 24); state[3] = d;
100 e = load_bigendian(statebytes + 32); state[4] = e;
101 f = load_bigendian(statebytes + 40); state[5] = f;
102 g = load_bigendian(statebytes + 48); state[6] = g;
103 h = load_bigendian(statebytes + 56); state[7] = h;
104
105 while (inlen >= 128) {
106 uint64 w0 = load_bigendian(in + 0);
107 uint64 w1 = load_bigendian(in + 8);
108 uint64 w2 = load_bigendian(in + 16);
109 uint64 w3 = load_bigendian(in + 24);
110 uint64 w4 = load_bigendian(in + 32);
111 uint64 w5 = load_bigendian(in + 40);
112 uint64 w6 = load_bigendian(in + 48);
113 uint64 w7 = load_bigendian(in + 56);
114 uint64 w8 = load_bigendian(in + 64);
115 uint64 w9 = load_bigendian(in + 72);
116 uint64 w10 = load_bigendian(in + 80);
117 uint64 w11 = load_bigendian(in + 88);
118 uint64 w12 = load_bigendian(in + 96);
119 uint64 w13 = load_bigendian(in + 104);
120 uint64 w14 = load_bigendian(in + 112);
121 uint64 w15 = load_bigendian(in + 120);
122
123 F(w0 ,0x428a2f98d728ae22ULL)
124 F(w1 ,0x7137449123ef65cdULL)
125 F(w2 ,0xb5c0fbcfec4d3b2fULL)
126 F(w3 ,0xe9b5dba58189dbbcULL)
127 F(w4 ,0x3956c25bf348b538ULL)
128 F(w5 ,0x59f111f1b605d019ULL)
129 F(w6 ,0x923f82a4af194f9bULL)
130 F(w7 ,0xab1c5ed5da6d8118ULL)
131 F(w8 ,0xd807aa98a3030242ULL)
132 F(w9 ,0x12835b0145706fbeULL)
133 F(w10,0x243185be4ee4b28cULL)
134 F(w11,0x550c7dc3d5ffb4e2ULL)
135 F(w12,0x72be5d74f27b896fULL)
136 F(w13,0x80deb1fe3b1696b1ULL)
137 F(w14,0x9bdc06a725c71235ULL)
138 F(w15,0xc19bf174cf692694ULL)
139
140 EXPAND
141
142 F(w0 ,0xe49b69c19ef14ad2ULL)
143 F(w1 ,0xefbe4786384f25e3ULL)
144 F(w2 ,0x0fc19dc68b8cd5b5ULL)
145 F(w3 ,0x240ca1cc77ac9c65ULL)
146 F(w4 ,0x2de92c6f592b0275ULL)
147 F(w5 ,0x4a7484aa6ea6e483ULL)
148 F(w6 ,0x5cb0a9dcbd41fbd4ULL)
149 F(w7 ,0x76f988da831153b5ULL)
150 F(w8 ,0x983e5152ee66dfabULL)
151 F(w9 ,0xa831c66d2db43210ULL)
152 F(w10,0xb00327c898fb213fULL)
153 F(w11,0xbf597fc7beef0ee4ULL)
154 F(w12,0xc6e00bf33da88fc2ULL)
155 F(w13,0xd5a79147930aa725ULL)
156 F(w14,0x06ca6351e003826fULL)
157 F(w15,0x142929670a0e6e70ULL)
158
159 EXPAND
160
161 F(w0 ,0x27b70a8546d22ffcULL)
162 F(w1 ,0x2e1b21385c26c926ULL)
163 F(w2 ,0x4d2c6dfc5ac42aedULL)
164 F(w3 ,0x53380d139d95b3dfULL)
165 F(w4 ,0x650a73548baf63deULL)
166 F(w5 ,0x766a0abb3c77b2a8ULL)
167 F(w6 ,0x81c2c92e47edaee6ULL)
168 F(w7 ,0x92722c851482353bULL)
169 F(w8 ,0xa2bfe8a14cf10364ULL)
170 F(w9 ,0xa81a664bbc423001ULL)
171 F(w10,0xc24b8b70d0f89791ULL)
172 F(w11,0xc76c51a30654be30ULL)
173 F(w12,0xd192e819d6ef5218ULL)
174 F(w13,0xd69906245565a910ULL)
175 F(w14,0xf40e35855771202aULL)
176 F(w15,0x106aa07032bbd1b8ULL)
177
178 EXPAND
179
180 F(w0 ,0x19a4c116b8d2d0c8ULL)
181 F(w1 ,0x1e376c085141ab53ULL)
182 F(w2 ,0x2748774cdf8eeb99ULL)
183 F(w3 ,0x34b0bcb5e19b48a8ULL)
184 F(w4 ,0x391c0cb3c5c95a63ULL)
185 F(w5 ,0x4ed8aa4ae3418acbULL)
186 F(w6 ,0x5b9cca4f7763e373ULL)
187 F(w7 ,0x682e6ff3d6b2b8a3ULL)
188 F(w8 ,0x748f82ee5defb2fcULL)
189 F(w9 ,0x78a5636f43172f60ULL)
190 F(w10,0x84c87814a1f0ab72ULL)
191 F(w11,0x8cc702081a6439ecULL)
192 F(w12,0x90befffa23631e28ULL)
193 F(w13,0xa4506cebde82bde9ULL)
194 F(w14,0xbef9a3f7b2c67915ULL)
195 F(w15,0xc67178f2e372532bULL)
196
197 EXPAND
198
199 F(w0 ,0xca273eceea26619cULL)
200 F(w1 ,0xd186b8c721c0c207ULL)
201 F(w2 ,0xeada7dd6cde0eb1eULL)
202 F(w3 ,0xf57d4f7fee6ed178ULL)
203 F(w4 ,0x06f067aa72176fbaULL)
204 F(w5 ,0x0a637dc5a2c898a6ULL)
205 F(w6 ,0x113f9804bef90daeULL)
206 F(w7 ,0x1b710b35131c471bULL)
207 F(w8 ,0x28db77f523047d84ULL)
208 F(w9 ,0x32caab7b40c72493ULL)
209 F(w10,0x3c9ebe0a15c9bebcULL)
210 F(w11,0x431d67c49c100d4cULL)
211 F(w12,0x4cc5d4becb3e42b6ULL)
212 F(w13,0x597f299cfc657e2aULL)
213 F(w14,0x5fcb6fab3ad6faecULL)
214 F(w15,0x6c44198c4a475817ULL)
215
216 a += state[0];
217 b += state[1];
218 c += state[2];
219 d += state[3];
220 e += state[4];
221 f += state[5];
222 g += state[6];
223 h += state[7];
224
225 state[0] = a;
226 state[1] = b;
227 state[2] = c;
228 state[3] = d;
229 state[4] = e;
230 state[5] = f;
231 state[6] = g;
232 state[7] = h;
233
234 in += 128;
235 inlen -= 128;
236 }
237
238 store_bigendian(statebytes + 0,state[0]);
239 store_bigendian(statebytes + 8,state[1]);
240 store_bigendian(statebytes + 16,state[2]);
241 store_bigendian(statebytes + 24,state[3]);
242 store_bigendian(statebytes + 32,state[4]);
243 store_bigendian(statebytes + 40,state[5]);
244 store_bigendian(statebytes + 48,state[6]);
245 store_bigendian(statebytes + 56,state[7]);
246
247 return inlen;
248 }
249