static void
SHA256Transform(uint32_t *H, const uint8_t *cp)
{
uint32_t a, b, c, d, e, f, g, h, t, T1, T2, W[64];
for (t = 0; t < 16; t++, cp += 4)
W[t] = (cp[0] << 24) | (cp[1] << 16) | (cp[2] << 8) | cp[3];
for (t = 16; t < 64; t++)
W[t] = sigma1(W[t - 2]) + W[t - 7] +
sigma0(W[t - 15]) + W[t - 16];
a = H[0]; b = H[1]; c = H[2]; d = H[3];
e = H[4]; f = H[5]; g = H[6]; h = H[7];
for (t = 0; t < 64; t++) {
T1 = h + SIGMA1(e) + Ch(e, f, g) + SHA256_K[t] + W[t];
T2 = SIGMA0(a) + Maj(a, b, c);
h = g; g = f; f = e; e = d + T1;
d = c; c = b; b = a; a = T1 + T2;
}
H[0] += a; H[1] += b; H[2] += c; H[3] += d;
H[4] += e; H[5] += f; H[6] += g; H[7] += h;
}
void
_sha2block128(uchar *p, ulong len, uint64 *s)
{
uint64 a, b, c, d, e, f, g, h, t1, t2;
uint64 *kp, *wp;
uint64 w[80];
uchar *end;
/* at this point, we have a multiple of 64 bytes */
for(end = p+len; p < end;){
a = s[0];
b = s[1];
c = s[2];
d = s[3];
e = s[4];
f = s[5];
g = s[6];
h = s[7];
for(wp = w; wp < &w[16]; wp++, p += 8)
wp[0] = ((vlong)p[0])<<56 | ((vlong)p[1])<<48 |
((vlong)p[2])<<40 | ((vlong)p[3])<<32 |
p[4] << 24 | p[5] << 16 | p[6] << 8 | p[7];
for(; wp < &w[80]; wp++) {
uint64 s0, s1;
s0 = sigma0(wp[-15]);
s1 = sigma1(wp[-2]);
// wp[0] = sigma1(wp[-2]) + wp[-7] + sigma0(wp[-15]) + wp[-16];
wp[0] = s1 + wp[-7] + s0 + wp[-16];
}
for(kp = K512, wp = w; wp < &w[80]; ) {
t1 = h + SIGMA1(e) + Ch(e,f,g) + *kp++ + *wp++;
t2 = SIGMA0(a) + Maj(a,b,c);
h = g;
g = f;
f = e;
e = d + t1;
d = c;
c = b;
b = a;
a = t1 + t2;
}
/* save state */
s[0] += a;
s[1] += b;
s[2] += c;
s[3] += d;
s[4] += e;
s[5] += f;
s[6] += g;
s[7] += h;
}
}
XMoshSum digestBlock( hp_byte* initialByteBlock, XMoshSum sum )
{
sha2_word block[ ROUNDS ];
sha2_word* words = ( sha2_word* ) &sum.data;
for( unsigned int i = 0; i < 16; i++ )
{
BLOCK_COPY( block, initialByteBlock, i );
}
for( unsigned i = 16; i < ROUNDS; i++ )
{
block[ i ] = block[ i - 16 ]
+ SIGMA0( block, i ) + block[ i - 7 ] + SIGMA1( block, i );
}
sha2_word a = words[ 0 ];
sha2_word b = words[ 1 ];
sha2_word c = words[ 2 ];
sha2_word d = words[ 3 ];
sha2_word e = words[ 4 ];
sha2_word f = words[ 5 ];
sha2_word g = words[ 6 ];
sha2_word h = words[ 7 ];
sha2_word temp1, temp2;
for( unsigned i = 0; i < ROUNDS; i++ )
{
temp1 = ( h + ( SUM1( e ) ) + CH( e, f, g ) + K[ i ] + block[ i ] );
temp2 = ( SUM0( a ) ) + MAJ( a, b, c );
h = g;
g = f;
f = e;
e = d + temp1;
d = c;
c = b;
b = a;
a = temp1 + temp2;
}
words[ 0 ] += a;
words[ 1 ] += b;
words[ 2 ] += c;
words[ 3 ] += d;
words[ 4 ] += e;
words[ 5 ] += f;
words[ 6 ] += g;
words[ 7 ] += h;
return sum;
}
static void SHA512_Process(SHA512_CTX *ctx)
{
int t;
uint64_t temp1;
uint64_t temp2;
// Initialize the 8 working registers
uint64_t a = ctx->h_dig.h[0];
uint64_t b = ctx->h_dig.h[1];
uint64_t c = ctx->h_dig.h[2];
uint64_t d = ctx->h_dig.h[3];
uint64_t e = ctx->h_dig.h[4];
uint64_t f = ctx->h_dig.h[5];
uint64_t g = ctx->h_dig.h[6];
uint64_t h = ctx->h_dig.h[7];
// Process message in 16-word blocks
uint64_t *w = ctx->w_buf.w;
// Convert from big-endian byte order to host byte order
for (t = 0; t < 16; t++)
w[t] = be64toh(w[t]);
// Prepare the message schedule
for (t = 16; t < 80; t++)
w[t] = SIGMA4(w[t - 2]) + w[t - 7] + SIGMA3(w[t - 15]) + w[t - 16];
// SHA-512 hash computation
for (t = 0; t < 80; t++)
{
// Calculate T1 and T2
temp1 = h + SIGMA2(e) + CH(e, f, g) + k[t] + w[t];
temp2 = SIGMA1(a) + MAJ(a, b, c);
// Update the working registers
h = g;
g = f;
f = e;
e = d + temp1;
d = c;
c = b;
b = a;
a = temp1 + temp2;
}
// Update the hash value
ctx->h_dig.h[0] += a;
ctx->h_dig.h[1] += b;
ctx->h_dig.h[2] += c;
ctx->h_dig.h[3] += d;
ctx->h_dig.h[4] += e;
ctx->h_dig.h[5] += f;
ctx->h_dig.h[6] += g;
ctx->h_dig.h[7] += h;
}
void sha512ProcessBlock(Sha512Context *context)
{
uint_t t;
uint64_t temp1;
uint64_t temp2;
//Initialize the 8 working registers
uint64_t a = context->h[0];
uint64_t b = context->h[1];
uint64_t c = context->h[2];
uint64_t d = context->h[3];
uint64_t e = context->h[4];
uint64_t f = context->h[5];
uint64_t g = context->h[6];
uint64_t h = context->h[7];
//Process message in 16-word blocks
uint64_t *w = context->w;
//Convert from big-endian byte order to host byte order
for(t = 0; t < 16; t++)
w[t] = betoh64(w[t]);
//SHA-512 hash computation (alternate method)
for(t = 0; t < 80; t++)
{
//Prepare the message schedule
if(t >= 16)
W(t) += SIGMA4(W(t + 14)) + W(t + 9) + SIGMA3(W(t + 1));
//Calculate T1 and T2
temp1 = h + SIGMA2(e) + CH(e, f, g) + k[t] + W(t);
temp2 = SIGMA1(a) + MAJ(a, b, c);
//Update the working registers
h = g;
g = f;
f = e;
e = d + temp1;
d = c;
c = b;
b = a;
a = temp1 + temp2;
}
//Update the hash value
context->h[0] += a;
context->h[1] += b;
context->h[2] += c;
context->h[3] += d;
context->h[4] += e;
context->h[5] += f;
context->h[6] += g;
context->h[7] += h;
}
void
_sha2block64(uchar *p, ulong len, uint32 *s)
{
uint32 a, b, c, d, e, f, g, h, t1, t2;
uint32 *kp, *wp;
uint32 w[64];
uchar *end;
/* at this point, we have a multiple of 64 bytes */
for(end = p+len; p < end;){
a = s[0];
b = s[1];
c = s[2];
d = s[3];
e = s[4];
f = s[5];
g = s[6];
h = s[7];
for(wp = w; wp < &w[16]; wp++, p += 4)
wp[0] = p[0] << 24 | p[1] << 16 | p[2] << 8 | p[3];
for(; wp < &w[64]; wp++)
wp[0] = sigma1(wp[-2]) + wp[-7] +
sigma0(wp[-15]) + wp[-16];
for(kp = K256, wp = w; wp < &w[64]; ) {
t1 = h + SIGMA1(e) + Ch(e,f,g) + *kp++ + *wp++;
t2 = SIGMA0(a) + Maj(a,b,c);
h = g;
g = f;
f = e;
e = d + t1;
d = c;
c = b;
b = a;
a = t1 + t2;
}
/* save state */
s[0] += a;
s[1] += b;
s[2] += c;
s[3] += d;
s[4] += e;
s[5] += f;
s[6] += g;
s[7] += h;
}
}
static void
SHA512Transform(SHA2_CTX *ctx, const uint8_t *blk)
{
uint64_t a = ctx->state.s64[0];
uint64_t b = ctx->state.s64[1];
uint64_t c = ctx->state.s64[2];
uint64_t d = ctx->state.s64[3];
uint64_t e = ctx->state.s64[4];
uint64_t f = ctx->state.s64[5];
uint64_t g = ctx->state.s64[6];
uint64_t h = ctx->state.s64[7];
uint64_t w0, w1, w2, w3, w4, w5, w6, w7;
uint64_t w8, w9, w10, w11, w12, w13, w14, w15;
uint64_t T1, T2;
#if defined(__sparc)
static const uint64_t sha512_consts[] = {
SHA512_CONST_0, SHA512_CONST_1, SHA512_CONST_2,
SHA512_CONST_3, SHA512_CONST_4, SHA512_CONST_5,
SHA512_CONST_6, SHA512_CONST_7, SHA512_CONST_8,
SHA512_CONST_9, SHA512_CONST_10, SHA512_CONST_11,
SHA512_CONST_12, SHA512_CONST_13, SHA512_CONST_14,
SHA512_CONST_15, SHA512_CONST_16, SHA512_CONST_17,
SHA512_CONST_18, SHA512_CONST_19, SHA512_CONST_20,
SHA512_CONST_21, SHA512_CONST_22, SHA512_CONST_23,
SHA512_CONST_24, SHA512_CONST_25, SHA512_CONST_26,
SHA512_CONST_27, SHA512_CONST_28, SHA512_CONST_29,
SHA512_CONST_30, SHA512_CONST_31, SHA512_CONST_32,
SHA512_CONST_33, SHA512_CONST_34, SHA512_CONST_35,
SHA512_CONST_36, SHA512_CONST_37, SHA512_CONST_38,
SHA512_CONST_39, SHA512_CONST_40, SHA512_CONST_41,
SHA512_CONST_42, SHA512_CONST_43, SHA512_CONST_44,
SHA512_CONST_45, SHA512_CONST_46, SHA512_CONST_47,
SHA512_CONST_48, SHA512_CONST_49, SHA512_CONST_50,
SHA512_CONST_51, SHA512_CONST_52, SHA512_CONST_53,
SHA512_CONST_54, SHA512_CONST_55, SHA512_CONST_56,
SHA512_CONST_57, SHA512_CONST_58, SHA512_CONST_59,
SHA512_CONST_60, SHA512_CONST_61, SHA512_CONST_62,
SHA512_CONST_63, SHA512_CONST_64, SHA512_CONST_65,
SHA512_CONST_66, SHA512_CONST_67, SHA512_CONST_68,
SHA512_CONST_69, SHA512_CONST_70, SHA512_CONST_71,
SHA512_CONST_72, SHA512_CONST_73, SHA512_CONST_74,
SHA512_CONST_75, SHA512_CONST_76, SHA512_CONST_77,
SHA512_CONST_78, SHA512_CONST_79
};
#endif /* __sparc */
if ((uintptr_t)blk & 0x7) { /* not 8-byte aligned? */
bcopy(blk, ctx->buf_un.buf64, sizeof (ctx->buf_un.buf64));
blk = (uint8_t *)ctx->buf_un.buf64;
}
/* LINTED E_BAD_PTR_CAST_ALIGN */
w0 = LOAD_BIG_64(blk + 8 * 0);
SHA512ROUND(a, b, c, d, e, f, g, h, 0, w0);
/* LINTED E_BAD_PTR_CAST_ALIGN */
w1 = LOAD_BIG_64(blk + 8 * 1);
SHA512ROUND(h, a, b, c, d, e, f, g, 1, w1);
/* LINTED E_BAD_PTR_CAST_ALIGN */
w2 = LOAD_BIG_64(blk + 8 * 2);
SHA512ROUND(g, h, a, b, c, d, e, f, 2, w2);
/* LINTED E_BAD_PTR_CAST_ALIGN */
w3 = LOAD_BIG_64(blk + 8 * 3);
SHA512ROUND(f, g, h, a, b, c, d, e, 3, w3);
/* LINTED E_BAD_PTR_CAST_ALIGN */
w4 = LOAD_BIG_64(blk + 8 * 4);
SHA512ROUND(e, f, g, h, a, b, c, d, 4, w4);
/* LINTED E_BAD_PTR_CAST_ALIGN */
w5 = LOAD_BIG_64(blk + 8 * 5);
SHA512ROUND(d, e, f, g, h, a, b, c, 5, w5);
/* LINTED E_BAD_PTR_CAST_ALIGN */
w6 = LOAD_BIG_64(blk + 8 * 6);
SHA512ROUND(c, d, e, f, g, h, a, b, 6, w6);
/* LINTED E_BAD_PTR_CAST_ALIGN */
w7 = LOAD_BIG_64(blk + 8 * 7);
SHA512ROUND(b, c, d, e, f, g, h, a, 7, w7);
/* LINTED E_BAD_PTR_CAST_ALIGN */
w8 = LOAD_BIG_64(blk + 8 * 8);
SHA512ROUND(a, b, c, d, e, f, g, h, 8, w8);
/* LINTED E_BAD_PTR_CAST_ALIGN */
w9 = LOAD_BIG_64(blk + 8 * 9);
SHA512ROUND(h, a, b, c, d, e, f, g, 9, w9);
/* LINTED E_BAD_PTR_CAST_ALIGN */
w10 = LOAD_BIG_64(blk + 8 * 10);
SHA512ROUND(g, h, a, b, c, d, e, f, 10, w10);
/* LINTED E_BAD_PTR_CAST_ALIGN */
w11 = LOAD_BIG_64(blk + 8 * 11);
SHA512ROUND(f, g, h, a, b, c, d, e, 11, w11);
/* LINTED E_BAD_PTR_CAST_ALIGN */
w12 = LOAD_BIG_64(blk + 8 * 12);
SHA512ROUND(e, f, g, h, a, b, c, d, 12, w12);
/* LINTED E_BAD_PTR_CAST_ALIGN */
w13 = LOAD_BIG_64(blk + 8 * 13);
SHA512ROUND(d, e, f, g, h, a, b, c, 13, w13);
/* LINTED E_BAD_PTR_CAST_ALIGN */
w14 = LOAD_BIG_64(blk + 8 * 14);
SHA512ROUND(c, d, e, f, g, h, a, b, 14, w14);
/* LINTED E_BAD_PTR_CAST_ALIGN */
w15 = LOAD_BIG_64(blk + 8 * 15);
SHA512ROUND(b, c, d, e, f, g, h, a, 15, w15);
w0 = SIGMA1(w14) + w9 + SIGMA0(w1) + w0;
SHA512ROUND(a, b, c, d, e, f, g, h, 16, w0);
w1 = SIGMA1(w15) + w10 + SIGMA0(w2) + w1;
SHA512ROUND(h, a, b, c, d, e, f, g, 17, w1);
w2 = SIGMA1(w0) + w11 + SIGMA0(w3) + w2;
SHA512ROUND(g, h, a, b, c, d, e, f, 18, w2);
w3 = SIGMA1(w1) + w12 + SIGMA0(w4) + w3;
SHA512ROUND(f, g, h, a, b, c, d, e, 19, w3);
w4 = SIGMA1(w2) + w13 + SIGMA0(w5) + w4;
SHA512ROUND(e, f, g, h, a, b, c, d, 20, w4);
w5 = SIGMA1(w3) + w14 + SIGMA0(w6) + w5;
SHA512ROUND(d, e, f, g, h, a, b, c, 21, w5);
w6 = SIGMA1(w4) + w15 + SIGMA0(w7) + w6;
SHA512ROUND(c, d, e, f, g, h, a, b, 22, w6);
w7 = SIGMA1(w5) + w0 + SIGMA0(w8) + w7;
SHA512ROUND(b, c, d, e, f, g, h, a, 23, w7);
w8 = SIGMA1(w6) + w1 + SIGMA0(w9) + w8;
SHA512ROUND(a, b, c, d, e, f, g, h, 24, w8);
w9 = SIGMA1(w7) + w2 + SIGMA0(w10) + w9;
SHA512ROUND(h, a, b, c, d, e, f, g, 25, w9);
w10 = SIGMA1(w8) + w3 + SIGMA0(w11) + w10;
SHA512ROUND(g, h, a, b, c, d, e, f, 26, w10);
w11 = SIGMA1(w9) + w4 + SIGMA0(w12) + w11;
SHA512ROUND(f, g, h, a, b, c, d, e, 27, w11);
w12 = SIGMA1(w10) + w5 + SIGMA0(w13) + w12;
SHA512ROUND(e, f, g, h, a, b, c, d, 28, w12);
w13 = SIGMA1(w11) + w6 + SIGMA0(w14) + w13;
SHA512ROUND(d, e, f, g, h, a, b, c, 29, w13);
w14 = SIGMA1(w12) + w7 + SIGMA0(w15) + w14;
SHA512ROUND(c, d, e, f, g, h, a, b, 30, w14);
w15 = SIGMA1(w13) + w8 + SIGMA0(w0) + w15;
SHA512ROUND(b, c, d, e, f, g, h, a, 31, w15);
w0 = SIGMA1(w14) + w9 + SIGMA0(w1) + w0;
SHA512ROUND(a, b, c, d, e, f, g, h, 32, w0);
w1 = SIGMA1(w15) + w10 + SIGMA0(w2) + w1;
SHA512ROUND(h, a, b, c, d, e, f, g, 33, w1);
w2 = SIGMA1(w0) + w11 + SIGMA0(w3) + w2;
SHA512ROUND(g, h, a, b, c, d, e, f, 34, w2);
w3 = SIGMA1(w1) + w12 + SIGMA0(w4) + w3;
SHA512ROUND(f, g, h, a, b, c, d, e, 35, w3);
w4 = SIGMA1(w2) + w13 + SIGMA0(w5) + w4;
SHA512ROUND(e, f, g, h, a, b, c, d, 36, w4);
w5 = SIGMA1(w3) + w14 + SIGMA0(w6) + w5;
SHA512ROUND(d, e, f, g, h, a, b, c, 37, w5);
w6 = SIGMA1(w4) + w15 + SIGMA0(w7) + w6;
SHA512ROUND(c, d, e, f, g, h, a, b, 38, w6);
w7 = SIGMA1(w5) + w0 + SIGMA0(w8) + w7;
SHA512ROUND(b, c, d, e, f, g, h, a, 39, w7);
w8 = SIGMA1(w6) + w1 + SIGMA0(w9) + w8;
SHA512ROUND(a, b, c, d, e, f, g, h, 40, w8);
w9 = SIGMA1(w7) + w2 + SIGMA0(w10) + w9;
SHA512ROUND(h, a, b, c, d, e, f, g, 41, w9);
w10 = SIGMA1(w8) + w3 + SIGMA0(w11) + w10;
SHA512ROUND(g, h, a, b, c, d, e, f, 42, w10);
w11 = SIGMA1(w9) + w4 + SIGMA0(w12) + w11;
SHA512ROUND(f, g, h, a, b, c, d, e, 43, w11);
w12 = SIGMA1(w10) + w5 + SIGMA0(w13) + w12;
SHA512ROUND(e, f, g, h, a, b, c, d, 44, w12);
w13 = SIGMA1(w11) + w6 + SIGMA0(w14) + w13;
SHA512ROUND(d, e, f, g, h, a, b, c, 45, w13);
w14 = SIGMA1(w12) + w7 + SIGMA0(w15) + w14;
SHA512ROUND(c, d, e, f, g, h, a, b, 46, w14);
w15 = SIGMA1(w13) + w8 + SIGMA0(w0) + w15;
SHA512ROUND(b, c, d, e, f, g, h, a, 47, w15);
w0 = SIGMA1(w14) + w9 + SIGMA0(w1) + w0;
SHA512ROUND(a, b, c, d, e, f, g, h, 48, w0);
w1 = SIGMA1(w15) + w10 + SIGMA0(w2) + w1;
SHA512ROUND(h, a, b, c, d, e, f, g, 49, w1);
w2 = SIGMA1(w0) + w11 + SIGMA0(w3) + w2;
SHA512ROUND(g, h, a, b, c, d, e, f, 50, w2);
w3 = SIGMA1(w1) + w12 + SIGMA0(w4) + w3;
SHA512ROUND(f, g, h, a, b, c, d, e, 51, w3);
w4 = SIGMA1(w2) + w13 + SIGMA0(w5) + w4;
SHA512ROUND(e, f, g, h, a, b, c, d, 52, w4);
w5 = SIGMA1(w3) + w14 + SIGMA0(w6) + w5;
SHA512ROUND(d, e, f, g, h, a, b, c, 53, w5);
w6 = SIGMA1(w4) + w15 + SIGMA0(w7) + w6;
SHA512ROUND(c, d, e, f, g, h, a, b, 54, w6);
w7 = SIGMA1(w5) + w0 + SIGMA0(w8) + w7;
SHA512ROUND(b, c, d, e, f, g, h, a, 55, w7);
w8 = SIGMA1(w6) + w1 + SIGMA0(w9) + w8;
SHA512ROUND(a, b, c, d, e, f, g, h, 56, w8);
w9 = SIGMA1(w7) + w2 + SIGMA0(w10) + w9;
SHA512ROUND(h, a, b, c, d, e, f, g, 57, w9);
w10 = SIGMA1(w8) + w3 + SIGMA0(w11) + w10;
SHA512ROUND(g, h, a, b, c, d, e, f, 58, w10);
w11 = SIGMA1(w9) + w4 + SIGMA0(w12) + w11;
SHA512ROUND(f, g, h, a, b, c, d, e, 59, w11);
w12 = SIGMA1(w10) + w5 + SIGMA0(w13) + w12;
SHA512ROUND(e, f, g, h, a, b, c, d, 60, w12);
w13 = SIGMA1(w11) + w6 + SIGMA0(w14) + w13;
SHA512ROUND(d, e, f, g, h, a, b, c, 61, w13);
w14 = SIGMA1(w12) + w7 + SIGMA0(w15) + w14;
SHA512ROUND(c, d, e, f, g, h, a, b, 62, w14);
w15 = SIGMA1(w13) + w8 + SIGMA0(w0) + w15;
SHA512ROUND(b, c, d, e, f, g, h, a, 63, w15);
w0 = SIGMA1(w14) + w9 + SIGMA0(w1) + w0;
SHA512ROUND(a, b, c, d, e, f, g, h, 64, w0);
w1 = SIGMA1(w15) + w10 + SIGMA0(w2) + w1;
SHA512ROUND(h, a, b, c, d, e, f, g, 65, w1);
w2 = SIGMA1(w0) + w11 + SIGMA0(w3) + w2;
SHA512ROUND(g, h, a, b, c, d, e, f, 66, w2);
w3 = SIGMA1(w1) + w12 + SIGMA0(w4) + w3;
SHA512ROUND(f, g, h, a, b, c, d, e, 67, w3);
w4 = SIGMA1(w2) + w13 + SIGMA0(w5) + w4;
SHA512ROUND(e, f, g, h, a, b, c, d, 68, w4);
w5 = SIGMA1(w3) + w14 + SIGMA0(w6) + w5;
SHA512ROUND(d, e, f, g, h, a, b, c, 69, w5);
w6 = SIGMA1(w4) + w15 + SIGMA0(w7) + w6;
SHA512ROUND(c, d, e, f, g, h, a, b, 70, w6);
w7 = SIGMA1(w5) + w0 + SIGMA0(w8) + w7;
SHA512ROUND(b, c, d, e, f, g, h, a, 71, w7);
w8 = SIGMA1(w6) + w1 + SIGMA0(w9) + w8;
SHA512ROUND(a, b, c, d, e, f, g, h, 72, w8);
w9 = SIGMA1(w7) + w2 + SIGMA0(w10) + w9;
SHA512ROUND(h, a, b, c, d, e, f, g, 73, w9);
w10 = SIGMA1(w8) + w3 + SIGMA0(w11) + w10;
SHA512ROUND(g, h, a, b, c, d, e, f, 74, w10);
w11 = SIGMA1(w9) + w4 + SIGMA0(w12) + w11;
SHA512ROUND(f, g, h, a, b, c, d, e, 75, w11);
w12 = SIGMA1(w10) + w5 + SIGMA0(w13) + w12;
SHA512ROUND(e, f, g, h, a, b, c, d, 76, w12);
w13 = SIGMA1(w11) + w6 + SIGMA0(w14) + w13;
SHA512ROUND(d, e, f, g, h, a, b, c, 77, w13);
w14 = SIGMA1(w12) + w7 + SIGMA0(w15) + w14;
SHA512ROUND(c, d, e, f, g, h, a, b, 78, w14);
w15 = SIGMA1(w13) + w8 + SIGMA0(w0) + w15;
SHA512ROUND(b, c, d, e, f, g, h, a, 79, w15);
ctx->state.s64[0] += a;
ctx->state.s64[1] += b;
ctx->state.s64[2] += c;
ctx->state.s64[3] += d;
ctx->state.s64[4] += e;
ctx->state.s64[5] += f;
ctx->state.s64[6] += g;
ctx->state.s64[7] += h;
}
/* block is the 512-bit/64-byte/16-word input block.
* hash is the 160-bit/20-byte/5-word input and output hash
* native_in is 1 if we don't have to revert the bytes of the block on
* a little-endian machine */
static void compute_sha512 (const uint64_t * block,
uint512 * hash, int native_in)
{
uint64_t W [80];
int t;
/* step 1 */
#if __BYTE_ORDER == __LITTLE_ENDIAN
if (native_in)
#endif /* __BYTE_ORDER == __LITTLE_ENDIAN */
init_w_native_byte_order (W, block);
#if __BYTE_ORDER == __LITTLE_ENDIAN
else
init_w (W, block);
#endif /* __BYTE_ORDER == __LITTLE_ENDIAN */
/* step 2 */
uint64_t a = hash->i [0];
uint64_t b = hash->i [1];
uint64_t c = hash->i [2];
uint64_t d = hash->i [3];
uint64_t e = hash->i [4];
uint64_t f = hash->i [5];
uint64_t g = hash->i [6];
uint64_t h = hash->i [7];
#ifdef DEBUG_PRINT
if (debugging)
printf ("in: %016" PRIx64 " %016" PRIx64 " %016" PRIx64 " %016" PRIx64 " %016" PRIx64 " %016" PRIx64 " %016" PRIx64 " %016" PRIx64 "\n",
a, b, c, d, e, f, g, h);
if (debugging)
printf (" A B C D E F G H\n");
#endif /* DEBUG_PRINT */
/* step 3 */
for (t = 0; t < 80; t++) {
uint64_t t1 =
h + SIGMA1 (e) + ch (e, f, g) + K512 [t] + W [t];
uint64_t t2 = SIGMA0 (a) + maj (a, b, c);
h = g;
g = f;
f = e;
e = d + t1;
d = c;
c = b;
b = a;
a = t1 + t2;
#ifdef DEBUG_PRINT
if (debugging)
printf ("t = %2d: %016" PRIx64 " %016" PRIx64 " %016" PRIx64 " %016" PRIx64 " %016" PRIx64 " %016" PRIx64 " %016" PRIx64 " %016" PRIx64 "\n",
t, a, b, c, d, e, f, g, h);
#endif /* DEBUG_PRINT */
}
/* step 4 */
hash->i [0] += a;
hash->i [1] += b;
hash->i [2] += c;
hash->i [3] += d;
hash->i [4] += e;
hash->i [5] += f;
hash->i [6] += g;
hash->i [7] += h;
if (debugging)
printf ("hash = %16" PRIx64 " %16" PRIx64 " %16" PRIx64 " %16" PRIx64 " %16" PRIx64 " %16" PRIx64 " %16" PRIx64 " %16" PRIx64 "\n",
hash->i [0], hash->i [1], hash->i [2], hash->i [3],
hash->i [4], hash->i [5], hash->i [6], hash->i [7]);
}