tlx
sha512.cpp
Go to the documentation of this file.
1/*******************************************************************************
2 * tlx/digest/sha512.cpp
3 *
4 * Public domain implementation of SHA-512 (SHA-2) processor. Copied from
5 * https://github.com/kalven/sha-2, which is based on LibTomCrypt.
6 *
7 * Part of tlx - http://panthema.net/tlx
8 *
9 * Copyright (C) 2018 Timo Bingmann <tb@panthema.net>
10 *
11 * All rights reserved. Published under the Boost Software License, Version 1.0
12 ******************************************************************************/
13
14#include <tlx/digest/sha512.hpp>
15
16#include <tlx/math/ror.hpp>
18
19namespace tlx {
20
21/*
22 * LibTomCrypt, modular cryptographic library -- Tom St Denis
23 *
24 * LibTomCrypt is a library that provides various cryptographic algorithms in a
25 * highly modular and flexible manner.
26 *
27 * The library is free for all purposes without any express guarantee it works.
28 */
29
30namespace digest_detail {
31
32static const uint64_t K[80] = {
33 0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL, 0xb5c0fbcfec4d3b2fULL,
34 0xe9b5dba58189dbbcULL, 0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL,
35 0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL, 0xd807aa98a3030242ULL,
36 0x12835b0145706fbeULL, 0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL,
37 0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL, 0x9bdc06a725c71235ULL,
38 0xc19bf174cf692694ULL, 0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL,
39 0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL, 0x2de92c6f592b0275ULL,
40 0x4a7484aa6ea6e483ULL, 0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL,
41 0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL, 0xb00327c898fb213fULL,
42 0xbf597fc7beef0ee4ULL, 0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL,
43 0x06ca6351e003826fULL, 0x142929670a0e6e70ULL, 0x27b70a8546d22ffcULL,
44 0x2e1b21385c26c926ULL, 0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL,
45 0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL, 0x81c2c92e47edaee6ULL,
46 0x92722c851482353bULL, 0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL,
47 0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL, 0xd192e819d6ef5218ULL,
48 0xd69906245565a910ULL, 0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL,
49 0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL, 0x2748774cdf8eeb99ULL,
50 0x34b0bcb5e19b48a8ULL, 0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL,
51 0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL, 0x748f82ee5defb2fcULL,
52 0x78a5636f43172f60ULL, 0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL,
53 0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL, 0xbef9a3f7b2c67915ULL,
54 0xc67178f2e372532bULL, 0xca273eceea26619cULL, 0xd186b8c721c0c207ULL,
55 0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL, 0x06f067aa72176fbaULL,
56 0x0a637dc5a2c898a6ULL, 0x113f9804bef90daeULL, 0x1b710b35131c471bULL,
57 0x28db77f523047d84ULL, 0x32caab7b40c72493ULL, 0x3c9ebe0a15c9bebcULL,
58 0x431d67c49c100d4cULL, 0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL,
59 0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL
60};
61
62static inline uint32_t min(uint32_t x, uint32_t y) {
63 return x < y ? x : y;
64}
65
66static inline void store64(uint64_t x, unsigned char* y) {
67 for (int i = 0; i != 8; ++i)
68 y[i] = (x >> ((7 - i) * 8)) & 255;
69}
70static inline uint64_t load64(const unsigned char* y) {
71 uint64_t res = 0;
72 for (int i = 0; i != 8; ++i)
73 res |= uint64_t(y[i]) << ((7 - i) * 8);
74 return res;
75}
76
77static inline
78uint64_t Ch(const uint64_t& x, const uint64_t& y, const uint64_t& z) {
79 return z ^ (x & (y ^ z));
80}
81static inline
82uint64_t Maj(const uint64_t& x, const uint64_t& y, const uint64_t& z) {
83 return ((x | y) & z) | (x & y);
84}
85static inline uint64_t Sh(uint64_t x, uint64_t n) {
86 return x >> n;
87}
88static inline uint64_t Sigma0(uint64_t x) {
89 return ror64(x, 28) ^ ror64(x, 34) ^ ror64(x, 39);
90}
91static inline uint64_t Sigma1(uint64_t x) {
92 return ror64(x, 14) ^ ror64(x, 18) ^ ror64(x, 41);
93}
94static inline uint64_t Gamma0(uint64_t x) {
95 return ror64(x, 1) ^ ror64(x, 8) ^ Sh(x, 7);
96}
97static inline uint64_t Gamma1(uint64_t x) {
98 return ror64(x, 19) ^ ror64(x, 61) ^ Sh(x, 6);
99}
100
101static void sha512_compress(uint64_t state[8], const uint8_t* buf) {
102 uint64_t S[8], W[80], t0, t1;
103
104 // Copy state_ into S
105 for (int i = 0; i < 8; i++)
106 S[i] = state[i];
107
108 // Copy the state into 1024-bits into W[0..15]
109 for (int i = 0; i < 16; i++)
110 W[i] = load64(buf + (8 * i));
111
112 // Fill W[16..79]
113 for (int i = 16; i < 80; i++)
114 W[i] = Gamma1(W[i - 2]) + W[i - 7] + Gamma0(W[i - 15]) + W[i - 16];
115
116 // Compress
117 auto RND =
118 [&](uint64_t a, uint64_t b, uint64_t c, uint64_t& d, uint64_t e,
119 uint64_t f, uint64_t g, uint64_t& h, uint64_t i)
120 {
121 t0 = h + Sigma1(e) + Ch(e, f, g) + K[i] + W[i];
122 t1 = Sigma0(a) + Maj(a, b, c);
123 d += t0;
124 h = t0 + t1;
125 };
126
127 for (int i = 0; i < 80; i += 8)
128 {
129 RND(S[0], S[1], S[2], S[3], S[4], S[5], S[6], S[7], i + 0);
130 RND(S[7], S[0], S[1], S[2], S[3], S[4], S[5], S[6], i + 1);
131 RND(S[6], S[7], S[0], S[1], S[2], S[3], S[4], S[5], i + 2);
132 RND(S[5], S[6], S[7], S[0], S[1], S[2], S[3], S[4], i + 3);
133 RND(S[4], S[5], S[6], S[7], S[0], S[1], S[2], S[3], i + 4);
134 RND(S[3], S[4], S[5], S[6], S[7], S[0], S[1], S[2], i + 5);
135 RND(S[2], S[3], S[4], S[5], S[6], S[7], S[0], S[1], i + 6);
136 RND(S[1], S[2], S[3], S[4], S[5], S[6], S[7], S[0], i + 7);
137 }
138
139 // Feedback
140 for (int i = 0; i < 8; i++)
141 state[i] = state[i] + S[i];
142}
143
144} // namespace digest_detail
145
147 curlen_ = 0;
148 length_ = 0;
149 state_[0] = 0x6a09e667f3bcc908ULL;
150 state_[1] = 0xbb67ae8584caa73bULL;
151 state_[2] = 0x3c6ef372fe94f82bULL;
152 state_[3] = 0xa54ff53a5f1d36f1ULL;
153 state_[4] = 0x510e527fade682d1ULL;
154 state_[5] = 0x9b05688c2b3e6c1fULL;
155 state_[6] = 0x1f83d9abfb41bd6bULL;
156 state_[7] = 0x5be0cd19137e2179ULL;
157}
158
159SHA512::SHA512(const void* data, uint32_t size) : SHA512() {
160 process(data, size);
161}
162
163SHA512::SHA512(const std::string& str) : SHA512() {
164 process(str);
165}
166
167void SHA512::process(const void* data, uint32_t size) {
168 const uint32_t block_size = sizeof(SHA512::buf_);
169 auto in = static_cast<const uint8_t*>(data);
170
171 while (size > 0)
172 {
173 if (curlen_ == 0 && size >= block_size)
174 {
176 length_ += block_size * 8;
177 in += block_size;
178 size -= block_size;
179 }
180 else
181 {
182 uint32_t n = digest_detail::min(size, (block_size - curlen_));
183 uint8_t* b = buf_ + curlen_;
184 for (const uint8_t* a = in; a != in + n; ++a, ++b) {
185 *b = *a;
186 }
187 curlen_ += n;
188 in += n;
189 size -= n;
190
191 if (curlen_ == block_size)
192 {
194 length_ += 8 * block_size;
195 curlen_ = 0;
196 }
197 }
198 }
199}
200
201void SHA512::process(const std::string& str) {
202 return process(str.data(), str.size());
203}
204
205void SHA512::finalize(void* digest) {
206 // Increase the length of the message
207 length_ += curlen_ * 8ULL;
208
209 // Append the '1' bit
210 buf_[curlen_++] = static_cast<uint8_t>(0x80);
211
212 // If the length is currently above 112 bytes we append zeros then compress.
213 // Then we can fall back to padding zeros and length encoding like normal.
214 if (curlen_ > 112)
215 {
216 while (curlen_ < 128)
217 buf_[curlen_++] = 0;
219 curlen_ = 0;
220 }
221
222 // Pad up to 120 bytes of zeroes
223 // note: that from 112 to 120 is the 64 MSB of the length. We assume that
224 // you won't hash 2^64 bits of data... :-)
225 while (curlen_ < 120)
226 buf_[curlen_++] = 0;
227
228 // Store length
231
232 // Copy output
233 for (int i = 0; i < 8; i++) {
235 state_[i], static_cast<uint8_t*>(digest) + (8 * i));
236 }
237}
238
239std::string SHA512::digest() {
240 std::string out(kDigestLength, '0');
241 finalize(const_cast<char*>(out.data()));
242 return out;
243}
244
245std::string SHA512::digest_hex() {
246 uint8_t digest[kDigestLength];
249}
250
252 uint8_t digest[kDigestLength];
255}
256
257std::string sha512_hex(const void* data, uint32_t size) {
258 return SHA512(data, size).digest_hex();
259}
260
261std::string sha512_hex(const std::string& str) {
262 return SHA512(str).digest_hex();
263}
264
265std::string sha512_hex_uc(const void* data, uint32_t size) {
266 return SHA512(data, size).digest_hex_uc();
267}
268
269std::string sha512_hex_uc(const std::string& str) {
270 return SHA512(str).digest_hex_uc();
271}
272
273} // namespace tlx
274
275/******************************************************************************/
SHA-512 processor without external dependencies.
Definition: sha512.hpp:29
void finalize(void *digest)
finalize computation and output 64 byte (512 bit) digest
Definition: sha512.cpp:205
uint8_t buf_[128]
Definition: sha512.hpp:60
std::string digest_hex()
finalize computation and return 64 byte (512 bit) digest hex encoded
Definition: sha512.cpp:245
std::string digest()
finalize computation and return 64 byte (512 bit) digest
Definition: sha512.cpp:239
std::string digest_hex_uc()
finalize computation and return 64 byte (512 bit) digest upper-case hex
Definition: sha512.cpp:251
void process(const void *data, uint32_t size)
process more data
Definition: sha512.cpp:167
static constexpr size_t kDigestLength
digest length in bytes
Definition: sha512.hpp:44
uint64_t length_
Definition: sha512.hpp:57
SHA512()
construct empty object.
Definition: sha512.cpp:146
uint32_t curlen_
Definition: sha512.hpp:59
uint64_t state_[8]
Definition: sha512.hpp:58
std::string sha512_hex_uc(const void *data, uint32_t size)
process data and return 64 byte (512 bit) digest upper-case hex encoded
Definition: sha512.cpp:265
std::string sha512_hex(const void *data, uint32_t size)
process data and return 64 byte (512 bit) digest hex encoded
Definition: sha512.cpp:257
static uint64_t ror64(const uint64_t &x, int i)
ror64 - generic
Definition: ror.hpp:89
std::string hexdump_lc(const void *const data, size_t size)
Dump a (binary) string as a sequence of lowercase hexadecimal pairs.
Definition: hexdump.cpp:95
std::string hexdump(const void *const data, size_t size)
Dump a (binary) string as a sequence of uppercase hexadecimal pairs.
Definition: hexdump.cpp:21
static uint64_t Maj(const uint64_t &x, const uint64_t &y, const uint64_t &z)
Definition: sha512.cpp:82
static uint32_t min(uint32_t x, uint32_t y)
Definition: md5.cpp:32
static uint64_t Sigma1(uint64_t x)
Definition: sha512.cpp:91
static uint64_t Ch(const uint64_t &x, const uint64_t &y, const uint64_t &z)
Definition: sha512.cpp:78
static uint64_t Gamma1(uint64_t x)
Definition: sha512.cpp:97
static uint64_t load64(const unsigned char *y)
Definition: sha512.cpp:70
static const uint64_t K[80]
Definition: sha512.cpp:32
static uint64_t Sh(uint64_t x, uint64_t n)
Definition: sha512.cpp:85
static void sha512_compress(uint64_t state[8], const uint8_t *buf)
Definition: sha512.cpp:101
static uint64_t Sigma0(uint64_t x)
Definition: sha512.cpp:88
static void store64(uint64_t x, unsigned char *y)
Definition: sha512.cpp:66
static uint64_t Gamma0(uint64_t x)
Definition: sha512.cpp:94