Home Explore Help
Register Sign In
Apq
/
winscp
mirror of https://github.com/winscp/winscp.git
1
0
Fork 0
Files Issues 0 Wiki
Tree: c20b10a314
Branches Tags
winscp
/
source
/
putty
/
crypto
/
sha512-sw.c

sha512-sw.c 4.5 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173 
  1. /*
    2. 

  2.  * Software implementation of SHA-512.
    3. 

  3.  */
    4. 

  4. 

  5. #include "ssh.h"
    6. 

  6. #include "sha512.h"
    7. 

  7. 

  8. static bool sha512_sw_available(void)
    9. 

  9. {
    10. 

  10.     /* Software SHA-512 is always available */
    11. 

  11.     return true;
    12. 

  12. }
    13. 

  13. 

  14. static inline uint64_t ror(uint64_t x, unsigned y)
    15. 

  15. {
    16. 

  16. #pragma option push -w-ngu // WINSCP
    17. 

  17.     return (x << (63 & -y)) | (x >> (63 & y));
    18. 

  18. #pragma option pop // WINSCP
    19. 

  19. }
    20. 

  20. 

  21. static inline uint64_t Ch(uint64_t ctrl, uint64_t if1, uint64_t if0)
    22. 

  22. {
    23. 

  23.     return if0 ^ (ctrl & (if1 ^ if0));
    24. 

  24. }
    25. 

  25. 

  26. static inline uint64_t Maj(uint64_t x, uint64_t y, uint64_t z)
    27. 

  27. {
    28. 

  28.     return (x & y) | (z & (x | y));
    29. 

  29. }
    30. 

  30. 

  31. static inline uint64_t Sigma_0(uint64_t x)
    32. 

  32. {
    33. 

  33.     return ror(x,28) ^ ror(x,34) ^ ror(x,39);
    34. 

  34. }
    35. 

  35. 

  36. static inline uint64_t Sigma_1(uint64_t x)
    37. 

  37. {
    38. 

  38.     return ror(x,14) ^ ror(x,18) ^ ror(x,41);
    39. 

  39. }
    40. 

  40. 

  41. static inline uint64_t sigma_0(uint64_t x)
    42. 

  42. {
    43. 

  43.     return ror(x,1) ^ ror(x,8) ^ (x >> 7);
    44. 

  44. }
    45. 

  45. 

  46. static inline uint64_t sigma_1(uint64_t x)
    47. 

  47. {
    48. 

  48.     return ror(x,19) ^ ror(x,61) ^ (x >> 6);
    49. 

  49. }
    50. 

  50. 

  51. static inline void sha512_sw_round(
    52. 

  52.     unsigned round_index, const uint64_t *schedule,
    53. 

  53.     uint64_t *a, uint64_t *b, uint64_t *c, uint64_t *d,
    54. 

  54.     uint64_t *e, uint64_t *f, uint64_t *g, uint64_t *h)
    55. 

  55. {
    56. 

  56.     uint64_t t1 = *h + Sigma_1(*e) + Ch(*e,*f,*g) +
    57. 

  57.         sha512_round_constants[round_index] + schedule[round_index];
    58. 

  58. 

  59.     uint64_t t2 = Sigma_0(*a) + Maj(*a,*b,*c);
    60. 

  60. 

  61.     *d += t1;
    62. 

  62.     *h = t1 + t2;
    63. 

  63. }
    64. 

  64. 

  65. static void sha512_sw_block(uint64_t *core, const uint8_t *block)
    66. 

  66. {
    67. 

  67.     uint64_t w[SHA512_ROUNDS];
    68. 

  68.     uint64_t a,b,c,d,e,f,g,h;
    69. 

  69. 

  70.     int t;
    71. 

  71. 

  72.     for (t = 0; t < 16; t++)
    73. 

  73.         w[t] = GET_64BIT_MSB_FIRST(block + 8*t);
    74. 

  74. 

  75.     for (t = 16; t < SHA512_ROUNDS; t++)
    76. 

  76.         w[t] = w[t-16] + w[t-7] + sigma_0(w[t-15]) + sigma_1(w[t-2]);
    77. 

  77. 

  78.     a = core[0]; b = core[1]; c = core[2]; d = core[3];
    79. 

  79.     e = core[4]; f = core[5]; g = core[6]; h = core[7];
    80. 

  80. 

  81.     for (t = 0; t < SHA512_ROUNDS; t+=8) {
    82. 

  82.         sha512_sw_round(t+0, w, &a,&b,&c,&d,&e,&f,&g,&h);
    83. 

  83.         sha512_sw_round(t+1, w, &h,&a,&b,&c,&d,&e,&f,&g);
    84. 

  84.         sha512_sw_round(t+2, w, &g,&h,&a,&b,&c,&d,&e,&f);
    85. 

  85.         sha512_sw_round(t+3, w, &f,&g,&h,&a,&b,&c,&d,&e);
    86. 

  86.         sha512_sw_round(t+4, w, &e,&f,&g,&h,&a,&b,&c,&d);
    87. 

  87.         sha512_sw_round(t+5, w, &d,&e,&f,&g,&h,&a,&b,&c);
    88. 

  88.         sha512_sw_round(t+6, w, &c,&d,&e,&f,&g,&h,&a,&b);
    89. 

  89.         sha512_sw_round(t+7, w, &b,&c,&d,&e,&f,&g,&h,&a);
    90. 

  90.     }
    91. 

  91. 

  92.     core[0] += a; core[1] += b; core[2] += c; core[3] += d;
    93. 

  93.     core[4] += e; core[5] += f; core[6] += g; core[7] += h;
    94. 

  94. 

  95.     smemclr(w, sizeof(w));
    96. 

  96. }
    97. 

  97. 

  98. typedef struct sha512_sw {
    99. 

  99.     uint64_t core[8];
    100. 

  100.     sha512_block blk;
    101. 

  101.     BinarySink_IMPLEMENTATION;
    102. 

  102.     ssh_hash hash;
    103. 

  103. } sha512_sw;
    104. 

  104. 

  105. static void sha512_sw_write(BinarySink *bs, const void *vp, size_t len);
    106. 

  106. 

  107. static ssh_hash *sha512_sw_new(const ssh_hashalg *alg)
    108. 

  108. {
    109. 

  109.     sha512_sw *s = snew(sha512_sw);
    110. 

  110. 

  111.     s->hash.vt = alg;
    112. 

  112.     BinarySink_INIT(s, sha512_sw_write);
    113. 

  113.     BinarySink_DELEGATE_INIT(&s->hash, s);
    114. 

  114.     return &s->hash;
    115. 

  115. }
    116. 

  116. 

  117. static void sha512_sw_reset(ssh_hash *hash)
    118. 

  118. {
    119. 

  119.     sha512_sw *s = container_of(hash, sha512_sw, hash);
    120. 

  120.     const struct sha512_extra *extra =
    121. 

  121.         (const struct sha512_extra *)hash->vt->extra;
    122. 

  122. 

  123.     memcpy(s->core, extra->initial_state, sizeof(s->core));
    124. 

  124.     sha512_block_setup(&s->blk);
    125. 

  125. }
    126. 

  126. 

  127. static void sha512_sw_copyfrom(ssh_hash *hcopy, ssh_hash *horig)
    128. 

  128. {
    129. 

  129.     sha512_sw *copy = container_of(hcopy, sha512_sw, hash);
    130. 

  130.     sha512_sw *orig = container_of(horig, sha512_sw, hash);
    131. 

  131. 

  132.     memcpy(copy, orig, sizeof(*copy));
    133. 

  133.     BinarySink_COPIED(copy);
    134. 

  134.     BinarySink_DELEGATE_INIT(&copy->hash, copy);
    135. 

  135. }
    136. 

  136. 

  137. static void sha512_sw_free(ssh_hash *hash)
    138. 

  138. {
    139. 

  139.     sha512_sw *s = container_of(hash, sha512_sw, hash);
    140. 

  140. 

  141.     smemclr(s, sizeof(*s));
    142. 

  142.     sfree(s);
    143. 

  143. }
    144. 

  144. 

  145. static void sha512_sw_write(BinarySink *bs, const void *vp, size_t len)
    146. 

  146. {
    147. 

  147.     sha512_sw *s = BinarySink_DOWNCAST(bs, sha512_sw);
    148. 

  148. 

  149.     while (len > 0)
    150. 

  150.         if (sha512_block_write(&s->blk, &vp, &len))
    151. 

  151.             sha512_sw_block(s->core, s->blk.block);
    152. 

  152. }
    153. 

  153. 

  154. static void sha512_sw_digest(ssh_hash *hash, uint8_t *digest)
    155. 

  155. {
    156. 

  156.     sha512_sw *s = container_of(hash, sha512_sw, hash);
    157. 

  157. 

  158.     sha512_block_pad(&s->blk, BinarySink_UPCAST(s));
    159. 

  159.     { // WINSCP
    160. 

  160.     size_t i;
    161. 

  161.     for (i = 0; i < hash->vt->hlen / 8; i++)
    162. 

  162.         PUT_64BIT_MSB_FIRST(digest + 8*i, s->core[i]);
    163. 

  163.     } // WINSCP
    164. 

  164. }
    165. 

  165. 

  166. /*
    167. 

  167.  * This implementation doesn't need separate digest methods for
    168. 

  168.  * SHA-384 and SHA-512, because the above implementation reads the
    169. 

  169.  * hash length out of the vtable.
    170. 

  170.  */
    171. 

  171. #define sha384_sw_digest sha512_sw_digest
    172. 

  172. 

  173. SHA512_VTABLES(sw, "unaccelerated");
    174.