LCOV - code coverage report
Current view: top level - common/utils - sha384-512.c (source / functions) Hit Total Coverage
Test: coverage.info Lines: 107 123 87.0 %
Date: 2021-10-13 02:24:04 Functions: 11 13 84.6 %

          Line data    Source code
       1             : /************************* sha384-512.c ************************/
       2             : /***************** See RFC 6234 for details. *******************/
       3             : /* Copyright (c) 2011 IETF Trust and the persons identified as */
       4             : /* authors of the code.  All rights reserved.                  */
       5             : /* See sha.h for terms of use and redistribution.              */
       6             : 
       7             : /*
       8             :  * Description:
       9             :  *   This file implements the Secure Hash Algorithms SHA-384 and
      10             :  *   SHA-512 as defined in the U.S. National Institute of Standards
      11             :  *   and Technology Federal Information Processing Standards
      12             :  *   Publication (FIPS PUB) 180-3 published in October 2008
      13             :  *   and formerly defined in its predecessors, FIPS PUB 180-1
      14             :  *   and FIP PUB 180-2.
      15             :  *
      16             :  *   A combined document showing all algorithms is available at
      17             :  *       http://csrc.nist.gov/publications/fips/
      18             :  *              fips180-3/fips180-3_final.pdf
      19             :  *
      20             :  *   The SHA-384 and SHA-512 algorithms produce 384-bit and 512-bit
      21             :  *   message digests for a given data stream.  It should take about
      22             :  *   2**n steps to find a message with the same digest as a given
      23             :  *   message and 2**(n/2) to find any two messages with the same
      24             :  *   digest, when n is the digest size in bits.  Therefore, this
      25             :  *   algorithm can serve as a means of providing a
      26             :  *   "fingerprint" for a message.
      27             :  *
      28             :  * Portability Issues:
      29             :  *   SHA-384 and SHA-512 are defined in terms of 64-bit "words",
      30             :  *   but if USE_32BIT_ONLY is #defined, this code is implemented in
      31             :  *   terms of 32-bit "words".  This code uses <stdint.h> (included
      32             :  *   via "sha.h") to define the 64-, 32- and 8-bit unsigned integer
      33             :  *   types.  If your C compiler does not support 64-bit unsigned
      34             :  *   integers and you do not #define USE_32BIT_ONLY, this code is
      35             :  *   not appropriate.
      36             :  *
      37             :  * Caveats:
      38             :  *   SHA-384 and SHA-512 are designed to work with messages less
      39             :  *   than 2^128 bits long.  This implementation uses SHA384/512Input()
      40             :  *   to hash the bits that are a multiple of the size of an 8-bit
      41             :  *   octet, and then optionally uses SHA384/256FinalBits()
      42             :  *   to hash the final few bits of the input.
      43             :  *
      44             :  */
      45             : 
      46             : #include "sha.h"
      47             : 
      48             : #ifdef USE_32BIT_ONLY
      49             : /*
      50             :  * Define 64-bit arithmetic in terms of 32-bit arithmetic.
      51             :  * Each 64-bit number is represented in a 2-word array.
      52             :  * All macros are defined such that the result is the last parameter.
      53             :  */
      54             : 
      55             : /*
      56             :  * Define shift, rotate left, and rotate right functions
      57             :  */
      58             : #define SHA512_SHR(bits, word, ret) (                          \
      59             :     /* (((uint64_t)((word))) >> (bits)) */                     \
      60             :     (ret)[0] = (((bits) < 32) && ((bits) >= 0)) ?              \
      61             :       ((word)[0] >> (bits)) : 0,                               \
      62             :     (ret)[1] = ((bits) > 32) ? ((word)[0] >> ((bits) - 32)) :  \
      63             :       ((bits) == 32) ? (word)[0] :                             \
      64             :       ((bits) >= 0) ?                                          \
      65             :         (((word)[0] << (32 - (bits))) |                        \
      66             :         ((word)[1] >> (bits))) : 0 )
      67             : 
      68             : #define SHA512_SHL(bits, word, ret) (                          \
      69             :     /* (((uint64_t)(word)) << (bits)) */                       \
      70             :     (ret)[0] = ((bits) > 32) ? ((word)[1] << ((bits) - 32)) :  \
      71             :          ((bits) == 32) ? (word)[1] :                          \
      72             :          ((bits) >= 0) ?                                       \
      73             :            (((word)[0] << (bits)) |                            \
      74             :            ((word)[1] >> (32 - (bits)))) :                     \
      75             :          0,                                                    \
      76             :     (ret)[1] = (((bits) < 32) && ((bits) >= 0)) ?              \
      77             :         ((word)[1] << (bits)) : 0 )
      78             : 
      79             : /*
      80             :  * Define 64-bit OR
      81             :  */
      82             : #define SHA512_OR(word1, word2, ret) (                         \
      83             :     (ret)[0] = (word1)[0] | (word2)[0],                        \
      84             :     (ret)[1] = (word1)[1] | (word2)[1] )
      85             : 
      86             : /*
      87             :  * Define 64-bit XOR
      88             :  */
      89             : #define SHA512_XOR(word1, word2, ret) (                        \
      90             :     (ret)[0] = (word1)[0] ^ (word2)[0],                        \
      91             :     (ret)[1] = (word1)[1] ^ (word2)[1] )
      92             : 
      93             : /*
      94             :  * Define 64-bit AND
      95             :  */
      96             : #define SHA512_AND(word1, word2, ret) (                        \
      97             :     (ret)[0] = (word1)[0] & (word2)[0],                        \
      98             :     (ret)[1] = (word1)[1] & (word2)[1] )
      99             : 
     100             : /*
     101             :  * Define 64-bit TILDA
     102             :  */
     103             : #define SHA512_TILDA(word, ret)                                \
     104             :   ( (ret)[0] = ~(word)[0], (ret)[1] = ~(word)[1] )
     105             : 
     106             : /*
     107             :  * Define 64-bit ADD
     108             :  */
     109             : #define SHA512_ADD(word1, word2, ret) (                        \
     110             :     (ret)[1] = (word1)[1], (ret)[1] += (word2)[1],             \
     111             :     (ret)[0] = (word1)[0] + (word2)[0] + ((ret)[1] < (word1)[1]) )
     112             : 
     113             : /*
     114             :  * Add the 4word value in word2 to word1.
     115             :  */
     116             : static uint32_t ADDTO4_temp, ADDTO4_temp2;
     117             : #define SHA512_ADDTO4(word1, word2) (                          \
     118             :     ADDTO4_temp = (word1)[3],                                  \
     119             :     (word1)[3] += (word2)[3],                                  \
     120             :     ADDTO4_temp2 = (word1)[2],                                 \
     121             :     (word1)[2] += (word2)[2] + ((word1)[3] < ADDTO4_temp),     \
     122             :     ADDTO4_temp = (word1)[1],                                  \
     123             :     (word1)[1] += (word2)[1] + ((word1)[2] < ADDTO4_temp2),    \
     124             :     (word1)[0] += (word2)[0] + ((word1)[1] < ADDTO4_temp) )
     125             : 
     126             : /*
     127             :  * Add the 2word value in word2 to word1.
     128             :  */
     129             : static uint32_t ADDTO2_temp;
     130             : #define SHA512_ADDTO2(word1, word2) (                          \
     131             :     ADDTO2_temp = (word1)[1],                                  \
     132             :     (word1)[1] += (word2)[1],                                  \
     133             :     (word1)[0] += (word2)[0] + ((word1)[1] < ADDTO2_temp) )
     134             : 
     135             : /*
     136             :  * SHA rotate   ((word >> bits) | (word << (64-bits)))
     137             :  */
     138             : static uint32_t ROTR_temp1[2], ROTR_temp2[2];
     139             : #define SHA512_ROTR(bits, word, ret) (                         \
     140             :     SHA512_SHR((bits), (word), ROTR_temp1),                    \
     141             :     SHA512_SHL(64-(bits), (word), ROTR_temp2),                 \
     142             :     SHA512_OR(ROTR_temp1, ROTR_temp2, (ret)) )
     143             : 
     144             : /*
     145             :  * Define the SHA SIGMA and sigma macros
     146             :  *
     147             :  *  SHA512_ROTR(28,word) ^ SHA512_ROTR(34,word) ^ SHA512_ROTR(39,word)
     148             :  */
     149             : static uint32_t SIGMA0_temp1[2], SIGMA0_temp2[2],
     150             :   SIGMA0_temp3[2], SIGMA0_temp4[2];
     151             : #define SHA512_SIGMA0(word, ret) (                             \
     152             :     SHA512_ROTR(28, (word), SIGMA0_temp1),                     \
     153             :     SHA512_ROTR(34, (word), SIGMA0_temp2),                     \
     154             :     SHA512_ROTR(39, (word), SIGMA0_temp3),                     \
     155             :     SHA512_XOR(SIGMA0_temp2, SIGMA0_temp3, SIGMA0_temp4),      \
     156             :     SHA512_XOR(SIGMA0_temp1, SIGMA0_temp4, (ret)) )
     157             : 
     158             : /*
     159             :  * SHA512_ROTR(14,word) ^ SHA512_ROTR(18,word) ^ SHA512_ROTR(41,word)
     160             :  */
     161             : static uint32_t SIGMA1_temp1[2], SIGMA1_temp2[2],
     162             :   SIGMA1_temp3[2], SIGMA1_temp4[2];
     163             : #define SHA512_SIGMA1(word, ret) (                             \
     164             :     SHA512_ROTR(14, (word), SIGMA1_temp1),                     \
     165             :     SHA512_ROTR(18, (word), SIGMA1_temp2),                     \
     166             :     SHA512_ROTR(41, (word), SIGMA1_temp3),                     \
     167             :     SHA512_XOR(SIGMA1_temp2, SIGMA1_temp3, SIGMA1_temp4),      \
     168             :     SHA512_XOR(SIGMA1_temp1, SIGMA1_temp4, (ret)) )
     169             : 
     170             : /*
     171             :  * (SHA512_ROTR( 1,word) ^ SHA512_ROTR( 8,word) ^ SHA512_SHR( 7,word))
     172             :  */
     173             : static uint32_t sigma0_temp1[2], sigma0_temp2[2],
     174             :   sigma0_temp3[2], sigma0_temp4[2];
     175             : #define SHA512_sigma0(word, ret) (                             \
     176             :     SHA512_ROTR( 1, (word), sigma0_temp1),                     \
     177             :     SHA512_ROTR( 8, (word), sigma0_temp2),                     \
     178             :     SHA512_SHR( 7, (word), sigma0_temp3),                      \
     179             :     SHA512_XOR(sigma0_temp2, sigma0_temp3, sigma0_temp4),      \
     180             :     SHA512_XOR(sigma0_temp1, sigma0_temp4, (ret)) )
     181             : 
     182             : /*
     183             :  * (SHA512_ROTR(19,word) ^ SHA512_ROTR(61,word) ^ SHA512_SHR( 6,word))
     184             :  */
     185             : static uint32_t sigma1_temp1[2], sigma1_temp2[2],
     186             :   sigma1_temp3[2], sigma1_temp4[2];
     187             : #define SHA512_sigma1(word, ret) (                             \
     188             :     SHA512_ROTR(19, (word), sigma1_temp1),                     \
     189             :     SHA512_ROTR(61, (word), sigma1_temp2),                     \
     190             :     SHA512_SHR( 6, (word), sigma1_temp3),                      \
     191             :     SHA512_XOR(sigma1_temp2, sigma1_temp3, sigma1_temp4),      \
     192             :     SHA512_XOR(sigma1_temp1, sigma1_temp4, (ret)) )
     193             : 
     194             : #ifndef USE_MODIFIED_MACROS
     195             : /*
     196             :  * These definitions are the ones used in FIPS 180-3, section 4.1.3
     197             :  *  Ch(x,y,z)   ((x & y) ^ (~x & z))
     198             :  */
     199             : static uint32_t Ch_temp1[2], Ch_temp2[2], Ch_temp3[2];
     200             : #define SHA_Ch(x, y, z, ret) (                                 \
     201             :     SHA512_AND(x, y, Ch_temp1),                                \
     202             :     SHA512_TILDA(x, Ch_temp2),                                 \
     203             :     SHA512_AND(Ch_temp2, z, Ch_temp3),                         \
     204             :     SHA512_XOR(Ch_temp1, Ch_temp3, (ret)) )
     205             : 
     206             : /*
     207             :  *  Maj(x,y,z)  (((x)&(y)) ^ ((x)&(z)) ^ ((y)&(z)))
     208             :  */
     209             : static uint32_t Maj_temp1[2], Maj_temp2[2],
     210             :   Maj_temp3[2], Maj_temp4[2];
     211             : #define SHA_Maj(x, y, z, ret) (                                \
     212             :     SHA512_AND(x, y, Maj_temp1),                               \
     213             :     SHA512_AND(x, z, Maj_temp2),                               \
     214             :     SHA512_AND(y, z, Maj_temp3),                               \
     215             :     SHA512_XOR(Maj_temp2, Maj_temp3, Maj_temp4),               \
     216             :     SHA512_XOR(Maj_temp1, Maj_temp4, (ret)) )
     217             : #else /* !USE_MODIFIED_MACROS */
     218             : /*
     219             :  * These definitions are potentially faster equivalents for the ones
     220             :  * used in FIPS 180-3, section 4.1.3.
     221             :  *   ((x & y) ^ (~x & z)) becomes
     222             :  *   ((x & (y ^ z)) ^ z)
     223             :  */
     224             : #define SHA_Ch(x, y, z, ret) (                                 \
     225             :    (ret)[0] = (((x)[0] & ((y)[0] ^ (z)[0])) ^ (z)[0]),         \
     226             :    (ret)[1] = (((x)[1] & ((y)[1] ^ (z)[1])) ^ (z)[1]) )
     227             : 
     228             : /*
     229             :  *   ((x & y) ^ (x & z) ^ (y & z)) becomes
     230             :  *   ((x & (y | z)) | (y & z))
     231             :  */
     232             : #define SHA_Maj(x, y, z, ret) (                                 \
     233             :    ret[0] = (((x)[0] & ((y)[0] | (z)[0])) | ((y)[0] & (z)[0])), \
     234             :    ret[1] = (((x)[1] & ((y)[1] | (z)[1])) | ((y)[1] & (z)[1])) )
     235             : #endif /* USE_MODIFIED_MACROS */
     236             : 
     237             : /*
     238             :  * Add "length" to the length.
     239             :  * Set Corrupted when overflow has occurred.
     240             :  */
     241             : static uint32_t addTemp[4] = { 0, 0, 0, 0 };
     242             : #define SHA384_512AddLength(context, length) (                        \
     243             :     addTemp[3] = (length), SHA512_ADDTO4((context)->Length, addTemp), \
     244             :     (context)->Corrupted = (((context)->Length[3] < (length)) &&      \
     245             :        ((context)->Length[2] == 0) && ((context)->Length[1] == 0) &&  \
     246             :        ((context)->Length[0] == 0)) ? shaInputTooLong :               \
     247             :                                       (context)->Corrupted )
     248             : 
     249             : /* Local Function Prototypes */
     250             : static int SHA384_512Reset(SHA512Context *context,
     251             :                            uint32_t H0[SHA512HashSize/4]);
     252             : static void SHA384_512ProcessMessageBlock(SHA512Context *context);
     253             : static void SHA384_512Finalize(SHA512Context *context,
     254             :   uint8_t Pad_Byte);
     255             : static void SHA384_512PadMessage(SHA512Context *context,
     256             :   uint8_t Pad_Byte);
     257             : static int SHA384_512ResultN( SHA512Context *context,
     258             :   uint8_t Message_Digest[ ], int HashSize);
     259             : 
     260             : /* Initial Hash Values: FIPS 180-3 sections 5.3.4 and 5.3.5 */
     261             : static uint32_t SHA384_H0[SHA512HashSize/4] = {
     262             :     0xCBBB9D5D, 0xC1059ED8, 0x629A292A, 0x367CD507, 0x9159015A,
     263             :     0x3070DD17, 0x152FECD8, 0xF70E5939, 0x67332667, 0xFFC00B31,
     264             :     0x8EB44A87, 0x68581511, 0xDB0C2E0D, 0x64F98FA7, 0x47B5481D,
     265             :     0xBEFA4FA4
     266             : };
     267             : static uint32_t SHA512_H0[SHA512HashSize/4] = {
     268             :     0x6A09E667, 0xF3BCC908, 0xBB67AE85, 0x84CAA73B, 0x3C6EF372,
     269             :     0xFE94F82B, 0xA54FF53A, 0x5F1D36F1, 0x510E527F, 0xADE682D1,
     270             :     0x9B05688C, 0x2B3E6C1F, 0x1F83D9AB, 0xFB41BD6B, 0x5BE0CD19,
     271             :     0x137E2179
     272             : };
     273             : 
     274             : #else /* !USE_32BIT_ONLY */
     275             : 
     276             : #include "sha-private.h"
     277             : 
     278             : /* Define the SHA shift, rotate left and rotate right macros */
     279             : #define SHA512_SHR(bits,word)  (((uint64_t)(word)) >> (bits))
     280             : #define SHA512_ROTR(bits,word) ((((uint64_t)(word)) >> (bits)) | \
     281             :                                 (((uint64_t)(word)) << (64-(bits))))
     282             : 
     283             : /*
     284             :  * Define the SHA SIGMA and sigma macros
     285             :  *
     286             :  *  SHA512_ROTR(28,word) ^ SHA512_ROTR(34,word) ^ SHA512_ROTR(39,word)
     287             :  */
     288             : #define SHA512_SIGMA0(word)   \
     289             :  (SHA512_ROTR(28,word) ^ SHA512_ROTR(34,word) ^ SHA512_ROTR(39,word))
     290             : #define SHA512_SIGMA1(word)   \
     291             :  (SHA512_ROTR(14,word) ^ SHA512_ROTR(18,word) ^ SHA512_ROTR(41,word))
     292             : #define SHA512_sigma0(word)   \
     293             :  (SHA512_ROTR( 1,word) ^ SHA512_ROTR( 8,word) ^ SHA512_SHR( 7,word))
     294             : #define SHA512_sigma1(word)   \
     295             :  (SHA512_ROTR(19,word) ^ SHA512_ROTR(61,word) ^ SHA512_SHR( 6,word))
     296             : 
     297             : /*
     298             :  * Add "length" to the length.
     299             :  * Set Corrupted when overflow has occurred.
     300             :  */
     301             : static uint64_t addTemp;
     302             : #define SHA384_512AddLength(context, length)                   \
     303             :    (addTemp = context->Length_Low, context->Corrupted =        \
     304             :     ((context->Length_Low += length) < addTemp) &&             \
     305             :     (++context->Length_High == 0) ? shaInputTooLong :          \
     306             :                                     (context)->Corrupted)
     307             : 
     308             : /* Local Function Prototypes */
     309             : static int SHA384_512Reset(SHA512Context *context,
     310             :                            uint64_t H0[SHA512HashSize/8]);
     311             : static void SHA384_512ProcessMessageBlock(SHA512Context *context);
     312             : static void SHA384_512Finalize(SHA512Context *context,
     313             :   uint8_t Pad_Byte);
     314             : static void SHA384_512PadMessage(SHA512Context *context,
     315             :   uint8_t Pad_Byte);
     316             : static int SHA384_512ResultN(SHA512Context *context,
     317             :   uint8_t Message_Digest[ ], int HashSize);
     318             : 
     319             : /* Initial Hash Values: FIPS 180-3 sections 5.3.4 and 5.3.5 */
     320             : static uint64_t SHA384_H0[ ] = {
     321             :     0xCBBB9D5DC1059ED8ll, 0x629A292A367CD507ll, 0x9159015A3070DD17ll,
     322             :     0x152FECD8F70E5939ll, 0x67332667FFC00B31ll, 0x8EB44A8768581511ll,
     323             :     0xDB0C2E0D64F98FA7ll, 0x47B5481DBEFA4FA4ll
     324             : };
     325             : static uint64_t SHA512_H0[ ] = {
     326             :     0x6A09E667F3BCC908ll, 0xBB67AE8584CAA73Bll, 0x3C6EF372FE94F82Bll,
     327             :     0xA54FF53A5F1D36F1ll, 0x510E527FADE682D1ll, 0x9B05688C2B3E6C1Fll,
     328             :     0x1F83D9ABFB41BD6Bll, 0x5BE0CD19137E2179ll
     329             : };
     330             : 
     331             : #endif /* USE_32BIT_ONLY */
     332             : 
     333             : /*
     334             :  * SHA384Reset
     335             :  *
     336             :  * Description:
     337             :  *   This function will initialize the SHA384Context in preparation
     338             :  *   for computing a new SHA384 message digest.
     339             :  *
     340             :  * Parameters:
     341             :  *   context: [in/out]
     342             :  *     The context to reset.
     343             :  *
     344             :  * Returns:
     345             :  *   sha Error Code.
     346             :  *
     347             :  */
     348           1 : int SHA384Reset(SHA384Context *context)
     349             : {
     350           1 :   return SHA384_512Reset(context, SHA384_H0);
     351             : }
     352             : 
     353             : /*
     354             :  * SHA384Input
     355             :  *
     356             :  * Description:
     357             :  *   This function accepts an array of octets as the next portion
     358             :  *   of the message.
     359             :  *
     360             :  * Parameters:
     361             :  *   context: [in/out]
     362             :  *     The SHA context to update.
     363             :  *   message_array[ ]: [in]
     364             :  *     An array of octets representing the next portion of
     365             :  *     the message.
     366             :  *   length: [in]
     367             :  *     The length of the message in message_array.
     368             :  *
     369             :  * Returns:
     370             :  *   sha Error Code.
     371             :  *
     372             :  */
     373           1 : int SHA384Input(SHA384Context *context,
     374             :     const uint8_t *message_array, unsigned int length)
     375             : {
     376           1 :   return SHA512Input(context, message_array, length);
     377             : }
     378             : 
     379             : /*
     380             :  * SHA384FinalBits
     381             :  *
     382             :  * Description:
     383             :  *   This function will add in any final bits of the message.
     384             :  *
     385             :  * Parameters:
     386             :  *   context: [in/out]
     387             :  *     The SHA context to update.
     388             :  *   message_bits: [in]
     389             :  *     The final bits of the message, in the upper portion of the
     390             :  *     byte.  (Use 0b###00000 instead of 0b00000### to input the
     391             :  *     three bits ###.)
     392             :  *   length: [in]
     393             :  *     The number of bits in message_bits, between 1 and 7.
     394             :  *
     395             :  * Returns:
     396             :  *   sha Error Code.
     397             :  *
     398             :  */
     399           0 : int SHA384FinalBits(SHA384Context *context,
     400             :                     uint8_t message_bits, unsigned int length)
     401             : {
     402           0 :   return SHA512FinalBits(context, message_bits, length);
     403             : }
     404             : 
     405             : /*
     406             :  * SHA384Result
     407             :  *
     408             :  * Description:
     409             :  *   This function will return the 384-bit message digest
     410             :  *   into the Message_Digest array provided by the caller.
     411             :  *   NOTE:
     412             :  *    The first octet of hash is stored in the element with index 0,
     413             :  *    the last octet of hash in the element with index 47.
     414             :  *
     415             :  * Parameters:
     416             :  *   context: [in/out]
     417             :  *     The context to use to calculate the SHA hash.
     418             :  *   Message_Digest[ ]: [out]
     419             :  *     Where the digest is returned.
     420             :  *
     421             :  * Returns:
     422             :  *   sha Error Code.
     423             :  *
     424             :  */
     425           1 : int SHA384Result(SHA384Context *context,
     426             :     uint8_t Message_Digest[SHA384HashSize])
     427             : {
     428           1 :   return SHA384_512ResultN(context, Message_Digest, SHA384HashSize);
     429             : }
     430             : 
     431             : /*
     432             :  * SHA512Reset
     433             :  *
     434             :  * Description:
     435             :  *   This function will initialize the SHA512Context in preparation
     436             :  *   for computing a new SHA512 message digest.
     437             :  *
     438             :  * Parameters:
     439             :  *   context: [in/out]
     440             :  *     The context to reset.
     441             :  *
     442             :  * Returns:
     443             :  *   sha Error Code.
     444             :  *
     445             :  */
     446         680 : int SHA512Reset(SHA512Context *context)
     447             : {
     448         680 :   return SHA384_512Reset(context, SHA512_H0);
     449             : }
     450             : 
     451             : /*
     452             :  * SHA512Input
     453             :  *
     454             :  * Description:
     455             :  *   This function accepts an array of octets as the next portion
     456             :  *   of the message.
     457             :  *
     458             :  * Parameters:
     459             :  *   context: [in/out]
     460             :  *     The SHA context to update.
     461             :  *   message_array[ ]: [in]
     462             :  *     An array of octets representing the next portion of
     463             :  *     the message.
     464             :  *   length: [in]
     465             :  *     The length of the message in message_array.
     466             :  *
     467             :  * Returns:
     468             :  *   sha Error Code.
     469             :  *
     470             :  */
     471         843 : int SHA512Input(SHA512Context *context,
     472             :         const uint8_t *message_array,
     473             :         unsigned int length)
     474             : {
     475         843 :   if (!context) return shaNull;
     476         843 :   if (!length) return shaSuccess;
     477         843 :   if (!message_array) return shaNull;
     478         843 :   if (context->Computed) return context->Corrupted = shaStateError;
     479         843 :   if (context->Corrupted) return context->Corrupted;
     480             : 
     481       26644 :   while (length--) {
     482       25801 :     context->Message_Block[context->Message_Block_Index++] =
     483       25801 :             *message_array;
     484             : 
     485       25801 :     if ((SHA384_512AddLength(context, 8) == shaSuccess) &&
     486             :       (context->Message_Block_Index == SHA512_Message_Block_Size))
     487         162 :       SHA384_512ProcessMessageBlock(context);
     488             : 
     489       25801 :     message_array++;
     490             :   }
     491             : 
     492         843 :   return context->Corrupted;
     493             : }
     494             : 
     495             : /*
     496             :  * SHA512FinalBits
     497             :  *
     498             :  * Description:
     499             :  *   This function will add in any final bits of the message.
     500             :  *
     501             :  * Parameters:
     502             :  *   context: [in/out]
     503             :  *     The SHA context to update.
     504             :  *   message_bits: [in]
     505             :  *     The final bits of the message, in the upper portion of the
     506             :  *     byte.  (Use 0b###00000 instead of 0b00000### to input the
     507             :  *     three bits ###.)
     508             :  *   length: [in]
     509             :  *     The number of bits in message_bits, between 1 and 7.
     510             :  *
     511             :  * Returns:
     512             :  *   sha Error Code.
     513             :  *
     514             :  */
     515           0 : int SHA512FinalBits(SHA512Context *context,
     516             :                     uint8_t message_bits, unsigned int length)
     517             : {
     518             :   static uint8_t masks[8] = {
     519             :       /* 0 0b00000000 */ 0x00, /* 1 0b10000000 */ 0x80,
     520             :       /* 2 0b11000000 */ 0xC0, /* 3 0b11100000 */ 0xE0,
     521             :       /* 4 0b11110000 */ 0xF0, /* 5 0b11111000 */ 0xF8,
     522             :       /* 6 0b11111100 */ 0xFC, /* 7 0b11111110 */ 0xFE
     523             :   };
     524             :   static uint8_t markbit[8] = {
     525             :       /* 0 0b10000000 */ 0x80, /* 1 0b01000000 */ 0x40,
     526             :       /* 2 0b00100000 */ 0x20, /* 3 0b00010000 */ 0x10,
     527             :       /* 4 0b00001000 */ 0x08, /* 5 0b00000100 */ 0x04,
     528             :       /* 6 0b00000010 */ 0x02, /* 7 0b00000001 */ 0x01
     529             :   };
     530             : 
     531           0 :   if (!context) return shaNull;
     532           0 :   if (!length) return shaSuccess;
     533           0 :   if (context->Corrupted) return context->Corrupted;
     534           0 :   if (context->Computed) return context->Corrupted = shaStateError;
     535           0 :   if (length >= 8) return context->Corrupted = shaBadParam;
     536             : 
     537           0 :   SHA384_512AddLength(context, length);
     538           0 :   SHA384_512Finalize(context, (uint8_t)
     539           0 :     ((message_bits & masks[length]) | markbit[length]));
     540             : 
     541           0 :   return context->Corrupted;
     542             : }
     543             : 
     544             : /*
     545             :  * SHA512Result
     546             :  *
     547             :  * Description:
     548             :  *   This function will return the 512-bit message digest
     549             :  *   into the Message_Digest array provided by the caller.
     550             :  *   NOTE:
     551             :  *    The first octet of hash is stored in the element with index 0,
     552             :  *    the last octet of hash in the element with index 63.
     553             :  *
     554             :  * Parameters:
     555             :  *   context: [in/out]
     556             :  *     The context to use to calculate the SHA hash.
     557             :  *   Message_Digest[ ]: [out]
     558             :  *     Where the digest is returned.
     559             :  *
     560             :  * Returns:
     561             :  *   sha Error Code.
     562             :  *
     563             :  */
     564         680 : int SHA512Result(SHA512Context *context,
     565             :     uint8_t Message_Digest[SHA512HashSize])
     566             : {
     567         680 :   return SHA384_512ResultN(context, Message_Digest, SHA512HashSize);
     568             : }
     569             : 
     570             : /*
     571             :  * SHA384_512Reset
     572             :  *
     573             :  * Description:
     574             :  *   This helper function will initialize the SHA512Context in
     575             :  *   preparation for computing a new SHA384 or SHA512 message
     576             :  *   digest.
     577             :  *
     578             :  * Parameters:
     579             :  *   context: [in/out]
     580             :  *     The context to reset.
     581             :  *   H0[ ]: [in]
     582             :  *     The initial hash value array to use.
     583             :  *
     584             :  * Returns:
     585             :  *   sha Error Code.
     586             :  *
     587             :  */
     588             : #ifdef USE_32BIT_ONLY
     589             : static int SHA384_512Reset(SHA512Context *context,
     590             :                            uint32_t H0[SHA512HashSize/4])
     591             : #else /* !USE_32BIT_ONLY */
     592         681 : static int SHA384_512Reset(SHA512Context *context,
     593             :                            uint64_t H0[SHA512HashSize/8])
     594             : #endif /* USE_32BIT_ONLY */
     595             : {
     596             :   int i;
     597         681 :   if (!context) return shaNull;
     598             : 
     599         681 :   context->Message_Block_Index = 0;
     600             : 
     601             : #ifdef USE_32BIT_ONLY
     602             :   context->Length[0] = context->Length[1] =
     603             :   context->Length[2] = context->Length[3] = 0;
     604             : 
     605             :   for (i = 0; i < SHA512HashSize/4; i++)
     606             :     context->Intermediate_Hash[i] = H0[i];
     607             : #else /* !USE_32BIT_ONLY */
     608         681 :   context->Length_High = context->Length_Low = 0;
     609             : 
     610        6129 :   for (i = 0; i < SHA512HashSize/8; i++)
     611        5448 :     context->Intermediate_Hash[i] = H0[i];
     612             : #endif /* USE_32BIT_ONLY */
     613             : 
     614         681 :   context->Computed = 0;
     615         681 :   context->Corrupted = shaSuccess;
     616             : 
     617         681 :   return shaSuccess;
     618             : }
     619             : 
     620             : /*
     621             :  * SHA384_512ProcessMessageBlock
     622             :  *
     623             :  * Description:
     624             :  *   This helper function will process the next 1024 bits of the
     625             :  *   message stored in the Message_Block array.
     626             :  *
     627             :  * Parameters:
     628             :  *   context: [in/out]
     629             :  *     The SHA context to update.
     630             :  *
     631             :  * Returns:
     632             :  *   Nothing.
     633             :  *
     634             :  * Comments:
     635             :  *   Many of the variable names in this code, especially the
     636             :  *   single character names, were used because those were the
     637             :  *   names used in the Secure Hash Standard.
     638             :  *
     639             :  *
     640             :  */
     641         843 : static void SHA384_512ProcessMessageBlock(SHA512Context *context)
     642             : {
     643             : #ifdef USE_32BIT_ONLY
     644             :   /* Constants defined in FIPS 180-3, section 4.2.3 */
     645             :   static const uint32_t K[80*2] = {
     646             :       0x428A2F98, 0xD728AE22, 0x71374491, 0x23EF65CD, 0xB5C0FBCF,
     647             :       0xEC4D3B2F, 0xE9B5DBA5, 0x8189DBBC, 0x3956C25B, 0xF348B538,
     648             :       0x59F111F1, 0xB605D019, 0x923F82A4, 0xAF194F9B, 0xAB1C5ED5,
     649             :       0xDA6D8118, 0xD807AA98, 0xA3030242, 0x12835B01, 0x45706FBE,
     650             :       0x243185BE, 0x4EE4B28C, 0x550C7DC3, 0xD5FFB4E2, 0x72BE5D74,
     651             :       0xF27B896F, 0x80DEB1FE, 0x3B1696B1, 0x9BDC06A7, 0x25C71235,
     652             :       0xC19BF174, 0xCF692694, 0xE49B69C1, 0x9EF14AD2, 0xEFBE4786,
     653             :       0x384F25E3, 0x0FC19DC6, 0x8B8CD5B5, 0x240CA1CC, 0x77AC9C65,
     654             :       0x2DE92C6F, 0x592B0275, 0x4A7484AA, 0x6EA6E483, 0x5CB0A9DC,
     655             :       0xBD41FBD4, 0x76F988DA, 0x831153B5, 0x983E5152, 0xEE66DFAB,
     656             :       0xA831C66D, 0x2DB43210, 0xB00327C8, 0x98FB213F, 0xBF597FC7,
     657             :       0xBEEF0EE4, 0xC6E00BF3, 0x3DA88FC2, 0xD5A79147, 0x930AA725,
     658             :       0x06CA6351, 0xE003826F, 0x14292967, 0x0A0E6E70, 0x27B70A85,
     659             :       0x46D22FFC, 0x2E1B2138, 0x5C26C926, 0x4D2C6DFC, 0x5AC42AED,
     660             :       0x53380D13, 0x9D95B3DF, 0x650A7354, 0x8BAF63DE, 0x766A0ABB,
     661             :       0x3C77B2A8, 0x81C2C92E, 0x47EDAEE6, 0x92722C85, 0x1482353B,
     662             :       0xA2BFE8A1, 0x4CF10364, 0xA81A664B, 0xBC423001, 0xC24B8B70,
     663             :       0xD0F89791, 0xC76C51A3, 0x0654BE30, 0xD192E819, 0xD6EF5218,
     664             :       0xD6990624, 0x5565A910, 0xF40E3585, 0x5771202A, 0x106AA070,
     665             :       0x32BBD1B8, 0x19A4C116, 0xB8D2D0C8, 0x1E376C08, 0x5141AB53,
     666             :       0x2748774C, 0xDF8EEB99, 0x34B0BCB5, 0xE19B48A8, 0x391C0CB3,
     667             :       0xC5C95A63, 0x4ED8AA4A, 0xE3418ACB, 0x5B9CCA4F, 0x7763E373,
     668             :       0x682E6FF3, 0xD6B2B8A3, 0x748F82EE, 0x5DEFB2FC, 0x78A5636F,
     669             :       0x43172F60, 0x84C87814, 0xA1F0AB72, 0x8CC70208, 0x1A6439EC,
     670             :       0x90BEFFFA, 0x23631E28, 0xA4506CEB, 0xDE82BDE9, 0xBEF9A3F7,
     671             :       0xB2C67915, 0xC67178F2, 0xE372532B, 0xCA273ECE, 0xEA26619C,
     672             :       0xD186B8C7, 0x21C0C207, 0xEADA7DD6, 0xCDE0EB1E, 0xF57D4F7F,
     673             :       0xEE6ED178, 0x06F067AA, 0x72176FBA, 0x0A637DC5, 0xA2C898A6,
     674             :       0x113F9804, 0xBEF90DAE, 0x1B710B35, 0x131C471B, 0x28DB77F5,
     675             :       0x23047D84, 0x32CAAB7B, 0x40C72493, 0x3C9EBE0A, 0x15C9BEBC,
     676             :       0x431D67C4, 0x9C100D4C, 0x4CC5D4BE, 0xCB3E42B6, 0x597F299C,
     677             :       0xFC657E2A, 0x5FCB6FAB, 0x3AD6FAEC, 0x6C44198C, 0x4A475817
     678             :   };
     679             :   int     t, t2, t8;                  /* Loop counter */
     680             :   uint32_t  temp1[2], temp2[2],       /* Temporary word values */
     681             :         temp3[2], temp4[2], temp5[2];
     682             :   uint32_t  W[2*80];                  /* Word sequence */
     683             :   uint32_t  A[2], B[2], C[2], D[2],   /* Word buffers */
     684             :         E[2], F[2], G[2], H[2];
     685             : 
     686             :   /* Initialize the first 16 words in the array W */
     687             :   for (t = t2 = t8 = 0; t < 16; t++, t8 += 8) {
     688             :     W[t2++] = ((((uint32_t)context->Message_Block[t8    ])) << 24) |
     689             :               ((((uint32_t)context->Message_Block[t8 + 1])) << 16) |
     690             :               ((((uint32_t)context->Message_Block[t8 + 2])) << 8) |
     691             :               ((((uint32_t)context->Message_Block[t8 + 3])));
     692             :     W[t2++] = ((((uint32_t)context->Message_Block[t8 + 4])) << 24) |
     693             :               ((((uint32_t)context->Message_Block[t8 + 5])) << 16) |
     694             :               ((((uint32_t)context->Message_Block[t8 + 6])) << 8) |
     695             :               ((((uint32_t)context->Message_Block[t8 + 7])));
     696             :   }
     697             : 
     698             :   for (t = 16; t < 80; t++, t2 += 2) {
     699             :     /* W[t] = SHA512_sigma1(W[t-2]) + W[t-7] +
     700             :       SHA512_sigma0(W[t-15]) + W[t-16]; */
     701             :     uint32_t *Wt2 = &W[t2-2*2];
     702             :     uint32_t *Wt7 = &W[t2-7*2];
     703             :     uint32_t *Wt15 = &W[t2-15*2];
     704             :     uint32_t *Wt16 = &W[t2-16*2];
     705             :     SHA512_sigma1(Wt2, temp1);
     706             :     SHA512_ADD(temp1, Wt7, temp2);
     707             :     SHA512_sigma0(Wt15, temp1);
     708             :     SHA512_ADD(temp1, Wt16, temp3);
     709             :     SHA512_ADD(temp2, temp3, &W[t2]);
     710             :   }
     711             : 
     712             :   A[0] = context->Intermediate_Hash[0];
     713             :   A[1] = context->Intermediate_Hash[1];
     714             :   B[0] = context->Intermediate_Hash[2];
     715             :   B[1] = context->Intermediate_Hash[3];
     716             :   C[0] = context->Intermediate_Hash[4];
     717             :   C[1] = context->Intermediate_Hash[5];
     718             :   D[0] = context->Intermediate_Hash[6];
     719             :   D[1] = context->Intermediate_Hash[7];
     720             :   E[0] = context->Intermediate_Hash[8];
     721             :   E[1] = context->Intermediate_Hash[9];
     722             :   F[0] = context->Intermediate_Hash[10];
     723             :   F[1] = context->Intermediate_Hash[11];
     724             :   G[0] = context->Intermediate_Hash[12];
     725             :   G[1] = context->Intermediate_Hash[13];
     726             :   H[0] = context->Intermediate_Hash[14];
     727             :   H[1] = context->Intermediate_Hash[15];
     728             : 
     729             :   for (t = t2 = 0; t < 80; t++, t2 += 2) {
     730             :     /*
     731             :      * temp1 = H + SHA512_SIGMA1(E) + SHA_Ch(E,F,G) + K[t] + W[t];
     732             :      */
     733             :     SHA512_SIGMA1(E,temp1);
     734             :     SHA512_ADD(H, temp1, temp2);
     735             :     SHA_Ch(E,F,G,temp3);
     736             :     SHA512_ADD(temp2, temp3, temp4);
     737             :     SHA512_ADD(&K[t2], &W[t2], temp5);
     738             :     SHA512_ADD(temp4, temp5, temp1);
     739             :     /*
     740             :      * temp2 = SHA512_SIGMA0(A) + SHA_Maj(A,B,C);
     741             :      */
     742             :     SHA512_SIGMA0(A,temp3);
     743             :     SHA_Maj(A,B,C,temp4);
     744             :     SHA512_ADD(temp3, temp4, temp2);
     745             :     H[0] = G[0]; H[1] = G[1];
     746             :     G[0] = F[0]; G[1] = F[1];
     747             :     F[0] = E[0]; F[1] = E[1];
     748             :     SHA512_ADD(D, temp1, E);
     749             :     D[0] = C[0]; D[1] = C[1];
     750             :     C[0] = B[0]; C[1] = B[1];
     751             :     B[0] = A[0]; B[1] = A[1];
     752             :     SHA512_ADD(temp1, temp2, A);
     753             :   }
     754             : 
     755             :   SHA512_ADDTO2(&context->Intermediate_Hash[0], A);
     756             :   SHA512_ADDTO2(&context->Intermediate_Hash[2], B);
     757             :   SHA512_ADDTO2(&context->Intermediate_Hash[4], C);
     758             :   SHA512_ADDTO2(&context->Intermediate_Hash[6], D);
     759             :   SHA512_ADDTO2(&context->Intermediate_Hash[8], E);
     760             :   SHA512_ADDTO2(&context->Intermediate_Hash[10], F);
     761             :   SHA512_ADDTO2(&context->Intermediate_Hash[12], G);
     762             :   SHA512_ADDTO2(&context->Intermediate_Hash[14], H);
     763             : 
     764             : #else /* !USE_32BIT_ONLY */
     765             :   /* Constants defined in FIPS 180-3, section 4.2.3 */
     766             :   static const uint64_t K[80] = {
     767             :       0x428A2F98D728AE22ll, 0x7137449123EF65CDll, 0xB5C0FBCFEC4D3B2Fll,
     768             :       0xE9B5DBA58189DBBCll, 0x3956C25BF348B538ll, 0x59F111F1B605D019ll,
     769             :       0x923F82A4AF194F9Bll, 0xAB1C5ED5DA6D8118ll, 0xD807AA98A3030242ll,
     770             :       0x12835B0145706FBEll, 0x243185BE4EE4B28Cll, 0x550C7DC3D5FFB4E2ll,
     771             :       0x72BE5D74F27B896Fll, 0x80DEB1FE3B1696B1ll, 0x9BDC06A725C71235ll,
     772             :       0xC19BF174CF692694ll, 0xE49B69C19EF14AD2ll, 0xEFBE4786384F25E3ll,
     773             :       0x0FC19DC68B8CD5B5ll, 0x240CA1CC77AC9C65ll, 0x2DE92C6F592B0275ll,
     774             :       0x4A7484AA6EA6E483ll, 0x5CB0A9DCBD41FBD4ll, 0x76F988DA831153B5ll,
     775             :       0x983E5152EE66DFABll, 0xA831C66D2DB43210ll, 0xB00327C898FB213Fll,
     776             :       0xBF597FC7BEEF0EE4ll, 0xC6E00BF33DA88FC2ll, 0xD5A79147930AA725ll,
     777             :       0x06CA6351E003826Fll, 0x142929670A0E6E70ll, 0x27B70A8546D22FFCll,
     778             :       0x2E1B21385C26C926ll, 0x4D2C6DFC5AC42AEDll, 0x53380D139D95B3DFll,
     779             :       0x650A73548BAF63DEll, 0x766A0ABB3C77B2A8ll, 0x81C2C92E47EDAEE6ll,
     780             :       0x92722C851482353Bll, 0xA2BFE8A14CF10364ll, 0xA81A664BBC423001ll,
     781             :       0xC24B8B70D0F89791ll, 0xC76C51A30654BE30ll, 0xD192E819D6EF5218ll,
     782             :       0xD69906245565A910ll, 0xF40E35855771202All, 0x106AA07032BBD1B8ll,
     783             :       0x19A4C116B8D2D0C8ll, 0x1E376C085141AB53ll, 0x2748774CDF8EEB99ll,
     784             :       0x34B0BCB5E19B48A8ll, 0x391C0CB3C5C95A63ll, 0x4ED8AA4AE3418ACBll,
     785             :       0x5B9CCA4F7763E373ll, 0x682E6FF3D6B2B8A3ll, 0x748F82EE5DEFB2FCll,
     786             :       0x78A5636F43172F60ll, 0x84C87814A1F0AB72ll, 0x8CC702081A6439ECll,
     787             :       0x90BEFFFA23631E28ll, 0xA4506CEBDE82BDE9ll, 0xBEF9A3F7B2C67915ll,
     788             :       0xC67178F2E372532Bll, 0xCA273ECEEA26619Cll, 0xD186B8C721C0C207ll,
     789             :       0xEADA7DD6CDE0EB1Ell, 0xF57D4F7FEE6ED178ll, 0x06F067AA72176FBAll,
     790             :       0x0A637DC5A2C898A6ll, 0x113F9804BEF90DAEll, 0x1B710B35131C471Bll,
     791             :       0x28DB77F523047D84ll, 0x32CAAB7B40C72493ll, 0x3C9EBE0A15C9BEBCll,
     792             :       0x431D67C49C100D4Cll, 0x4CC5D4BECB3E42B6ll, 0x597F299CFC657E2All,
     793             :       0x5FCB6FAB3AD6FAECll, 0x6C44198C4A475817ll
     794             :   };
     795             :   int        t, t8;                   /* Loop counter */
     796             :   uint64_t   temp1, temp2;            /* Temporary word value */
     797             :   uint64_t   W[80];                   /* Word sequence */
     798             :   uint64_t   A, B, C, D, E, F, G, H;  /* Word buffers */
     799             : 
     800             :   /*
     801             :    * Initialize the first 16 words in the array W
     802             :    */
     803       14331 :   for (t = t8 = 0; t < 16; t++, t8 += 8)
     804       13488 :     W[t] = ((uint64_t)(context->Message_Block[t8  ]) << 56) |
     805       13488 :            ((uint64_t)(context->Message_Block[t8 + 1]) << 48) |
     806       13488 :            ((uint64_t)(context->Message_Block[t8 + 2]) << 40) |
     807       13488 :            ((uint64_t)(context->Message_Block[t8 + 3]) << 32) |
     808       13488 :            ((uint64_t)(context->Message_Block[t8 + 4]) << 24) |
     809       13488 :            ((uint64_t)(context->Message_Block[t8 + 5]) << 16) |
     810       13488 :            ((uint64_t)(context->Message_Block[t8 + 6]) << 8) |
     811       13488 :            ((uint64_t)(context->Message_Block[t8 + 7]));
     812             : 
     813       54795 :   for (t = 16; t < 80; t++)
     814       53952 :     W[t] = SHA512_sigma1(W[t-2]) + W[t-7] +
     815       53952 :         SHA512_sigma0(W[t-15]) + W[t-16];
     816         843 :   A = context->Intermediate_Hash[0];
     817         843 :   B = context->Intermediate_Hash[1];
     818         843 :   C = context->Intermediate_Hash[2];
     819         843 :   D = context->Intermediate_Hash[3];
     820         843 :   E = context->Intermediate_Hash[4];
     821         843 :   F = context->Intermediate_Hash[5];
     822         843 :   G = context->Intermediate_Hash[6];
     823         843 :   H = context->Intermediate_Hash[7];
     824             : 
     825       68283 :   for (t = 0; t < 80; t++) {
     826       67440 :     temp1 = H + SHA512_SIGMA1(E) + SHA_Ch(E,F,G) + K[t] + W[t];
     827       67440 :     temp2 = SHA512_SIGMA0(A) + SHA_Maj(A,B,C);
     828             :     H = G;
     829             :     G = F;
     830             :     F = E;
     831       67440 :     E = D + temp1;
     832             :     D = C;
     833             :     C = B;
     834             :     B = A;
     835       67440 :     A = temp1 + temp2;
     836             :   }
     837             : 
     838         843 :   context->Intermediate_Hash[0] += A;
     839         843 :   context->Intermediate_Hash[1] += B;
     840         843 :   context->Intermediate_Hash[2] += C;
     841         843 :   context->Intermediate_Hash[3] += D;
     842         843 :   context->Intermediate_Hash[4] += E;
     843         843 :   context->Intermediate_Hash[5] += F;
     844         843 :   context->Intermediate_Hash[6] += G;
     845         843 :   context->Intermediate_Hash[7] += H;
     846             : #endif /* USE_32BIT_ONLY */
     847             : 
     848         843 :   context->Message_Block_Index = 0;
     849         843 : }
     850             : 
     851             : /*
     852             :  * SHA384_512Finalize
     853             :  *
     854             :  * Description:
     855             :  *   This helper function finishes off the digest calculations.
     856             :  *
     857             :  * Parameters:
     858             :  *   context: [in/out]
     859             :  *     The SHA context to update.
     860             :  *   Pad_Byte: [in]
     861             :  *     The last byte to add to the message block before the 0-padding
     862             :  *     and length.  This will contain the last bits of the message
     863             :  *     followed by another single bit.  If the message was an
     864             :  *     exact multiple of 8-bits long, Pad_Byte will be 0x80.
     865             :  *
     866             :  * Returns:
     867             :  *   sha Error Code.
     868             :  *
     869             :  */
     870         681 : static void SHA384_512Finalize(SHA512Context *context,
     871             :     uint8_t Pad_Byte)
     872             : {
     873             :   int_least16_t i;
     874         681 :   SHA384_512PadMessage(context, Pad_Byte);
     875             :   /* message may be sensitive, clear it out */
     876       87849 :   for (i = 0; i < SHA512_Message_Block_Size; ++i)
     877       87168 :     context->Message_Block[i] = 0;
     878             : #ifdef USE_32BIT_ONLY    /* and clear length */
     879             :   context->Length[0] = context->Length[1] = 0;
     880             :   context->Length[2] = context->Length[3] = 0;
     881             : #else /* !USE_32BIT_ONLY */
     882         681 :   context->Length_High = context->Length_Low = 0;
     883             : #endif /* USE_32BIT_ONLY */
     884         681 :   context->Computed = 1;
     885         681 : }
     886             : 
     887             : /*
     888             :  * SHA384_512PadMessage
     889             :  *
     890             :  * Description:
     891             :  *   According to the standard, the message must be padded to the next
     892             :  *   even multiple of 1024 bits.  The first padding bit must be a '1'.
     893             :  *   The last 128 bits represent the length of the original message.
     894             :  *   All bits in between should be 0.  This helper function will
     895             :  *   pad the message according to those rules by filling the
     896             :  *   Message_Block array accordingly.  When it returns, it can be
     897             :  *   assumed that the message digest has been computed.
     898             :  *
     899             :  * Parameters:
     900             :  *   context: [in/out]
     901             :  *     The context to pad.
     902             :  *   Pad_Byte: [in]
     903             :  *     The last byte to add to the message block before the 0-padding
     904             :  *     and length.  This will contain the last bits of the message
     905             :  *     followed by another single bit.  If the message was an
     906             :  *     exact multiple of 8-bits long, Pad_Byte will be 0x80.
     907             :  *
     908             :  * Returns:
     909             :  *   Nothing.
     910             :  *
     911             :  */
     912         681 : static void SHA384_512PadMessage(SHA512Context *context,
     913             :     uint8_t Pad_Byte)
     914             : {
     915             :   /*
     916             :    * Check to see if the current message block is too small to hold
     917             :    * the initial padding bits and length.  If so, we will pad the
     918             :    * block, process it, and then continue padding into a second
     919             :    * block.
     920             :    */
     921         681 :   if (context->Message_Block_Index >= (SHA512_Message_Block_Size-16)) {
     922           0 :     context->Message_Block[context->Message_Block_Index++] = Pad_Byte;
     923           0 :     while (context->Message_Block_Index < SHA512_Message_Block_Size)
     924           0 :       context->Message_Block[context->Message_Block_Index++] = 0;
     925             : 
     926           0 :     SHA384_512ProcessMessageBlock(context);
     927             :   } else
     928         681 :     context->Message_Block[context->Message_Block_Index++] = Pad_Byte;
     929             : 
     930       71207 :   while (context->Message_Block_Index < (SHA512_Message_Block_Size-16))
     931       70526 :     context->Message_Block[context->Message_Block_Index++] = 0;
     932             : 
     933             :   /*
     934             :    * Store the message length as the last 16 octets
     935             :    */
     936             : #ifdef USE_32BIT_ONLY
     937             :   context->Message_Block[112] = (uint8_t)(context->Length[0] >> 24);
     938             :   context->Message_Block[113] = (uint8_t)(context->Length[0] >> 16);
     939             :   context->Message_Block[114] = (uint8_t)(context->Length[0] >> 8);
     940             :   context->Message_Block[115] = (uint8_t)(context->Length[0]);
     941             :   context->Message_Block[116] = (uint8_t)(context->Length[1] >> 24);
     942             :   context->Message_Block[117] = (uint8_t)(context->Length[1] >> 16);
     943             :   context->Message_Block[118] = (uint8_t)(context->Length[1] >> 8);
     944             :   context->Message_Block[119] = (uint8_t)(context->Length[1]);
     945             : 
     946             :   context->Message_Block[120] = (uint8_t)(context->Length[2] >> 24);
     947             :   context->Message_Block[121] = (uint8_t)(context->Length[2] >> 16);
     948             :   context->Message_Block[122] = (uint8_t)(context->Length[2] >> 8);
     949             :   context->Message_Block[123] = (uint8_t)(context->Length[2]);
     950             :   context->Message_Block[124] = (uint8_t)(context->Length[3] >> 24);
     951             :   context->Message_Block[125] = (uint8_t)(context->Length[3] >> 16);
     952             :   context->Message_Block[126] = (uint8_t)(context->Length[3] >> 8);
     953             :   context->Message_Block[127] = (uint8_t)(context->Length[3]);
     954             : #else /* !USE_32BIT_ONLY */
     955         681 :   context->Message_Block[112] = (uint8_t)(context->Length_High >> 56);
     956         681 :   context->Message_Block[113] = (uint8_t)(context->Length_High >> 48);
     957         681 :   context->Message_Block[114] = (uint8_t)(context->Length_High >> 40);
     958         681 :   context->Message_Block[115] = (uint8_t)(context->Length_High >> 32);
     959         681 :   context->Message_Block[116] = (uint8_t)(context->Length_High >> 24);
     960         681 :   context->Message_Block[117] = (uint8_t)(context->Length_High >> 16);
     961         681 :   context->Message_Block[118] = (uint8_t)(context->Length_High >> 8);
     962         681 :   context->Message_Block[119] = (uint8_t)(context->Length_High);
     963             : 
     964         681 :   context->Message_Block[120] = (uint8_t)(context->Length_Low >> 56);
     965         681 :   context->Message_Block[121] = (uint8_t)(context->Length_Low >> 48);
     966         681 :   context->Message_Block[122] = (uint8_t)(context->Length_Low >> 40);
     967         681 :   context->Message_Block[123] = (uint8_t)(context->Length_Low >> 32);
     968         681 :   context->Message_Block[124] = (uint8_t)(context->Length_Low >> 24);
     969         681 :   context->Message_Block[125] = (uint8_t)(context->Length_Low >> 16);
     970         681 :   context->Message_Block[126] = (uint8_t)(context->Length_Low >> 8);
     971         681 :   context->Message_Block[127] = (uint8_t)(context->Length_Low);
     972             : #endif /* USE_32BIT_ONLY */
     973             : 
     974         681 :   SHA384_512ProcessMessageBlock(context);
     975         681 : }
     976             : 
     977             : /*
     978             :  * SHA384_512ResultN
     979             :  *
     980             :  * Description:
     981             :  *   This helper function will return the 384-bit or 512-bit message
     982             :  *   digest into the Message_Digest array provided by the caller.
     983             :  *   NOTE:
     984             :  *    The first octet of hash is stored in the element with index 0,
     985             :  *    the last octet of hash in the element with index 47/63.
     986             :  *
     987             :  * Parameters:
     988             :  *   context: [in/out]
     989             :  *     The context to use to calculate the SHA hash.
     990             :  *   Message_Digest[ ]: [out]
     991             :  *     Where the digest is returned.
     992             :  *   HashSize: [in]
     993             :  *     The size of the hash, either 48 or 64.
     994             :  *
     995             :  * Returns:
     996             :  *   sha Error Code.
     997             :  *
     998             :  */
     999         681 : static int SHA384_512ResultN(SHA512Context *context,
    1000             :     uint8_t Message_Digest[ ], int HashSize)
    1001             : {
    1002             :   int i;
    1003             : #ifdef USE_32BIT_ONLY
    1004             :   int i2;
    1005             : #endif /* USE_32BIT_ONLY */
    1006             : 
    1007         681 :   if (!context) return shaNull;
    1008         681 :   if (!Message_Digest) return shaNull;
    1009         681 :   if (context->Corrupted) return context->Corrupted;
    1010             : 
    1011         681 :   if (!context->Computed)
    1012         681 :     SHA384_512Finalize(context, 0x80);
    1013             : 
    1014             : #ifdef USE_32BIT_ONLY
    1015             :   for (i = i2 = 0; i < HashSize; ) {
    1016             :     Message_Digest[i++]=(uint8_t)(context->Intermediate_Hash[i2]>>24);
    1017             :     Message_Digest[i++]=(uint8_t)(context->Intermediate_Hash[i2]>>16);
    1018             :     Message_Digest[i++]=(uint8_t)(context->Intermediate_Hash[i2]>>8);
    1019             :     Message_Digest[i++]=(uint8_t)(context->Intermediate_Hash[i2++]);
    1020             :     Message_Digest[i++]=(uint8_t)(context->Intermediate_Hash[i2]>>24);
    1021             :     Message_Digest[i++]=(uint8_t)(context->Intermediate_Hash[i2]>>16);
    1022             :     Message_Digest[i++]=(uint8_t)(context->Intermediate_Hash[i2]>>8);
    1023             :     Message_Digest[i++]=(uint8_t)(context->Intermediate_Hash[i2++]);
    1024             :   }
    1025             : #else /* !USE_32BIT_ONLY */
    1026       44249 :   for (i = 0; i < HashSize; ++i)
    1027       43568 :     Message_Digest[i] = (uint8_t)
    1028       43568 :       (context->Intermediate_Hash[i>>3] >> 8 * ( 7 - ( i % 8 ) ));
    1029             : #endif /* USE_32BIT_ONLY */
    1030             : 
    1031             :   return shaSuccess;
    1032             : }

Generated by: LCOV version 1.14