PostgreSQL Source Code git master
Loading...
Searching...
No Matches
sha2.c
Go to the documentation of this file.
1/*-------------------------------------------------------------------------
2 *
3 * sha2.c
4 * SHA functions for SHA-224, SHA-256, SHA-384 and SHA-512.
5 *
6 * This includes the fallback implementation for SHA2 cryptographic
7 * hashes.
8 *
9 * Portions Copyright (c) 1996-2026, PostgreSQL Global Development Group
10 * Portions Copyright (c) 1994, Regents of the University of California
11 *
12 * IDENTIFICATION
13 * src/common/sha2.c
14 *
15 *-------------------------------------------------------------------------
16 */
17
18/* $OpenBSD: sha2.c,v 1.6 2004/05/03 02:57:36 millert Exp $ */
19/*
20 * FILE: sha2.c
21 * AUTHOR: Aaron D. Gifford <me@aarongifford.com>
22 *
23 * Copyright (c) 2000-2001, Aaron D. Gifford
24 * All rights reserved.
25 *
26 * Redistribution and use in source and binary forms, with or without
27 * modification, are permitted provided that the following conditions
28 * are met:
29 * 1. Redistributions of source code must retain the above copyright
30 * notice, this list of conditions and the following disclaimer.
31 * 2. Redistributions in binary form must reproduce the above copyright
32 * notice, this list of conditions and the following disclaimer in the
33 * documentation and/or other materials provided with the distribution.
34 * 3. Neither the name of the copyright holder nor the names of contributors
35 * may be used to endorse or promote products derived from this software
36 * without specific prior written permission.
37 *
38 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTOR(S) ``AS IS'' AND
39 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
40 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
41 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTOR(S) BE LIABLE
42 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
43 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
44 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
45 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
46 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
47 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
48 * SUCH DAMAGE.
49 *
50 * $From: sha2.c,v 1.1 2001/11/08 00:01:51 adg Exp adg $
51 */
52
53
54#ifndef FRONTEND
55#include "postgres.h"
56#else
57#include "postgres_fe.h"
58#endif
59
60#include "sha2_int.h"
61
62/*
63 * In backend, use palloc/pfree to ease the error handling. In frontend,
64 * use malloc to be able to return a failure status back to the caller.
65 */
66#ifndef FRONTEND
67#define ALLOC(size) palloc(size)
68#define FREE(ptr) pfree(ptr)
69#else
70#define ALLOC(size) malloc(size)
71#define FREE(ptr) free(ptr)
72#endif
73
74/*
75 * UNROLLED TRANSFORM LOOP NOTE:
76 * You can define SHA2_UNROLL_TRANSFORM to use the unrolled transform
77 * loop version for the hash transform rounds (defined using macros
78 * later in this file). Either define on the command line, for example:
79 *
80 * cc -DSHA2_UNROLL_TRANSFORM -o sha2 sha2.c sha2prog.c
81 *
82 * or define below:
83 *
84 * #define SHA2_UNROLL_TRANSFORM
85 *
86 */
87
88/*** SHA-256/384/512 Various Length Definitions ***********************/
89#define PG_SHA256_SHORT_BLOCK_LENGTH (PG_SHA256_BLOCK_LENGTH - 8)
90#define PG_SHA384_SHORT_BLOCK_LENGTH (PG_SHA384_BLOCK_LENGTH - 16)
91#define PG_SHA512_SHORT_BLOCK_LENGTH (PG_SHA512_BLOCK_LENGTH - 16)
92
93/*** ENDIAN REVERSAL MACROS *******************************************/
94#ifndef WORDS_BIGENDIAN
95#define REVERSE32(w,x) { \
96 uint32 tmp = (w); \
97 tmp = (tmp >> 16) | (tmp << 16); \
98 (x) = ((tmp & 0xff00ff00UL) >> 8) | ((tmp & 0x00ff00ffUL) << 8); \
99}
100#define REVERSE64(w,x) { \
101 uint64 tmp = (w); \
102 tmp = (tmp >> 32) | (tmp << 32); \
103 tmp = ((tmp & 0xff00ff00ff00ff00ULL) >> 8) | \
104 ((tmp & 0x00ff00ff00ff00ffULL) << 8); \
105 (x) = ((tmp & 0xffff0000ffff0000ULL) >> 16) | \
106 ((tmp & 0x0000ffff0000ffffULL) << 16); \
107}
108#endif /* not bigendian */
109
110/*
111 * Macro for incrementally adding the unsigned 64-bit integer n to the
112 * unsigned 128-bit integer (represented using a two-element array of
113 * 64-bit words):
114 */
115#define ADDINC128(w,n) { \
116 (w)[0] += (uint64)(n); \
117 if ((w)[0] < (n)) { \
118 (w)[1]++; \
119 } \
120}
121
122/*** THE SIX LOGICAL FUNCTIONS ****************************************/
123/*
124 * Bit shifting and rotation (used by the six SHA-XYZ logical functions:
125 *
126 * NOTE: The naming of R and S appears backwards here (R is a SHIFT and
127 * S is a ROTATION) because the SHA-256/384/512 description document
128 * (see http://www.iwar.org.uk/comsec/resources/cipher/sha256-384-512.pdf)
129 * uses this same "backwards" definition.
130 */
131/* Shift-right (used in SHA-256, SHA-384, and SHA-512): */
132#define R(b,x) ((x) >> (b))
133/* 32-bit Rotate-right (used in SHA-256): */
134#define S32(b,x) (((x) >> (b)) | ((x) << (32 - (b))))
135/* 64-bit Rotate-right (used in SHA-384 and SHA-512): */
136#define S64(b,x) (((x) >> (b)) | ((x) << (64 - (b))))
137
138/* Two of six logical functions used in SHA-256, SHA-384, and SHA-512: */
139#define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z)))
140#define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
141
142/* Four of six logical functions used in SHA-256: */
143#define Sigma0_256(x) (S32(2, (x)) ^ S32(13, (x)) ^ S32(22, (x)))
144#define Sigma1_256(x) (S32(6, (x)) ^ S32(11, (x)) ^ S32(25, (x)))
145#define sigma0_256(x) (S32(7, (x)) ^ S32(18, (x)) ^ R(3 , (x)))
146#define sigma1_256(x) (S32(17, (x)) ^ S32(19, (x)) ^ R(10, (x)))
147
148/* Four of six logical functions used in SHA-384 and SHA-512: */
149#define Sigma0_512(x) (S64(28, (x)) ^ S64(34, (x)) ^ S64(39, (x)))
150#define Sigma1_512(x) (S64(14, (x)) ^ S64(18, (x)) ^ S64(41, (x)))
151#define sigma0_512(x) (S64( 1, (x)) ^ S64( 8, (x)) ^ R( 7, (x)))
152#define sigma1_512(x) (S64(19, (x)) ^ S64(61, (x)) ^ R( 6, (x)))
153
154/*** INTERNAL FUNCTION PROTOTYPES *************************************/
155/*
156 * NOTE: These should not be accessed directly from outside this
157 * library -- they are intended for private internal visibility/use
158 * only.
159 */
160static void SHA512_Last(pg_sha512_ctx *context);
161static void SHA256_Transform(pg_sha256_ctx *context, const uint8 *data);
162static void SHA512_Transform(pg_sha512_ctx *context, const uint8 *data);
163
164/*** SHA-XYZ INITIAL HASH VALUES AND CONSTANTS ************************/
165/* Hash constant words K for SHA-256: */
166static const uint32 K256[64] = {
167 0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL,
168 0x3956c25bUL, 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL,
169 0xd807aa98UL, 0x12835b01UL, 0x243185beUL, 0x550c7dc3UL,
170 0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL, 0xc19bf174UL,
171 0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL,
172 0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL,
173 0x983e5152UL, 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL,
174 0xc6e00bf3UL, 0xd5a79147UL, 0x06ca6351UL, 0x14292967UL,
175 0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL, 0x53380d13UL,
176 0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL,
177 0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL,
178 0xd192e819UL, 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL,
179 0x19a4c116UL, 0x1e376c08UL, 0x2748774cUL, 0x34b0bcb5UL,
180 0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL, 0x682e6ff3UL,
181 0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL,
182 0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL
183};
184
185/* Initial hash value H for SHA-224: */
186static const uint32 sha224_initial_hash_value[8] = {
187 0xc1059ed8UL,
188 0x367cd507UL,
189 0x3070dd17UL,
190 0xf70e5939UL,
191 0xffc00b31UL,
192 0x68581511UL,
193 0x64f98fa7UL,
194 0xbefa4fa4UL
195};
196
197/* Initial hash value H for SHA-256: */
198static const uint32 sha256_initial_hash_value[8] = {
199 0x6a09e667UL,
200 0xbb67ae85UL,
201 0x3c6ef372UL,
202 0xa54ff53aUL,
203 0x510e527fUL,
204 0x9b05688cUL,
205 0x1f83d9abUL,
206 0x5be0cd19UL
207};
208
209/* Hash constant words K for SHA-384 and SHA-512: */
210static const uint64 K512[80] = {
211 0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL,
212 0xb5c0fbcfec4d3b2fULL, 0xe9b5dba58189dbbcULL,
213 0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL,
214 0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL,
215 0xd807aa98a3030242ULL, 0x12835b0145706fbeULL,
216 0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL,
217 0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL,
218 0x9bdc06a725c71235ULL, 0xc19bf174cf692694ULL,
219 0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL,
220 0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL,
221 0x2de92c6f592b0275ULL, 0x4a7484aa6ea6e483ULL,
222 0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL,
223 0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL,
224 0xb00327c898fb213fULL, 0xbf597fc7beef0ee4ULL,
225 0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL,
226 0x06ca6351e003826fULL, 0x142929670a0e6e70ULL,
227 0x27b70a8546d22ffcULL, 0x2e1b21385c26c926ULL,
228 0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL,
229 0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL,
230 0x81c2c92e47edaee6ULL, 0x92722c851482353bULL,
231 0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL,
232 0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL,
233 0xd192e819d6ef5218ULL, 0xd69906245565a910ULL,
234 0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL,
235 0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL,
236 0x2748774cdf8eeb99ULL, 0x34b0bcb5e19b48a8ULL,
237 0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL,
238 0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL,
239 0x748f82ee5defb2fcULL, 0x78a5636f43172f60ULL,
240 0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL,
241 0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL,
242 0xbef9a3f7b2c67915ULL, 0xc67178f2e372532bULL,
243 0xca273eceea26619cULL, 0xd186b8c721c0c207ULL,
244 0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL,
245 0x06f067aa72176fbaULL, 0x0a637dc5a2c898a6ULL,
246 0x113f9804bef90daeULL, 0x1b710b35131c471bULL,
247 0x28db77f523047d84ULL, 0x32caab7b40c72493ULL,
248 0x3c9ebe0a15c9bebcULL, 0x431d67c49c100d4cULL,
249 0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL,
250 0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL
251};
252
253/* Initial hash value H for SHA-384 */
254static const uint64 sha384_initial_hash_value[8] = {
255 0xcbbb9d5dc1059ed8ULL,
256 0x629a292a367cd507ULL,
257 0x9159015a3070dd17ULL,
258 0x152fecd8f70e5939ULL,
259 0x67332667ffc00b31ULL,
260 0x8eb44a8768581511ULL,
261 0xdb0c2e0d64f98fa7ULL,
262 0x47b5481dbefa4fa4ULL
263};
264
265/* Initial hash value H for SHA-512 */
266static const uint64 sha512_initial_hash_value[8] = {
267 0x6a09e667f3bcc908ULL,
268 0xbb67ae8584caa73bULL,
269 0x3c6ef372fe94f82bULL,
270 0xa54ff53a5f1d36f1ULL,
271 0x510e527fade682d1ULL,
272 0x9b05688c2b3e6c1fULL,
273 0x1f83d9abfb41bd6bULL,
274 0x5be0cd19137e2179ULL
275};
276
277
278/*** SHA-256: *********************************************************/
279void
280pg_sha256_init(pg_sha256_ctx *context)
281{
282 if (context == NULL)
283 return;
284 memcpy(context->state, sha256_initial_hash_value, PG_SHA256_DIGEST_LENGTH);
285 memset(context->buffer, 0, PG_SHA256_BLOCK_LENGTH);
286 context->bitcount = 0;
287}
288
289#ifdef SHA2_UNROLL_TRANSFORM
290
291/* Unrolled SHA-256 round macros: */
292
293#define ROUND256_0_TO_15(a,b,c,d,e,f,g,h) do { \
294 W256[j] = (uint32)data[3] | ((uint32)data[2] << 8) | \
295 ((uint32)data[1] << 16) | ((uint32)data[0] << 24); \
296 data += 4; \
297 T1 = (h) + Sigma1_256((e)) + Ch((e), (f), (g)) + K256[j] + W256[j]; \
298 (d) += T1; \
299 (h) = T1 + Sigma0_256((a)) + Maj((a), (b), (c)); \
300 j++; \
301} while(0)
302
303#define ROUND256(a,b,c,d,e,f,g,h) do { \
304 s0 = W256[(j+1)&0x0f]; \
305 s0 = sigma0_256(s0); \
306 s1 = W256[(j+14)&0x0f]; \
307 s1 = sigma1_256(s1); \
308 T1 = (h) + Sigma1_256((e)) + Ch((e), (f), (g)) + K256[j] + \
309 (W256[j&0x0f] += s1 + W256[(j+9)&0x0f] + s0); \
310 (d) += T1; \
311 (h) = T1 + Sigma0_256((a)) + Maj((a), (b), (c)); \
312 j++; \
313} while(0)
314
315static void
316SHA256_Transform(pg_sha256_ctx *context, const uint8 *data)
317{
318 uint32 a,
319 b,
320 c,
321 d,
322 e,
323 f,
324 g,
325 h,
326 s0,
327 s1;
328 uint32 T1,
329 *W256;
330 int j;
331
332 W256 = (uint32 *) context->buffer;
333
334 /* Initialize registers with the prev. intermediate value */
335 a = context->state[0];
336 b = context->state[1];
337 c = context->state[2];
338 d = context->state[3];
339 e = context->state[4];
340 f = context->state[5];
341 g = context->state[6];
342 h = context->state[7];
343
344 j = 0;
345 do
346 {
347 /* Rounds 0 to 15 (unrolled): */
348 ROUND256_0_TO_15(a, b, c, d, e, f, g, h);
349 ROUND256_0_TO_15(h, a, b, c, d, e, f, g);
350 ROUND256_0_TO_15(g, h, a, b, c, d, e, f);
351 ROUND256_0_TO_15(f, g, h, a, b, c, d, e);
352 ROUND256_0_TO_15(e, f, g, h, a, b, c, d);
353 ROUND256_0_TO_15(d, e, f, g, h, a, b, c);
354 ROUND256_0_TO_15(c, d, e, f, g, h, a, b);
355 ROUND256_0_TO_15(b, c, d, e, f, g, h, a);
356 } while (j < 16);
357
358 /* Now for the remaining rounds to 64: */
359 do
360 {
361 ROUND256(a, b, c, d, e, f, g, h);
362 ROUND256(h, a, b, c, d, e, f, g);
363 ROUND256(g, h, a, b, c, d, e, f);
364 ROUND256(f, g, h, a, b, c, d, e);
365 ROUND256(e, f, g, h, a, b, c, d);
366 ROUND256(d, e, f, g, h, a, b, c);
367 ROUND256(c, d, e, f, g, h, a, b);
368 ROUND256(b, c, d, e, f, g, h, a);
369 } while (j < 64);
370
371 /* Compute the current intermediate hash value */
372 context->state[0] += a;
373 context->state[1] += b;
374 context->state[2] += c;
375 context->state[3] += d;
376 context->state[4] += e;
377 context->state[5] += f;
378 context->state[6] += g;
379 context->state[7] += h;
380
381 /* Clean up */
382 a = b = c = d = e = f = g = h = T1 = 0;
383}
384#else /* SHA2_UNROLL_TRANSFORM */
385
386static void
387SHA256_Transform(pg_sha256_ctx *context, const uint8 *data)
388{
389 uint32 a,
390 b,
391 c,
392 d,
393 e,
394 f,
395 g,
396 h,
397 s0,
398 s1;
399 uint32 T1,
400 T2,
401 *W256;
402 int j;
403
404 W256 = (uint32 *) context->buffer;
405
406 /* Initialize registers with the prev. intermediate value */
407 a = context->state[0];
408 b = context->state[1];
409 c = context->state[2];
410 d = context->state[3];
411 e = context->state[4];
412 f = context->state[5];
413 g = context->state[6];
414 h = context->state[7];
415
416 j = 0;
417 do
418 {
419 W256[j] = (uint32) data[3] | ((uint32) data[2] << 8) |
420 ((uint32) data[1] << 16) | ((uint32) data[0] << 24);
421 data += 4;
422 /* Apply the SHA-256 compression function to update a..h */
423 T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + W256[j];
424 T2 = Sigma0_256(a) + Maj(a, b, c);
425 h = g;
426 g = f;
427 f = e;
428 e = d + T1;
429 d = c;
430 c = b;
431 b = a;
432 a = T1 + T2;
433
434 j++;
435 } while (j < 16);
436
437 do
438 {
439 /* Part of the message block expansion: */
440 s0 = W256[(j + 1) & 0x0f];
441 s0 = sigma0_256(s0);
442 s1 = W256[(j + 14) & 0x0f];
443 s1 = sigma1_256(s1);
444
445 /* Apply the SHA-256 compression function to update a..h */
446 T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] +
447 (W256[j & 0x0f] += s1 + W256[(j + 9) & 0x0f] + s0);
448 T2 = Sigma0_256(a) + Maj(a, b, c);
449 h = g;
450 g = f;
451 f = e;
452 e = d + T1;
453 d = c;
454 c = b;
455 b = a;
456 a = T1 + T2;
457
458 j++;
459 } while (j < 64);
460
461 /* Compute the current intermediate hash value */
462 context->state[0] += a;
463 context->state[1] += b;
464 context->state[2] += c;
465 context->state[3] += d;
466 context->state[4] += e;
467 context->state[5] += f;
468 context->state[6] += g;
469 context->state[7] += h;
470
471 /* Clean up */
472 a = b = c = d = e = f = g = h = T1 = T2 = 0;
473}
474#endif /* SHA2_UNROLL_TRANSFORM */
475
476void
477pg_sha256_update(pg_sha256_ctx *context, const uint8 *data, size_t len)
478{
479 size_t freespace,
480 usedspace;
481
482 /* Calling with no data is valid (we do nothing) */
483 if (len == 0)
484 return;
485
486 usedspace = (context->bitcount >> 3) % PG_SHA256_BLOCK_LENGTH;
487 if (usedspace > 0)
488 {
489 /* Calculate how much free space is available in the buffer */
490 freespace = PG_SHA256_BLOCK_LENGTH - usedspace;
491
492 if (len >= freespace)
493 {
494 /* Fill the buffer completely and process it */
495 memcpy(&context->buffer[usedspace], data, freespace);
496 context->bitcount += freespace << 3;
497 len -= freespace;
498 data += freespace;
499 SHA256_Transform(context, context->buffer);
500 }
501 else
502 {
503 /* The buffer is not yet full */
504 memcpy(&context->buffer[usedspace], data, len);
505 context->bitcount += len << 3;
506 /* Clean up: */
507 usedspace = freespace = 0;
508 return;
509 }
510 }
511 while (len >= PG_SHA256_BLOCK_LENGTH)
512 {
513 /* Process as many complete blocks as we can */
514 SHA256_Transform(context, data);
515 context->bitcount += PG_SHA256_BLOCK_LENGTH << 3;
516 len -= PG_SHA256_BLOCK_LENGTH;
517 data += PG_SHA256_BLOCK_LENGTH;
518 }
519 if (len > 0)
520 {
521 /* There's left-overs, so save 'em */
522 memcpy(context->buffer, data, len);
523 context->bitcount += len << 3;
524 }
525 /* Clean up: */
526 usedspace = freespace = 0;
527}
528
529static void
530SHA256_Last(pg_sha256_ctx *context)
531{
532 unsigned int usedspace;
533
534 usedspace = (context->bitcount >> 3) % PG_SHA256_BLOCK_LENGTH;
535#ifndef WORDS_BIGENDIAN
536 /* Convert FROM host byte order */
537 REVERSE64(context->bitcount, context->bitcount);
538#endif
539 if (usedspace > 0)
540 {
541 /* Begin padding with a 1 bit: */
542 context->buffer[usedspace++] = 0x80;
543
544 if (usedspace <= PG_SHA256_SHORT_BLOCK_LENGTH)
545 {
546 /* Set-up for the last transform: */
547 memset(&context->buffer[usedspace], 0, PG_SHA256_SHORT_BLOCK_LENGTH - usedspace);
548 }
549 else
550 {
551 if (usedspace < PG_SHA256_BLOCK_LENGTH)
552 {
553 memset(&context->buffer[usedspace], 0, PG_SHA256_BLOCK_LENGTH - usedspace);
554 }
555 /* Do second-to-last transform: */
556 SHA256_Transform(context, context->buffer);
557
558 /* And set-up for the last transform: */
559 memset(context->buffer, 0, PG_SHA256_SHORT_BLOCK_LENGTH);
560 }
561 }
562 else
563 {
564 /* Set-up for the last transform: */
565 memset(context->buffer, 0, PG_SHA256_SHORT_BLOCK_LENGTH);
566
567 /* Begin padding with a 1 bit: */
568 *context->buffer = 0x80;
569 }
570 /* Set the bit count: */
571 *(uint64 *) &context->buffer[PG_SHA256_SHORT_BLOCK_LENGTH] = context->bitcount;
572
573 /* Final transform: */
574 SHA256_Transform(context, context->buffer);
575}
576
577void
578pg_sha256_final(pg_sha256_ctx *context, uint8 *digest)
579{
580 /* If no digest buffer is passed, we don't bother doing this: */
581 if (digest != NULL)
582 {
583 SHA256_Last(context);
584
585#ifndef WORDS_BIGENDIAN
586 {
587 /* Convert TO host byte order */
588 int j;
589
590 for (j = 0; j < 8; j++)
591 {
592 REVERSE32(context->state[j], context->state[j]);
593 }
594 }
595#endif
596 memcpy(digest, context->state, PG_SHA256_DIGEST_LENGTH);
597 }
598
599 /* Clean up state data: */
600 memset(context, 0, sizeof(pg_sha256_ctx));
601}
602
603
604/*** SHA-512: *********************************************************/
605void
606pg_sha512_init(pg_sha512_ctx *context)
607{
608 if (context == NULL)
609 return;
610 memcpy(context->state, sha512_initial_hash_value, PG_SHA512_DIGEST_LENGTH);
611 memset(context->buffer, 0, PG_SHA512_BLOCK_LENGTH);
612 context->bitcount[0] = context->bitcount[1] = 0;
613}
614
615#ifdef SHA2_UNROLL_TRANSFORM
616
617/* Unrolled SHA-512 round macros: */
618
619#define ROUND512_0_TO_15(a,b,c,d,e,f,g,h) do { \
620 W512[j] = (uint64)data[7] | ((uint64)data[6] << 8) | \
621 ((uint64)data[5] << 16) | ((uint64)data[4] << 24) | \
622 ((uint64)data[3] << 32) | ((uint64)data[2] << 40) | \
623 ((uint64)data[1] << 48) | ((uint64)data[0] << 56); \
624 data += 8; \
625 T1 = (h) + Sigma1_512((e)) + Ch((e), (f), (g)) + K512[j] + W512[j]; \
626 (d) += T1; \
627 (h) = T1 + Sigma0_512((a)) + Maj((a), (b), (c)); \
628 j++; \
629} while(0)
630
631
632#define ROUND512(a,b,c,d,e,f,g,h) do { \
633 s0 = W512[(j+1)&0x0f]; \
634 s0 = sigma0_512(s0); \
635 s1 = W512[(j+14)&0x0f]; \
636 s1 = sigma1_512(s1); \
637 T1 = (h) + Sigma1_512((e)) + Ch((e), (f), (g)) + K512[j] + \
638 (W512[j&0x0f] += s1 + W512[(j+9)&0x0f] + s0); \
639 (d) += T1; \
640 (h) = T1 + Sigma0_512((a)) + Maj((a), (b), (c)); \
641 j++; \
642} while(0)
643
644static void
645SHA512_Transform(pg_sha512_ctx *context, const uint8 *data)
646{
647 uint64 a,
648 b,
649 c,
650 d,
651 e,
652 f,
653 g,
654 h,
655 s0,
656 s1;
657 uint64 T1,
658 *W512 = (uint64 *) context->buffer;
659 int j;
660
661 /* Initialize registers with the prev. intermediate value */
662 a = context->state[0];
663 b = context->state[1];
664 c = context->state[2];
665 d = context->state[3];
666 e = context->state[4];
667 f = context->state[5];
668 g = context->state[6];
669 h = context->state[7];
670
671 j = 0;
672 do
673 {
674 ROUND512_0_TO_15(a, b, c, d, e, f, g, h);
675 ROUND512_0_TO_15(h, a, b, c, d, e, f, g);
676 ROUND512_0_TO_15(g, h, a, b, c, d, e, f);
677 ROUND512_0_TO_15(f, g, h, a, b, c, d, e);
678 ROUND512_0_TO_15(e, f, g, h, a, b, c, d);
679 ROUND512_0_TO_15(d, e, f, g, h, a, b, c);
680 ROUND512_0_TO_15(c, d, e, f, g, h, a, b);
681 ROUND512_0_TO_15(b, c, d, e, f, g, h, a);
682 } while (j < 16);
683
684 /* Now for the remaining rounds up to 79: */
685 do
686 {
687 ROUND512(a, b, c, d, e, f, g, h);
688 ROUND512(h, a, b, c, d, e, f, g);
689 ROUND512(g, h, a, b, c, d, e, f);
690 ROUND512(f, g, h, a, b, c, d, e);
691 ROUND512(e, f, g, h, a, b, c, d);
692 ROUND512(d, e, f, g, h, a, b, c);
693 ROUND512(c, d, e, f, g, h, a, b);
694 ROUND512(b, c, d, e, f, g, h, a);
695 } while (j < 80);
696
697 /* Compute the current intermediate hash value */
698 context->state[0] += a;
699 context->state[1] += b;
700 context->state[2] += c;
701 context->state[3] += d;
702 context->state[4] += e;
703 context->state[5] += f;
704 context->state[6] += g;
705 context->state[7] += h;
706
707 /* Clean up */
708 a = b = c = d = e = f = g = h = T1 = 0;
709}
710#else /* SHA2_UNROLL_TRANSFORM */
711
712static void
713SHA512_Transform(pg_sha512_ctx *context, const uint8 *data)
714{
715 uint64 a,
716 b,
717 c,
718 d,
719 e,
720 f,
721 g,
722 h,
723 s0,
724 s1;
725 uint64 T1,
726 T2,
727 *W512 = (uint64 *) context->buffer;
728 int j;
729
730 /* Initialize registers with the prev. intermediate value */
731 a = context->state[0];
732 b = context->state[1];
733 c = context->state[2];
734 d = context->state[3];
735 e = context->state[4];
736 f = context->state[5];
737 g = context->state[6];
738 h = context->state[7];
739
740 j = 0;
741 do
742 {
743 W512[j] = (uint64) data[7] | ((uint64) data[6] << 8) |
744 ((uint64) data[5] << 16) | ((uint64) data[4] << 24) |
745 ((uint64) data[3] << 32) | ((uint64) data[2] << 40) |
746 ((uint64) data[1] << 48) | ((uint64) data[0] << 56);
747 data += 8;
748 /* Apply the SHA-512 compression function to update a..h */
749 T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + W512[j];
750 T2 = Sigma0_512(a) + Maj(a, b, c);
751 h = g;
752 g = f;
753 f = e;
754 e = d + T1;
755 d = c;
756 c = b;
757 b = a;
758 a = T1 + T2;
759
760 j++;
761 } while (j < 16);
762
763 do
764 {
765 /* Part of the message block expansion: */
766 s0 = W512[(j + 1) & 0x0f];
767 s0 = sigma0_512(s0);
768 s1 = W512[(j + 14) & 0x0f];
769 s1 = sigma1_512(s1);
770
771 /* Apply the SHA-512 compression function to update a..h */
772 T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] +
773 (W512[j & 0x0f] += s1 + W512[(j + 9) & 0x0f] + s0);
774 T2 = Sigma0_512(a) + Maj(a, b, c);
775 h = g;
776 g = f;
777 f = e;
778 e = d + T1;
779 d = c;
780 c = b;
781 b = a;
782 a = T1 + T2;
783
784 j++;
785 } while (j < 80);
786
787 /* Compute the current intermediate hash value */
788 context->state[0] += a;
789 context->state[1] += b;
790 context->state[2] += c;
791 context->state[3] += d;
792 context->state[4] += e;
793 context->state[5] += f;
794 context->state[6] += g;
795 context->state[7] += h;
796
797 /* Clean up */
798 a = b = c = d = e = f = g = h = T1 = T2 = 0;
799}
800#endif /* SHA2_UNROLL_TRANSFORM */
801
802void
803pg_sha512_update(pg_sha512_ctx *context, const uint8 *data, size_t len)
804{
805 size_t freespace,
806 usedspace;
807
808 /* Calling with no data is valid (we do nothing) */
809 if (len == 0)
810 return;
811
812 usedspace = (context->bitcount[0] >> 3) % PG_SHA512_BLOCK_LENGTH;
813 if (usedspace > 0)
814 {
815 /* Calculate how much free space is available in the buffer */
816 freespace = PG_SHA512_BLOCK_LENGTH - usedspace;
817
818 if (len >= freespace)
819 {
820 /* Fill the buffer completely and process it */
821 memcpy(&context->buffer[usedspace], data, freespace);
822 ADDINC128(context->bitcount, freespace << 3);
823 len -= freespace;
824 data += freespace;
825 SHA512_Transform(context, context->buffer);
826 }
827 else
828 {
829 /* The buffer is not yet full */
830 memcpy(&context->buffer[usedspace], data, len);
831 ADDINC128(context->bitcount, len << 3);
832 /* Clean up: */
833 usedspace = freespace = 0;
834 return;
835 }
836 }
837 while (len >= PG_SHA512_BLOCK_LENGTH)
838 {
839 /* Process as many complete blocks as we can */
840 SHA512_Transform(context, data);
841 ADDINC128(context->bitcount, PG_SHA512_BLOCK_LENGTH << 3);
842 len -= PG_SHA512_BLOCK_LENGTH;
843 data += PG_SHA512_BLOCK_LENGTH;
844 }
845 if (len > 0)
846 {
847 /* There's left-overs, so save 'em */
848 memcpy(context->buffer, data, len);
849 ADDINC128(context->bitcount, len << 3);
850 }
851 /* Clean up: */
852 usedspace = freespace = 0;
853}
854
855static void
856SHA512_Last(pg_sha512_ctx *context)
857{
858 unsigned int usedspace;
859
860 usedspace = (context->bitcount[0] >> 3) % PG_SHA512_BLOCK_LENGTH;
861#ifndef WORDS_BIGENDIAN
862 /* Convert FROM host byte order */
863 REVERSE64(context->bitcount[0], context->bitcount[0]);
864 REVERSE64(context->bitcount[1], context->bitcount[1]);
865#endif
866 if (usedspace > 0)
867 {
868 /* Begin padding with a 1 bit: */
869 context->buffer[usedspace++] = 0x80;
870
871 if (usedspace <= PG_SHA512_SHORT_BLOCK_LENGTH)
872 {
873 /* Set-up for the last transform: */
874 memset(&context->buffer[usedspace], 0, PG_SHA512_SHORT_BLOCK_LENGTH - usedspace);
875 }
876 else
877 {
878 if (usedspace < PG_SHA512_BLOCK_LENGTH)
879 {
880 memset(&context->buffer[usedspace], 0, PG_SHA512_BLOCK_LENGTH - usedspace);
881 }
882 /* Do second-to-last transform: */
883 SHA512_Transform(context, context->buffer);
884
885 /* And set-up for the last transform: */
886 memset(context->buffer, 0, PG_SHA512_BLOCK_LENGTH - 2);
887 }
888 }
889 else
890 {
891 /* Prepare for final transform: */
892 memset(context->buffer, 0, PG_SHA512_SHORT_BLOCK_LENGTH);
893
894 /* Begin padding with a 1 bit: */
895 *context->buffer = 0x80;
896 }
897 /* Store the length of input data (in bits): */
898 *(uint64 *) &context->buffer[PG_SHA512_SHORT_BLOCK_LENGTH] = context->bitcount[1];
899 *(uint64 *) &context->buffer[PG_SHA512_SHORT_BLOCK_LENGTH + 8] = context->bitcount[0];
900
901 /* Final transform: */
902 SHA512_Transform(context, context->buffer);
903}
904
905void
906pg_sha512_final(pg_sha512_ctx *context, uint8 *digest)
907{
908 /* If no digest buffer is passed, we don't bother doing this: */
909 if (digest != NULL)
910 {
911 SHA512_Last(context);
912
913 /* Save the hash data for output: */
914#ifndef WORDS_BIGENDIAN
915 {
916 /* Convert TO host byte order */
917 int j;
918
919 for (j = 0; j < 8; j++)
920 {
921 REVERSE64(context->state[j], context->state[j]);
922 }
923 }
924#endif
925 memcpy(digest, context->state, PG_SHA512_DIGEST_LENGTH);
926 }
927
928 /* Zero out state data */
929 memset(context, 0, sizeof(pg_sha512_ctx));
930}
931
932
933/*** SHA-384: *********************************************************/
934void
935pg_sha384_init(pg_sha384_ctx *context)
936{
937 if (context == NULL)
938 return;
939 memcpy(context->state, sha384_initial_hash_value, PG_SHA512_DIGEST_LENGTH);
940 memset(context->buffer, 0, PG_SHA384_BLOCK_LENGTH);
941 context->bitcount[0] = context->bitcount[1] = 0;
942}
943
944void
945pg_sha384_update(pg_sha384_ctx *context, const uint8 *data, size_t len)
946{
947 pg_sha512_update((pg_sha512_ctx *) context, data, len);
948}
949
950void
951pg_sha384_final(pg_sha384_ctx *context, uint8 *digest)
952{
953 /* If no digest buffer is passed, we don't bother doing this: */
954 if (digest != NULL)
955 {
956 SHA512_Last((pg_sha512_ctx *) context);
957
958 /* Save the hash data for output: */
959#ifndef WORDS_BIGENDIAN
960 {
961 /* Convert TO host byte order */
962 int j;
963
964 for (j = 0; j < 6; j++)
965 {
966 REVERSE64(context->state[j], context->state[j]);
967 }
968 }
969#endif
970 memcpy(digest, context->state, PG_SHA384_DIGEST_LENGTH);
971 }
972
973 /* Zero out state data */
974 memset(context, 0, sizeof(pg_sha384_ctx));
975}
976
977/*** SHA-224: *********************************************************/
978void
979pg_sha224_init(pg_sha224_ctx *context)
980{
981 if (context == NULL)
982 return;
983 memcpy(context->state, sha224_initial_hash_value, PG_SHA256_DIGEST_LENGTH);
984 memset(context->buffer, 0, PG_SHA256_BLOCK_LENGTH);
985 context->bitcount = 0;
986}
987
988void
989pg_sha224_update(pg_sha224_ctx *context, const uint8 *data, size_t len)
990{
991 pg_sha256_update((pg_sha256_ctx *) context, data, len);
992}
993
994void
995pg_sha224_final(pg_sha224_ctx *context, uint8 *digest)
996{
997 /* If no digest buffer is passed, we don't bother doing this: */
998 if (digest != NULL)
999 {
1000 SHA256_Last(context);
1001
1002#ifndef WORDS_BIGENDIAN
1003 {
1004 /* Convert TO host byte order */
1005 int j;
1006
1007 for (j = 0; j < 8; j++)
1008 {
1009 REVERSE32(context->state[j], context->state[j]);
1010 }
1011 }
1012#endif
1013 memcpy(digest, context->state, PG_SHA224_DIGEST_LENGTH);
1014 }
1015
1016 /* Clean up state data: */
1017 memset(context, 0, sizeof(pg_sha224_ctx));
1018}
uint8
uint8_t uint8
Definition c.h:622
uint64
uint64_t uint64
Definition c.h:625
uint32
uint32_t uint32
Definition c.h:624
memcpy
memcpy(sums, checksumBaseOffsets, sizeof(checksumBaseOffsets))
b
int b
Definition isn.c:74
a
int a
Definition isn.c:73
j
int j
Definition isn.c:78
len
const void size_t len
Definition pg_crc32c_sse42.c:31
data
const void * data
Definition pg_crc32c_sse42.c:30
postgres_fe.h
c
char * c
Definition preproc-cursor.c:31
e
e
Definition preproc-init.c:82
fb
static int fb(int x)
Definition preproc-init.c:92
s1
char * s1
Definition preproc-strings.c:46
pg_sha512_final
void pg_sha512_final(pg_sha512_ctx *context, uint8 *digest)
Definition sha2.c:906
Sigma0_512
#define Sigma0_512(x)
Definition sha2.c:149
sha224_initial_hash_value
static const uint32 sha224_initial_hash_value[8]
Definition sha2.c:186
sha256_initial_hash_value
static const uint32 sha256_initial_hash_value[8]
Definition sha2.c:198
sha384_initial_hash_value
static const uint64 sha384_initial_hash_value[8]
Definition sha2.c:254
pg_sha384_init
void pg_sha384_init(pg_sha384_ctx *context)
Definition sha2.c:935
Sigma0_256
#define Sigma0_256(x)
Definition sha2.c:143
PG_SHA512_SHORT_BLOCK_LENGTH
#define PG_SHA512_SHORT_BLOCK_LENGTH
Definition sha2.c:91
pg_sha256_init
void pg_sha256_init(pg_sha256_ctx *context)
Definition sha2.c:280
K512
static const uint64 K512[80]
Definition sha2.c:210
K256
static const uint32 K256[64]
Definition sha2.c:166
ADDINC128
#define ADDINC128(w, n)
Definition sha2.c:115
Maj
#define Maj(x, y, z)
Definition sha2.c:140
sigma0_512
#define sigma0_512(x)
Definition sha2.c:151
pg_sha512_update
void pg_sha512_update(pg_sha512_ctx *context, const uint8 *data, size_t len)
Definition sha2.c:803
pg_sha224_update
void pg_sha224_update(pg_sha224_ctx *context, const uint8 *data, size_t len)
Definition sha2.c:989
REVERSE64
#define REVERSE64(w, x)
Definition sha2.c:100
pg_sha512_init
void pg_sha512_init(pg_sha512_ctx *context)
Definition sha2.c:606
Sigma1_512
#define Sigma1_512(x)
Definition sha2.c:150
sigma1_256
#define sigma1_256(x)
Definition sha2.c:146
REVERSE32
#define REVERSE32(w, x)
Definition sha2.c:95
SHA512_Last
static void SHA512_Last(pg_sha512_ctx *context)
Definition sha2.c:856
pg_sha224_init
void pg_sha224_init(pg_sha224_ctx *context)
Definition sha2.c:979
pg_sha256_final
void pg_sha256_final(pg_sha256_ctx *context, uint8 *digest)
Definition sha2.c:578
SHA256_Last
static void SHA256_Last(pg_sha256_ctx *context)
Definition sha2.c:530
pg_sha224_final
void pg_sha224_final(pg_sha224_ctx *context, uint8 *digest)
Definition sha2.c:995
Sigma1_256
#define Sigma1_256(x)
Definition sha2.c:144
pg_sha384_final
void pg_sha384_final(pg_sha384_ctx *context, uint8 *digest)
Definition sha2.c:951
Ch
#define Ch(x, y, z)
Definition sha2.c:139
pg_sha384_update
void pg_sha384_update(pg_sha384_ctx *context, const uint8 *data, size_t len)
Definition sha2.c:945
sigma1_512
#define sigma1_512(x)
Definition sha2.c:152
sha512_initial_hash_value
static const uint64 sha512_initial_hash_value[8]
Definition sha2.c:266
pg_sha256_update
void pg_sha256_update(pg_sha256_ctx *context, const uint8 *data, size_t len)
Definition sha2.c:477
SHA512_Transform
static void SHA512_Transform(pg_sha512_ctx *context, const uint8 *data)
Definition sha2.c:713
SHA256_Transform
static void SHA256_Transform(pg_sha256_ctx *context, const uint8 *data)
Definition sha2.c:387
PG_SHA256_SHORT_BLOCK_LENGTH
#define PG_SHA256_SHORT_BLOCK_LENGTH
Definition sha2.c:89
sigma0_256
#define sigma0_256(x)
Definition sha2.c:145
PG_SHA256_DIGEST_LENGTH
#define PG_SHA256_DIGEST_LENGTH
Definition sha2.h:23
PG_SHA384_BLOCK_LENGTH
#define PG_SHA384_BLOCK_LENGTH
Definition sha2.h:25
PG_SHA384_DIGEST_LENGTH
#define PG_SHA384_DIGEST_LENGTH
Definition sha2.h:26
PG_SHA512_DIGEST_LENGTH
#define PG_SHA512_DIGEST_LENGTH
Definition sha2.h:29
PG_SHA256_BLOCK_LENGTH
#define PG_SHA256_BLOCK_LENGTH
Definition sha2.h:22
PG_SHA512_BLOCK_LENGTH
#define PG_SHA512_BLOCK_LENGTH
Definition sha2.h:28
PG_SHA224_DIGEST_LENGTH
#define PG_SHA224_DIGEST_LENGTH
Definition sha2.h:20
sha2_int.h
pg_sha256_ctx
Definition sha2_int.h:56
pg_sha256_ctx::buffer
uint8 buffer[PG_SHA256_BLOCK_LENGTH]
Definition sha2_int.h:59
pg_sha256_ctx::state
uint32 state[8]
Definition sha2_int.h:57
pg_sha256_ctx::bitcount
uint64 bitcount
Definition sha2_int.h:58
pg_sha512_ctx
Definition sha2_int.h:62
pg_sha512_ctx::state
uint64 state[8]
Definition sha2_int.h:63
pg_sha512_ctx::buffer
uint8 buffer[PG_SHA512_BLOCK_LENGTH]
Definition sha2_int.h:65
pg_sha512_ctx::bitcount
uint64 bitcount[2]
Definition sha2_int.h:64