1 /*
2 +----------------------------------------------------------------------+
3 | PHP Version 7 |
4 +----------------------------------------------------------------------+
5 | Copyright (c) 1997-2018 The PHP Group |
6 +----------------------------------------------------------------------+
7 | This source file is subject to version 3.01 of the PHP license, |
8 | that is bundled with this package in the file LICENSE, and is |
9 | available through the world-wide-web at the following url: |
10 | http://www.php.net/license/3_01.txt |
11 | If you did not receive a copy of the PHP license and are unable to |
12 | obtain it through the world-wide-web, please send a note to |
13 | license@php.net so we can mail you a copy immediately. |
14 +----------------------------------------------------------------------+
15 | Authors: Steffan Esser <sesser@php.net> |
16 | Sara Golemon <pollita@php.net> |
17 +----------------------------------------------------------------------+
18 */
19
20 /* $Id$ */
21
22 #include "php_hash.h"
23 #include "php_hash_sha.h"
24
25 static const unsigned char PADDING[128] =
26 {
27 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
28 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
29 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
30 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
31 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
32 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
33 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
34 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
35 };
36
37 /* {{{ SHAEncode32
38 Encodes input (uint32_t) into output (unsigned char). Assumes len is
39 a multiple of 4.
40 */
SHAEncode32(unsigned char * output,uint32_t * input,unsigned int len)41 static void SHAEncode32(unsigned char *output, uint32_t *input, unsigned int len)
42 {
43 unsigned int i, j;
44
45 for (i = 0, j = 0; j < len; i++, j += 4) {
46 output[j] = (unsigned char) ((input[i] >> 24) & 0xff);
47 output[j + 1] = (unsigned char) ((input[i] >> 16) & 0xff);
48 output[j + 2] = (unsigned char) ((input[i] >> 8) & 0xff);
49 output[j + 3] = (unsigned char) (input[i] & 0xff);
50 }
51 }
52 /* }}} */
53
54
55 /* {{{ SHADecode32
56 Decodes input (unsigned char) into output (uint32_t). Assumes len is
57 a multiple of 4.
58 */
SHADecode32(uint32_t * output,const unsigned char * input,unsigned int len)59 static void SHADecode32(uint32_t *output, const unsigned char *input, unsigned int len)
60 {
61 unsigned int i, j;
62
63 for (i = 0, j = 0; j < len; i++, j += 4)
64 output[i] = ((uint32_t) input[j + 3]) | (((uint32_t) input[j + 2]) << 8) |
65 (((uint32_t) input[j + 1]) << 16) | (((uint32_t) input[j]) << 24);
66 }
67 /* }}} */
68
69 const php_hash_ops php_hash_sha1_ops = {
70 (php_hash_init_func_t) PHP_SHA1Init,
71 (php_hash_update_func_t) PHP_SHA1Update,
72 (php_hash_final_func_t) PHP_SHA1Final,
73 (php_hash_copy_func_t) php_hash_copy,
74 20,
75 64,
76 sizeof(PHP_SHA1_CTX),
77 1
78 };
79
80 #ifdef PHP_HASH_SHA1_NOT_IN_CORE
81
make_sha1_digest(char * sha1str,unsigned char * digest)82 PHP_HASH_API void make_sha1_digest(char *sha1str, unsigned char *digest)
83 {
84 php_hash_bin2hex(sha1str, digest, 20);
85 sha1str[40] = '\0';
86 }
87
88 /* {{{ proto string sha1(string str [, bool raw_output])
89 Calculate the sha1 hash of a string */
PHP_FUNCTION(sha1)90 PHP_FUNCTION(sha1)
91 {
92 char *arg;
93 size_t arg_len;
94 zend_bool raw_output = 0;
95 char sha1str[41];
96 PHP_SHA1_CTX context;
97 unsigned char digest[20];
98
99 if (zend_parse_parameters(ZEND_NUM_ARGS(), "s|b", &arg, &arg_len, &raw_output) == FAILURE) {
100 return;
101 }
102
103 sha1str[0] = '\0';
104 PHP_SHA1Init(&context);
105 PHP_SHA1Update(&context, arg, arg_len);
106 PHP_SHA1Final(digest, &context);
107 if (raw_output) {
108 RETURN_STRINGL(digest, 20);
109 } else {
110 make_sha1_digest(sha1str, digest);
111 RETVAL_STRING(sha1str);
112 }
113
114 }
115
116 /* }}} */
117
118 /* {{{ proto string sha1_file(string filename [, bool raw_output])
119 Calculate the sha1 hash of given filename */
PHP_FUNCTION(sha1_file)120 PHP_FUNCTION(sha1_file)
121 {
122 char *arg;
123 size_t arg_len;
124 zend_bool raw_output = 0;
125 char sha1str[41];
126 unsigned char buf[1024];
127 unsigned char digest[20];
128 PHP_SHA1_CTX context;
129 int n;
130 php_stream *stream;
131
132 if (zend_parse_parameters(ZEND_NUM_ARGS(), "p|b", &arg, &arg_len, &raw_output) == FAILURE) {
133 return;
134 }
135
136 stream = php_stream_open_wrapper(arg, "rb", REPORT_ERRORS, NULL);
137 if (!stream) {
138 RETURN_FALSE;
139 }
140
141 PHP_SHA1Init(&context);
142
143 while ((n = php_stream_read(stream, buf, sizeof(buf))) > 0) {
144 PHP_SHA1Update(&context, buf, n);
145 }
146
147 PHP_SHA1Final(digest, &context);
148
149 php_stream_close(stream);
150
151 if (n<0) {
152 RETURN_FALSE;
153 }
154
155 if (raw_output) {
156 RETURN_STRINGL(digest, 20);
157 } else {
158 make_sha1_digest(sha1str, digest);
159 RETVAL_STRING(sha1str);
160 }
161 }
162 /* }}} */
163
164 /* F, G, H and I are basic SHA1 functions.
165 */
166 #define F(x, y, z) ((z) ^ ((x) & ((y) ^ (z))))
167 #define G(x, y, z) ((x) ^ (y) ^ (z))
168 #define H(x, y, z) (((x) & (y)) | ((z) & ((x) | (y))))
169 #define I(x, y, z) ((x) ^ (y) ^ (z))
170
171 /* ROTATE_LEFT rotates x left n bits.
172 */
173 #define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32-(n))))
174
175 /* W[i]
176 */
177 #define W(i) ( tmp=x[(i-3)&15]^x[(i-8)&15]^x[(i-14)&15]^x[i&15], \
178 (x[i&15]=ROTATE_LEFT(tmp, 1)) )
179
180 /* FF, GG, HH, and II transformations for rounds 1, 2, 3, and 4.
181 */
182 #define FF(a, b, c, d, e, w) { \
183 (e) += F ((b), (c), (d)) + (w) + (uint32_t)(0x5A827999); \
184 (e) += ROTATE_LEFT ((a), 5); \
185 (b) = ROTATE_LEFT((b), 30); \
186 }
187 #define GG(a, b, c, d, e, w) { \
188 (e) += G ((b), (c), (d)) + (w) + (uint32_t)(0x6ED9EBA1); \
189 (e) += ROTATE_LEFT ((a), 5); \
190 (b) = ROTATE_LEFT((b), 30); \
191 }
192 #define HH(a, b, c, d, e, w) { \
193 (e) += H ((b), (c), (d)) + (w) + (uint32_t)(0x8F1BBCDC); \
194 (e) += ROTATE_LEFT ((a), 5); \
195 (b) = ROTATE_LEFT((b), 30); \
196 }
197 #define II(a, b, c, d, e, w) { \
198 (e) += I ((b), (c), (d)) + (w) + (uint32_t)(0xCA62C1D6); \
199 (e) += ROTATE_LEFT ((a), 5); \
200 (b) = ROTATE_LEFT((b), 30); \
201 }
202
203
204 /* {{{ PHP_SHA1Init
205 * SHA1 initialization. Begins an SHA1 operation, writing a new context.
206 */
PHP_SHA1Init(PHP_SHA1_CTX * context)207 PHP_HASH_API void PHP_SHA1Init(PHP_SHA1_CTX * context)
208 {
209 context->count[0] = context->count[1] = 0;
210 /* Load magic initialization constants.
211 */
212 context->state[0] = 0x67452301;
213 context->state[1] = 0xefcdab89;
214 context->state[2] = 0x98badcfe;
215 context->state[3] = 0x10325476;
216 context->state[4] = 0xc3d2e1f0;
217 }
218 /* }}} */
219
220 /* {{{ SHA1Transform
221 * SHA1 basic transformation. Transforms state based on block.
222 */
SHA1Transform(uint32_t state[5],const unsigned char block[64])223 static void SHA1Transform(uint32_t state[5], const unsigned char block[64])
224 {
225 uint32_t a = state[0], b = state[1], c = state[2];
226 uint32_t d = state[3], e = state[4], x[16], tmp;
227
228 SHADecode32(x, block, 64);
229
230 /* Round 1 */
231 FF(a, b, c, d, e, x[0]); /* 1 */
232 FF(e, a, b, c, d, x[1]); /* 2 */
233 FF(d, e, a, b, c, x[2]); /* 3 */
234 FF(c, d, e, a, b, x[3]); /* 4 */
235 FF(b, c, d, e, a, x[4]); /* 5 */
236 FF(a, b, c, d, e, x[5]); /* 6 */
237 FF(e, a, b, c, d, x[6]); /* 7 */
238 FF(d, e, a, b, c, x[7]); /* 8 */
239 FF(c, d, e, a, b, x[8]); /* 9 */
240 FF(b, c, d, e, a, x[9]); /* 10 */
241 FF(a, b, c, d, e, x[10]); /* 11 */
242 FF(e, a, b, c, d, x[11]); /* 12 */
243 FF(d, e, a, b, c, x[12]); /* 13 */
244 FF(c, d, e, a, b, x[13]); /* 14 */
245 FF(b, c, d, e, a, x[14]); /* 15 */
246 FF(a, b, c, d, e, x[15]); /* 16 */
247 FF(e, a, b, c, d, W(16)); /* 17 */
248 FF(d, e, a, b, c, W(17)); /* 18 */
249 FF(c, d, e, a, b, W(18)); /* 19 */
250 FF(b, c, d, e, a, W(19)); /* 20 */
251
252 /* Round 2 */
253 GG(a, b, c, d, e, W(20)); /* 21 */
254 GG(e, a, b, c, d, W(21)); /* 22 */
255 GG(d, e, a, b, c, W(22)); /* 23 */
256 GG(c, d, e, a, b, W(23)); /* 24 */
257 GG(b, c, d, e, a, W(24)); /* 25 */
258 GG(a, b, c, d, e, W(25)); /* 26 */
259 GG(e, a, b, c, d, W(26)); /* 27 */
260 GG(d, e, a, b, c, W(27)); /* 28 */
261 GG(c, d, e, a, b, W(28)); /* 29 */
262 GG(b, c, d, e, a, W(29)); /* 30 */
263 GG(a, b, c, d, e, W(30)); /* 31 */
264 GG(e, a, b, c, d, W(31)); /* 32 */
265 GG(d, e, a, b, c, W(32)); /* 33 */
266 GG(c, d, e, a, b, W(33)); /* 34 */
267 GG(b, c, d, e, a, W(34)); /* 35 */
268 GG(a, b, c, d, e, W(35)); /* 36 */
269 GG(e, a, b, c, d, W(36)); /* 37 */
270 GG(d, e, a, b, c, W(37)); /* 38 */
271 GG(c, d, e, a, b, W(38)); /* 39 */
272 GG(b, c, d, e, a, W(39)); /* 40 */
273
274 /* Round 3 */
275 HH(a, b, c, d, e, W(40)); /* 41 */
276 HH(e, a, b, c, d, W(41)); /* 42 */
277 HH(d, e, a, b, c, W(42)); /* 43 */
278 HH(c, d, e, a, b, W(43)); /* 44 */
279 HH(b, c, d, e, a, W(44)); /* 45 */
280 HH(a, b, c, d, e, W(45)); /* 46 */
281 HH(e, a, b, c, d, W(46)); /* 47 */
282 HH(d, e, a, b, c, W(47)); /* 48 */
283 HH(c, d, e, a, b, W(48)); /* 49 */
284 HH(b, c, d, e, a, W(49)); /* 50 */
285 HH(a, b, c, d, e, W(50)); /* 51 */
286 HH(e, a, b, c, d, W(51)); /* 52 */
287 HH(d, e, a, b, c, W(52)); /* 53 */
288 HH(c, d, e, a, b, W(53)); /* 54 */
289 HH(b, c, d, e, a, W(54)); /* 55 */
290 HH(a, b, c, d, e, W(55)); /* 56 */
291 HH(e, a, b, c, d, W(56)); /* 57 */
292 HH(d, e, a, b, c, W(57)); /* 58 */
293 HH(c, d, e, a, b, W(58)); /* 59 */
294 HH(b, c, d, e, a, W(59)); /* 60 */
295
296 /* Round 4 */
297 II(a, b, c, d, e, W(60)); /* 61 */
298 II(e, a, b, c, d, W(61)); /* 62 */
299 II(d, e, a, b, c, W(62)); /* 63 */
300 II(c, d, e, a, b, W(63)); /* 64 */
301 II(b, c, d, e, a, W(64)); /* 65 */
302 II(a, b, c, d, e, W(65)); /* 66 */
303 II(e, a, b, c, d, W(66)); /* 67 */
304 II(d, e, a, b, c, W(67)); /* 68 */
305 II(c, d, e, a, b, W(68)); /* 69 */
306 II(b, c, d, e, a, W(69)); /* 70 */
307 II(a, b, c, d, e, W(70)); /* 71 */
308 II(e, a, b, c, d, W(71)); /* 72 */
309 II(d, e, a, b, c, W(72)); /* 73 */
310 II(c, d, e, a, b, W(73)); /* 74 */
311 II(b, c, d, e, a, W(74)); /* 75 */
312 II(a, b, c, d, e, W(75)); /* 76 */
313 II(e, a, b, c, d, W(76)); /* 77 */
314 II(d, e, a, b, c, W(77)); /* 78 */
315 II(c, d, e, a, b, W(78)); /* 79 */
316 II(b, c, d, e, a, W(79)); /* 80 */
317
318 state[0] += a;
319 state[1] += b;
320 state[2] += c;
321 state[3] += d;
322 state[4] += e;
323
324 /* Zeroize sensitive information. */
325 ZEND_SECURE_ZERO((unsigned char*) x, sizeof(x));
326 }
327 /* }}} */
328
329 /* {{{ PHP_SHA1Update
330 SHA1 block update operation. Continues an SHA1 message-digest
331 operation, processing another message block, and updating the
332 context.
333 */
PHP_SHA1Update(PHP_SHA1_CTX * context,const unsigned char * input,unsigned int inputLen)334 PHP_HASH_API void PHP_SHA1Update(PHP_SHA1_CTX * context, const unsigned char *input,
335 unsigned int inputLen)
336 {
337 unsigned int i, index, partLen;
338
339 /* Compute number of bytes mod 64 */
340 index = (unsigned int) ((context->count[0] >> 3) & 0x3F);
341
342 /* Update number of bits */
343 if ((context->count[0] += ((uint32_t) inputLen << 3))
344 < ((uint32_t) inputLen << 3))
345 context->count[1]++;
346 context->count[1] += ((uint32_t) inputLen >> 29);
347
348 partLen = 64 - index;
349
350 /* Transform as many times as possible.
351 */
352 if (inputLen >= partLen) {
353 memcpy
354 ((unsigned char*) & context->buffer[index], (unsigned char*) input, partLen);
355 SHA1Transform(context->state, context->buffer);
356
357 for (i = partLen; i + 63 < inputLen; i += 64)
358 SHA1Transform(context->state, &input[i]);
359
360 index = 0;
361 } else
362 i = 0;
363
364 /* Buffer remaining input */
365 memcpy
366 ((unsigned char*) & context->buffer[index], (unsigned char*) & input[i],
367 inputLen - i);
368 }
369 /* }}} */
370
371 /* {{{ PHP_SHA1Final
372 SHA1 finalization. Ends an SHA1 message-digest operation, writing the
373 the message digest and zeroizing the context.
374 */
PHP_SHA1Final(unsigned char digest[20],PHP_SHA1_CTX * context)375 PHP_HASH_API void PHP_SHA1Final(unsigned char digest[20], PHP_SHA1_CTX * context)
376 {
377 unsigned char bits[8];
378 unsigned int index, padLen;
379
380 /* Save number of bits */
381 bits[7] = context->count[0] & 0xFF;
382 bits[6] = (context->count[0] >> 8) & 0xFF;
383 bits[5] = (context->count[0] >> 16) & 0xFF;
384 bits[4] = (context->count[0] >> 24) & 0xFF;
385 bits[3] = context->count[1] & 0xFF;
386 bits[2] = (context->count[1] >> 8) & 0xFF;
387 bits[1] = (context->count[1] >> 16) & 0xFF;
388 bits[0] = (context->count[1] >> 24) & 0xFF;
389
390 /* Pad out to 56 mod 64.
391 */
392 index = (unsigned int) ((context->count[0] >> 3) & 0x3f);
393 padLen = (index < 56) ? (56 - index) : (120 - index);
394 PHP_SHA1Update(context, PADDING, padLen);
395
396 /* Append length (before padding) */
397 PHP_SHA1Update(context, bits, 8);
398
399 /* Store state in digest */
400 SHAEncode32(digest, context->state, 20);
401
402 /* Zeroize sensitive information.
403 */
404 ZEND_SECURE_ZERO((unsigned char*) context, sizeof(*context));
405 }
406 /* }}} */
407
408 #endif /* PHP_HASH_SHA1_NOT_IN_CORE */
409
410 /* sha224/sha256 */
411
412 const php_hash_ops php_hash_sha256_ops = {
413 (php_hash_init_func_t) PHP_SHA256Init,
414 (php_hash_update_func_t) PHP_SHA256Update,
415 (php_hash_final_func_t) PHP_SHA256Final,
416 (php_hash_copy_func_t) php_hash_copy,
417 32,
418 64,
419 sizeof(PHP_SHA256_CTX),
420 1
421 };
422
423 const php_hash_ops php_hash_sha224_ops = {
424 (php_hash_init_func_t) PHP_SHA224Init,
425 (php_hash_update_func_t) PHP_SHA224Update,
426 (php_hash_final_func_t) PHP_SHA224Final,
427 (php_hash_copy_func_t) php_hash_copy,
428 28,
429 64,
430 sizeof(PHP_SHA224_CTX),
431 1
432 };
433
434 #define ROTR32(b,x) ((x >> b) | (x << (32 - b)))
435 #define ROTR64(b,x) ((x >> b) | (x << (64 - b)))
436 #define SHR(b, x) (x >> b)
437
438 /* Ch */
439 #define SHA256_F0(x,y,z) (((x) & (y)) ^ ((~(x)) & (z)))
440 /* Maj */
441 #define SHA256_F1(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
442 /* SUM0 */
443 #define SHA256_F2(x) (ROTR32( 2,(x)) ^ ROTR32(13,(x)) ^ ROTR32(22,(x)))
444 /* SUM1 */
445 #define SHA256_F3(x) (ROTR32( 6,(x)) ^ ROTR32(11,(x)) ^ ROTR32(25,(x)))
446 /* OM0 */
447 #define SHA256_F4(x) (ROTR32( 7,(x)) ^ ROTR32(18,(x)) ^ SHR( 3,(x)))
448 /* OM1 */
449 #define SHA256_F5(x) (ROTR32(17,(x)) ^ ROTR32(19,(x)) ^ SHR(10,(x)))
450
451 static const uint32_t SHA256_K[64] = {
452 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
453 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
454 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
455 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
456 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
457 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
458 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
459 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2 };
460
461 /* {{{ PHP_SHA256Init
462 * SHA256 initialization. Begins an SHA256 operation, writing a new context.
463 */
PHP_SHA256Init(PHP_SHA256_CTX * context)464 PHP_HASH_API void PHP_SHA256Init(PHP_SHA256_CTX * context)
465 {
466 context->count[0] = context->count[1] = 0;
467 /* Load magic initialization constants.
468 */
469 context->state[0] = 0x6a09e667;
470 context->state[1] = 0xbb67ae85;
471 context->state[2] = 0x3c6ef372;
472 context->state[3] = 0xa54ff53a;
473 context->state[4] = 0x510e527f;
474 context->state[5] = 0x9b05688c;
475 context->state[6] = 0x1f83d9ab;
476 context->state[7] = 0x5be0cd19;
477 }
478 /* }}} */
479
480 /* {{{ SHA256Transform
481 * SHA256 basic transformation. Transforms state based on block.
482 */
SHA256Transform(uint32_t state[8],const unsigned char block[64])483 static void SHA256Transform(uint32_t state[8], const unsigned char block[64])
484 {
485 uint32_t a = state[0], b = state[1], c = state[2], d = state[3];
486 uint32_t e = state[4], f = state[5], g = state[6], h = state[7];
487 uint32_t x[16], T1, T2, W[64];
488 int i;
489
490 SHADecode32(x, block, 64);
491
492 /* Schedule */
493 for(i = 0; i < 16; i++) {
494 W[i] = x[i];
495 }
496 for(i = 16; i < 64; i++) {
497 W[i] = SHA256_F5(W[i-2]) + W[i-7] + SHA256_F4(W[i-15]) + W[i-16];
498 }
499
500 for (i = 0; i < 64; i++) {
501 T1 = h + SHA256_F3(e) + SHA256_F0(e,f,g) + SHA256_K[i] + W[i];
502 T2 = SHA256_F2(a) + SHA256_F1(a,b,c);
503 h = g; g = f; f = e; e = d + T1;
504 d = c; c = b; b = a; a = T1 + T2;
505 }
506
507 state[0] += a;
508 state[1] += b;
509 state[2] += c;
510 state[3] += d;
511 state[4] += e;
512 state[5] += f;
513 state[6] += g;
514 state[7] += h;
515
516 /* Zeroize sensitive information. */
517 ZEND_SECURE_ZERO((unsigned char*) x, sizeof(x));
518 }
519 /* }}} */
520
521 /* {{{ PHP_SHA224Init
522 * SHA224 initialization. Begins an SHA224 operation, writing a new context.
523 */
PHP_SHA224Init(PHP_SHA224_CTX * context)524 PHP_HASH_API void PHP_SHA224Init(PHP_SHA224_CTX * context)
525 {
526 context->count[0] = context->count[1] = 0;
527 /* Load magic initialization constants.
528 */
529 context->state[0] = 0xc1059ed8;
530 context->state[1] = 0x367cd507;
531 context->state[2] = 0x3070dd17;
532 context->state[3] = 0xf70e5939;
533 context->state[4] = 0xffc00b31;
534 context->state[5] = 0x68581511;
535 context->state[6] = 0x64f98fa7;
536 context->state[7] = 0xbefa4fa4;
537 }
538 /* }}} */
539
540 /* {{{ PHP_SHA224Update
541 SHA224 block update operation. Continues an SHA224 message-digest
542 operation, processing another message block, and updating the
543 context.
544 */
PHP_SHA224Update(PHP_SHA224_CTX * context,const unsigned char * input,unsigned int inputLen)545 PHP_HASH_API void PHP_SHA224Update(PHP_SHA224_CTX * context, const unsigned char *input, unsigned int inputLen)
546 {
547 unsigned int i, index, partLen;
548
549 /* Compute number of bytes mod 64 */
550 index = (unsigned int) ((context->count[0] >> 3) & 0x3F);
551
552 /* Update number of bits */
553 if ((context->count[0] += ((uint32_t) inputLen << 3)) < ((uint32_t) inputLen << 3)) {
554 context->count[1]++;
555 }
556 context->count[1] += ((uint32_t) inputLen >> 29);
557
558 partLen = 64 - index;
559
560 /* Transform as many times as possible.
561 */
562 if (inputLen >= partLen) {
563 memcpy((unsigned char*) & context->buffer[index], (unsigned char*) input, partLen);
564 SHA256Transform(context->state, context->buffer);
565
566 for (i = partLen; i + 63 < inputLen; i += 64) {
567 SHA256Transform(context->state, &input[i]);
568 }
569
570 index = 0;
571 } else {
572 i = 0;
573 }
574
575 /* Buffer remaining input */
576 memcpy((unsigned char*) & context->buffer[index], (unsigned char*) & input[i], inputLen - i);
577 }
578 /* }}} */
579
580 /* {{{ PHP_SHA224Final
581 SHA224 finalization. Ends an SHA224 message-digest operation, writing the
582 the message digest and zeroizing the context.
583 */
PHP_SHA224Final(unsigned char digest[28],PHP_SHA224_CTX * context)584 PHP_HASH_API void PHP_SHA224Final(unsigned char digest[28], PHP_SHA224_CTX * context)
585 {
586 unsigned char bits[8];
587 unsigned int index, padLen;
588
589 /* Save number of bits */
590 bits[7] = (unsigned char) (context->count[0] & 0xFF);
591 bits[6] = (unsigned char) ((context->count[0] >> 8) & 0xFF);
592 bits[5] = (unsigned char) ((context->count[0] >> 16) & 0xFF);
593 bits[4] = (unsigned char) ((context->count[0] >> 24) & 0xFF);
594 bits[3] = (unsigned char) (context->count[1] & 0xFF);
595 bits[2] = (unsigned char) ((context->count[1] >> 8) & 0xFF);
596 bits[1] = (unsigned char) ((context->count[1] >> 16) & 0xFF);
597 bits[0] = (unsigned char) ((context->count[1] >> 24) & 0xFF);
598
599 /* Pad out to 56 mod 64.
600 */
601 index = (unsigned int) ((context->count[0] >> 3) & 0x3f);
602 padLen = (index < 56) ? (56 - index) : (120 - index);
603 PHP_SHA224Update(context, PADDING, padLen);
604
605 /* Append length (before padding) */
606 PHP_SHA224Update(context, bits, 8);
607
608 /* Store state in digest */
609 SHAEncode32(digest, context->state, 28);
610
611 /* Zeroize sensitive information.
612 */
613 ZEND_SECURE_ZERO((unsigned char*) context, sizeof(*context));
614 }
615 /* }}} */
616
617 /* {{{ PHP_SHA256Update
618 SHA256 block update operation. Continues an SHA256 message-digest
619 operation, processing another message block, and updating the
620 context.
621 */
PHP_SHA256Update(PHP_SHA256_CTX * context,const unsigned char * input,unsigned int inputLen)622 PHP_HASH_API void PHP_SHA256Update(PHP_SHA256_CTX * context, const unsigned char *input, unsigned int inputLen)
623 {
624 unsigned int i, index, partLen;
625
626 /* Compute number of bytes mod 64 */
627 index = (unsigned int) ((context->count[0] >> 3) & 0x3F);
628
629 /* Update number of bits */
630 if ((context->count[0] += ((uint32_t) inputLen << 3)) < ((uint32_t) inputLen << 3)) {
631 context->count[1]++;
632 }
633 context->count[1] += ((uint32_t) inputLen >> 29);
634
635 partLen = 64 - index;
636
637 /* Transform as many times as possible.
638 */
639 if (inputLen >= partLen) {
640 memcpy((unsigned char*) & context->buffer[index], (unsigned char*) input, partLen);
641 SHA256Transform(context->state, context->buffer);
642
643 for (i = partLen; i + 63 < inputLen; i += 64) {
644 SHA256Transform(context->state, &input[i]);
645 }
646
647 index = 0;
648 } else {
649 i = 0;
650 }
651
652 /* Buffer remaining input */
653 memcpy((unsigned char*) & context->buffer[index], (unsigned char*) & input[i], inputLen - i);
654 }
655 /* }}} */
656
657 /* {{{ PHP_SHA256Final
658 SHA256 finalization. Ends an SHA256 message-digest operation, writing the
659 the message digest and zeroizing the context.
660 */
PHP_SHA256Final(unsigned char digest[32],PHP_SHA256_CTX * context)661 PHP_HASH_API void PHP_SHA256Final(unsigned char digest[32], PHP_SHA256_CTX * context)
662 {
663 unsigned char bits[8];
664 unsigned int index, padLen;
665
666 /* Save number of bits */
667 bits[7] = (unsigned char) (context->count[0] & 0xFF);
668 bits[6] = (unsigned char) ((context->count[0] >> 8) & 0xFF);
669 bits[5] = (unsigned char) ((context->count[0] >> 16) & 0xFF);
670 bits[4] = (unsigned char) ((context->count[0] >> 24) & 0xFF);
671 bits[3] = (unsigned char) (context->count[1] & 0xFF);
672 bits[2] = (unsigned char) ((context->count[1] >> 8) & 0xFF);
673 bits[1] = (unsigned char) ((context->count[1] >> 16) & 0xFF);
674 bits[0] = (unsigned char) ((context->count[1] >> 24) & 0xFF);
675
676 /* Pad out to 56 mod 64.
677 */
678 index = (unsigned int) ((context->count[0] >> 3) & 0x3f);
679 padLen = (index < 56) ? (56 - index) : (120 - index);
680 PHP_SHA256Update(context, PADDING, padLen);
681
682 /* Append length (before padding) */
683 PHP_SHA256Update(context, bits, 8);
684
685 /* Store state in digest */
686 SHAEncode32(digest, context->state, 32);
687
688 /* Zeroize sensitive information.
689 */
690 ZEND_SECURE_ZERO((unsigned char*) context, sizeof(*context));
691 }
692 /* }}} */
693
694 /* sha384/sha512 */
695
696 /* Ch */
697 #define SHA512_F0(x,y,z) (((x) & (y)) ^ ((~(x)) & (z)))
698 /* Maj */
699 #define SHA512_F1(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
700 /* SUM0 */
701 #define SHA512_F2(x) (ROTR64(28, x) ^ ROTR64(34, x) ^ ROTR64(39, x))
702 /* SUM1 */
703 #define SHA512_F3(x) (ROTR64(14, x) ^ ROTR64(18, x) ^ ROTR64(41, x))
704 /* OM0 */
705 #define SHA512_F4(x) (ROTR64( 1, x) ^ ROTR64( 8, x) ^ SHR(7, x))
706 /* OM1 */
707 #define SHA512_F5(x) (ROTR64(19, x) ^ ROTR64(61, x) ^ SHR(6, x))
708
709 static const uint64_t SHA512_K[128] = {
710 L64(0x428a2f98d728ae22), L64(0x7137449123ef65cd), L64(0xb5c0fbcfec4d3b2f), L64(0xe9b5dba58189dbbc),
711 L64(0x3956c25bf348b538), L64(0x59f111f1b605d019), L64(0x923f82a4af194f9b), L64(0xab1c5ed5da6d8118),
712 L64(0xd807aa98a3030242), L64(0x12835b0145706fbe), L64(0x243185be4ee4b28c), L64(0x550c7dc3d5ffb4e2),
713 L64(0x72be5d74f27b896f), L64(0x80deb1fe3b1696b1), L64(0x9bdc06a725c71235), L64(0xc19bf174cf692694),
714 L64(0xe49b69c19ef14ad2), L64(0xefbe4786384f25e3), L64(0x0fc19dc68b8cd5b5), L64(0x240ca1cc77ac9c65),
715 L64(0x2de92c6f592b0275), L64(0x4a7484aa6ea6e483), L64(0x5cb0a9dcbd41fbd4), L64(0x76f988da831153b5),
716 L64(0x983e5152ee66dfab), L64(0xa831c66d2db43210), L64(0xb00327c898fb213f), L64(0xbf597fc7beef0ee4),
717 L64(0xc6e00bf33da88fc2), L64(0xd5a79147930aa725), L64(0x06ca6351e003826f), L64(0x142929670a0e6e70),
718 L64(0x27b70a8546d22ffc), L64(0x2e1b21385c26c926), L64(0x4d2c6dfc5ac42aed), L64(0x53380d139d95b3df),
719 L64(0x650a73548baf63de), L64(0x766a0abb3c77b2a8), L64(0x81c2c92e47edaee6), L64(0x92722c851482353b),
720 L64(0xa2bfe8a14cf10364), L64(0xa81a664bbc423001), L64(0xc24b8b70d0f89791), L64(0xc76c51a30654be30),
721 L64(0xd192e819d6ef5218), L64(0xd69906245565a910), L64(0xf40e35855771202a), L64(0x106aa07032bbd1b8),
722 L64(0x19a4c116b8d2d0c8), L64(0x1e376c085141ab53), L64(0x2748774cdf8eeb99), L64(0x34b0bcb5e19b48a8),
723 L64(0x391c0cb3c5c95a63), L64(0x4ed8aa4ae3418acb), L64(0x5b9cca4f7763e373), L64(0x682e6ff3d6b2b8a3),
724 L64(0x748f82ee5defb2fc), L64(0x78a5636f43172f60), L64(0x84c87814a1f0ab72), L64(0x8cc702081a6439ec),
725 L64(0x90befffa23631e28), L64(0xa4506cebde82bde9), L64(0xbef9a3f7b2c67915), L64(0xc67178f2e372532b),
726 L64(0xca273eceea26619c), L64(0xd186b8c721c0c207), L64(0xeada7dd6cde0eb1e), L64(0xf57d4f7fee6ed178),
727 L64(0x06f067aa72176fba), L64(0x0a637dc5a2c898a6), L64(0x113f9804bef90dae), L64(0x1b710b35131c471b),
728 L64(0x28db77f523047d84), L64(0x32caab7b40c72493), L64(0x3c9ebe0a15c9bebc), L64(0x431d67c49c100d4c),
729 L64(0x4cc5d4becb3e42b6), L64(0x597f299cfc657e2a), L64(0x5fcb6fab3ad6faec), L64(0x6c44198c4a475817) };
730
731 /* {{{ SHAEncode64
732 Encodes input (uint64_t) into output (unsigned char). Assumes len is
733 a multiple of 8.
734 */
SHAEncode64(unsigned char * output,uint64_t * input,unsigned int len)735 static void SHAEncode64(unsigned char *output, uint64_t *input, unsigned int len)
736 {
737 unsigned int i, j;
738
739 for (i = 0, j = 0; j < len; i++, j += 8) {
740 output[j] = (unsigned char) ((input[i] >> 56) & 0xff);
741 output[j + 1] = (unsigned char) ((input[i] >> 48) & 0xff);
742 output[j + 2] = (unsigned char) ((input[i] >> 40) & 0xff);
743 output[j + 3] = (unsigned char) ((input[i] >> 32) & 0xff);
744 output[j + 4] = (unsigned char) ((input[i] >> 24) & 0xff);
745 output[j + 5] = (unsigned char) ((input[i] >> 16) & 0xff);
746 output[j + 6] = (unsigned char) ((input[i] >> 8) & 0xff);
747 output[j + 7] = (unsigned char) (input[i] & 0xff);
748 }
749 }
750 /* }}} */
751
752
753 /* {{{ SHADecode64
754 Decodes input (unsigned char) into output (uint64_t). Assumes len is
755 a multiple of 8.
756 */
SHADecode64(uint64_t * output,const unsigned char * input,unsigned int len)757 static void SHADecode64(uint64_t *output, const unsigned char *input, unsigned int len)
758 {
759 unsigned int i, j;
760
761 for (i = 0, j = 0; j < len; i++, j += 8)
762 output[i] =
763 ((uint64_t) input[j + 7]) | (((uint64_t) input[j + 6]) << 8) |
764 (((uint64_t) input[j + 5]) << 16) | (((uint64_t) input[j + 4]) << 24) |
765 (((uint64_t) input[j + 3]) << 32) | (((uint64_t) input[j + 2]) << 40) |
766 (((uint64_t) input[j + 1]) << 48) | (((uint64_t) input[j]) << 56);
767 }
768 /* }}} */
769
770 /* {{{ PHP_SHA384Init
771 * SHA384 initialization. Begins an SHA384 operation, writing a new context.
772 */
PHP_SHA384Init(PHP_SHA384_CTX * context)773 PHP_HASH_API void PHP_SHA384Init(PHP_SHA384_CTX * context)
774 {
775 context->count[0] = context->count[1] = 0;
776 /* Load magic initialization constants.
777 */
778 context->state[0] = L64(0xcbbb9d5dc1059ed8);
779 context->state[1] = L64(0x629a292a367cd507);
780 context->state[2] = L64(0x9159015a3070dd17);
781 context->state[3] = L64(0x152fecd8f70e5939);
782 context->state[4] = L64(0x67332667ffc00b31);
783 context->state[5] = L64(0x8eb44a8768581511);
784 context->state[6] = L64(0xdb0c2e0d64f98fa7);
785 context->state[7] = L64(0x47b5481dbefa4fa4);
786 }
787 /* }}} */
788
789 /* {{{ SHA512Transform
790 * SHA512 basic transformation. Transforms state based on block.
791 * SHA384 uses the exact same algorithm
792 */
SHA512Transform(uint64_t state[8],const unsigned char block[128])793 static void SHA512Transform(uint64_t state[8], const unsigned char block[128])
794 {
795 uint64_t a = state[0], b = state[1], c = state[2], d = state[3];
796 uint64_t e = state[4], f = state[5], g = state[6], h = state[7];
797 uint64_t x[16], T1, T2, W[80];
798 int i;
799
800 SHADecode64(x, block, 128);
801
802 /* Schedule */
803 for(i = 0; i < 16; i++) {
804 W[i] = x[i];
805 }
806 for(i = 16; i < 80; i++) {
807 W[i] = SHA512_F5(W[i-2]) + W[i-7] + SHA512_F4(W[i-15]) + W[i-16];
808 }
809
810 for (i = 0; i < 80; i++) {
811 T1 = h + SHA512_F3(e) + SHA512_F0(e,f,g) + SHA512_K[i] + W[i];
812 T2 = SHA512_F2(a) + SHA512_F1(a,b,c);
813 h = g; g = f; f = e; e = d + T1;
814 d = c; c = b; b = a; a = T1 + T2;
815 }
816
817 state[0] += a;
818 state[1] += b;
819 state[2] += c;
820 state[3] += d;
821 state[4] += e;
822 state[5] += f;
823 state[6] += g;
824 state[7] += h;
825
826 /* Zeroize sensitive information. */
827 ZEND_SECURE_ZERO((unsigned char*) x, sizeof(x));
828 }
829 /* }}} */
830
831 /* {{{ PHP_SHA384Update
832 SHA384 block update operation. Continues an SHA384 message-digest
833 operation, processing another message block, and updating the
834 context.
835 */
PHP_SHA384Update(PHP_SHA384_CTX * context,const unsigned char * input,unsigned int inputLen)836 PHP_HASH_API void PHP_SHA384Update(PHP_SHA384_CTX * context, const unsigned char *input, unsigned int inputLen)
837 {
838 unsigned int i, index, partLen;
839
840 /* Compute number of bytes mod 128 */
841 index = (unsigned int) ((context->count[0] >> 3) & 0x7F);
842
843 /* Update number of bits */
844 if ((context->count[0] += ((uint64_t) inputLen << 3)) < ((uint64_t) inputLen << 3)) {
845 context->count[1]++;
846 }
847 context->count[1] += ((uint64_t) inputLen >> 61);
848
849 partLen = 128 - index;
850
851 /* Transform as many times as possible.
852 */
853 if (inputLen >= partLen) {
854 memcpy((unsigned char*) & context->buffer[index], (unsigned char*) input, partLen);
855 SHA512Transform(context->state, context->buffer);
856
857 for (i = partLen; i + 127 < inputLen; i += 128) {
858 SHA512Transform(context->state, &input[i]);
859 }
860
861 index = 0;
862 } else {
863 i = 0;
864 }
865
866 /* Buffer remaining input */
867 memcpy((unsigned char*) & context->buffer[index], (unsigned char*) & input[i], inputLen - i);
868 }
869 /* }}} */
870
871 /* {{{ PHP_SHA384Final
872 SHA384 finalization. Ends an SHA384 message-digest operation, writing the
873 the message digest and zeroizing the context.
874 */
PHP_SHA384Final(unsigned char digest[48],PHP_SHA384_CTX * context)875 PHP_HASH_API void PHP_SHA384Final(unsigned char digest[48], PHP_SHA384_CTX * context)
876 {
877 unsigned char bits[16];
878 unsigned int index, padLen;
879
880 /* Save number of bits */
881 bits[15] = (unsigned char) (context->count[0] & 0xFF);
882 bits[14] = (unsigned char) ((context->count[0] >> 8) & 0xFF);
883 bits[13] = (unsigned char) ((context->count[0] >> 16) & 0xFF);
884 bits[12] = (unsigned char) ((context->count[0] >> 24) & 0xFF);
885 bits[11] = (unsigned char) ((context->count[0] >> 32) & 0xFF);
886 bits[10] = (unsigned char) ((context->count[0] >> 40) & 0xFF);
887 bits[9] = (unsigned char) ((context->count[0] >> 48) & 0xFF);
888 bits[8] = (unsigned char) ((context->count[0] >> 56) & 0xFF);
889 bits[7] = (unsigned char) (context->count[1] & 0xFF);
890 bits[6] = (unsigned char) ((context->count[1] >> 8) & 0xFF);
891 bits[5] = (unsigned char) ((context->count[1] >> 16) & 0xFF);
892 bits[4] = (unsigned char) ((context->count[1] >> 24) & 0xFF);
893 bits[3] = (unsigned char) ((context->count[1] >> 32) & 0xFF);
894 bits[2] = (unsigned char) ((context->count[1] >> 40) & 0xFF);
895 bits[1] = (unsigned char) ((context->count[1] >> 48) & 0xFF);
896 bits[0] = (unsigned char) ((context->count[1] >> 56) & 0xFF);
897
898 /* Pad out to 112 mod 128.
899 */
900 index = (unsigned int) ((context->count[0] >> 3) & 0x7f);
901 padLen = (index < 112) ? (112 - index) : (240 - index);
902 PHP_SHA384Update(context, PADDING, padLen);
903
904 /* Append length (before padding) */
905 PHP_SHA384Update(context, bits, 16);
906
907 /* Store state in digest */
908 SHAEncode64(digest, context->state, 48);
909
910 /* Zeroize sensitive information.
911 */
912 ZEND_SECURE_ZERO((unsigned char*) context, sizeof(*context));
913 }
914 /* }}} */
915
916 const php_hash_ops php_hash_sha384_ops = {
917 (php_hash_init_func_t) PHP_SHA384Init,
918 (php_hash_update_func_t) PHP_SHA384Update,
919 (php_hash_final_func_t) PHP_SHA384Final,
920 (php_hash_copy_func_t) php_hash_copy,
921 48,
922 128,
923 sizeof(PHP_SHA384_CTX),
924 1
925 };
926
927 /* {{{ PHP_SHA512Init
928 * SHA512 initialization. Begins an SHA512 operation, writing a new context.
929 */
PHP_SHA512Init(PHP_SHA512_CTX * context)930 PHP_HASH_API void PHP_SHA512Init(PHP_SHA512_CTX * context)
931 {
932 context->count[0] = context->count[1] = 0;
933 /* Load magic initialization constants.
934 */
935 context->state[0] = L64(0x6a09e667f3bcc908);
936 context->state[1] = L64(0xbb67ae8584caa73b);
937 context->state[2] = L64(0x3c6ef372fe94f82b);
938 context->state[3] = L64(0xa54ff53a5f1d36f1);
939 context->state[4] = L64(0x510e527fade682d1);
940 context->state[5] = L64(0x9b05688c2b3e6c1f);
941 context->state[6] = L64(0x1f83d9abfb41bd6b);
942 context->state[7] = L64(0x5be0cd19137e2179);
943 }
944 /* }}} */
945
946 /* {{{ PHP_SHA512_256Init
947 * SHA512/245 initialization. Identical algorithm to SHA512, using alternate initval and truncation
948 */
PHP_SHA512_256Init(PHP_SHA512_CTX * context)949 PHP_HASH_API void PHP_SHA512_256Init(PHP_SHA512_CTX * context)
950 {
951 context->count[0] = context->count[1] = 0;
952
953 context->state[0] = L64(0x22312194FC2BF72C);
954 context->state[1] = L64(0x9F555FA3C84C64C2);
955 context->state[2] = L64(0x2393B86B6F53B151);
956 context->state[3] = L64(0x963877195940EABD);
957 context->state[4] = L64(0x96283EE2A88EFFE3);
958 context->state[5] = L64(0xBE5E1E2553863992);
959 context->state[6] = L64(0x2B0199FC2C85B8AA);
960 context->state[7] = L64(0x0EB72DDC81C52CA2);
961 }
962 /* }}} */
963
964 /* {{{ PHP_SHA512_224Init
965 * SHA512/224 initialization. Identical algorithm to SHA512, using alternate initval and truncation
966 */
PHP_SHA512_224Init(PHP_SHA512_CTX * context)967 PHP_HASH_API void PHP_SHA512_224Init(PHP_SHA512_CTX * context)
968 {
969 context->count[0] = context->count[1] = 0;
970
971 context->state[0] = L64(0x8C3D37C819544DA2);
972 context->state[1] = L64(0x73E1996689DCD4D6);
973 context->state[2] = L64(0x1DFAB7AE32FF9C82);
974 context->state[3] = L64(0x679DD514582F9FCF);
975 context->state[4] = L64(0x0F6D2B697BD44DA8);
976 context->state[5] = L64(0x77E36F7304C48942);
977 context->state[6] = L64(0x3F9D85A86A1D36C8);
978 context->state[7] = L64(0x1112E6AD91D692A1);
979 }
980 /* }}} */
981
982 /* {{{ PHP_SHA512Update
983 SHA512 block update operation. Continues an SHA512 message-digest
984 operation, processing another message block, and updating the
985 context.
986 */
PHP_SHA512Update(PHP_SHA512_CTX * context,const unsigned char * input,unsigned int inputLen)987 PHP_HASH_API void PHP_SHA512Update(PHP_SHA512_CTX * context, const unsigned char *input, unsigned int inputLen)
988 {
989 unsigned int i, index, partLen;
990
991 /* Compute number of bytes mod 128 */
992 index = (unsigned int) ((context->count[0] >> 3) & 0x7F);
993
994 /* Update number of bits */
995 if ((context->count[0] += ((uint64_t) inputLen << 3)) < ((uint64_t) inputLen << 3)) {
996 context->count[1]++;
997 }
998 context->count[1] += ((uint64_t) inputLen >> 61);
999
1000 partLen = 128 - index;
1001
1002 /* Transform as many times as possible.
1003 */
1004 if (inputLen >= partLen) {
1005 memcpy((unsigned char*) & context->buffer[index], (unsigned char*) input, partLen);
1006 SHA512Transform(context->state, context->buffer);
1007
1008 for (i = partLen; i + 127 < inputLen; i += 128) {
1009 SHA512Transform(context->state, &input[i]);
1010 }
1011
1012 index = 0;
1013 } else {
1014 i = 0;
1015 }
1016
1017 /* Buffer remaining input */
1018 memcpy((unsigned char*) & context->buffer[index], (unsigned char*) & input[i], inputLen - i);
1019 }
1020 /* }}} */
1021
1022 /* {{{ PHP_SHA512Final
1023 SHA512 finalization. Ends an SHA512 message-digest operation, writing the
1024 the message digest and zeroizing the context.
1025 */
PHP_SHA512Final(unsigned char digest[64],PHP_SHA512_CTX * context)1026 PHP_HASH_API void PHP_SHA512Final(unsigned char digest[64], PHP_SHA512_CTX * context)
1027 {
1028 unsigned char bits[16];
1029 unsigned int index, padLen;
1030
1031 /* Save number of bits */
1032 bits[15] = (unsigned char) (context->count[0] & 0xFF);
1033 bits[14] = (unsigned char) ((context->count[0] >> 8) & 0xFF);
1034 bits[13] = (unsigned char) ((context->count[0] >> 16) & 0xFF);
1035 bits[12] = (unsigned char) ((context->count[0] >> 24) & 0xFF);
1036 bits[11] = (unsigned char) ((context->count[0] >> 32) & 0xFF);
1037 bits[10] = (unsigned char) ((context->count[0] >> 40) & 0xFF);
1038 bits[9] = (unsigned char) ((context->count[0] >> 48) & 0xFF);
1039 bits[8] = (unsigned char) ((context->count[0] >> 56) & 0xFF);
1040 bits[7] = (unsigned char) (context->count[1] & 0xFF);
1041 bits[6] = (unsigned char) ((context->count[1] >> 8) & 0xFF);
1042 bits[5] = (unsigned char) ((context->count[1] >> 16) & 0xFF);
1043 bits[4] = (unsigned char) ((context->count[1] >> 24) & 0xFF);
1044 bits[3] = (unsigned char) ((context->count[1] >> 32) & 0xFF);
1045 bits[2] = (unsigned char) ((context->count[1] >> 40) & 0xFF);
1046 bits[1] = (unsigned char) ((context->count[1] >> 48) & 0xFF);
1047 bits[0] = (unsigned char) ((context->count[1] >> 56) & 0xFF);
1048
1049 /* Pad out to 112 mod 128.
1050 */
1051 index = (unsigned int) ((context->count[0] >> 3) & 0x7f);
1052 padLen = (index < 112) ? (112 - index) : (240 - index);
1053 PHP_SHA512Update(context, PADDING, padLen);
1054
1055 /* Append length (before padding) */
1056 PHP_SHA512Update(context, bits, 16);
1057
1058 /* Store state in digest */
1059 SHAEncode64(digest, context->state, 64);
1060
1061 /* Zeroize sensitive information.
1062 */
1063 ZEND_SECURE_ZERO((unsigned char*) context, sizeof(*context));
1064 }
1065 /* }}} */
1066
1067 /* {{{ PHP_SHA512_256Final
1068 SHA512/256 finalization. Identical to SHA512Final, but with truncation
1069 */
PHP_SHA512_256Final(unsigned char digest[32],PHP_SHA512_CTX * context)1070 PHP_HASH_API void PHP_SHA512_256Final(unsigned char digest[32], PHP_SHA512_CTX * context)
1071 {
1072 unsigned char full_digest[64];
1073 PHP_SHA512Final(full_digest, context);
1074 memcpy(digest, full_digest, 32);
1075 }
1076 /* }}} */
1077
1078 /* {{{ PHP_SHA512_224Final
1079 SHA512/224 finalization. Identical to SHA512Final, but with truncation
1080 */
PHP_SHA512_224Final(unsigned char digest[28],PHP_SHA512_CTX * context)1081 PHP_HASH_API void PHP_SHA512_224Final(unsigned char digest[28], PHP_SHA512_CTX * context)
1082 {
1083 unsigned char full_digest[64];
1084 PHP_SHA512Final(full_digest, context);
1085 memcpy(digest, full_digest, 28);
1086 }
1087 /* }}} */
1088
1089 const php_hash_ops php_hash_sha512_ops = {
1090 (php_hash_init_func_t) PHP_SHA512Init,
1091 (php_hash_update_func_t) PHP_SHA512Update,
1092 (php_hash_final_func_t) PHP_SHA512Final,
1093 (php_hash_copy_func_t) php_hash_copy,
1094 64,
1095 128,
1096 sizeof(PHP_SHA512_CTX),
1097 1
1098 };
1099
1100 const php_hash_ops php_hash_sha512_256_ops = {
1101 (php_hash_init_func_t) PHP_SHA512_256Init,
1102 (php_hash_update_func_t) PHP_SHA512_256Update,
1103 (php_hash_final_func_t) PHP_SHA512_256Final,
1104 (php_hash_copy_func_t) php_hash_copy,
1105 32,
1106 128,
1107 sizeof(PHP_SHA512_CTX),
1108 1
1109 };
1110
1111 const php_hash_ops php_hash_sha512_224_ops = {
1112 (php_hash_init_func_t) PHP_SHA512_224Init,
1113 (php_hash_update_func_t) PHP_SHA512_224Update,
1114 (php_hash_final_func_t) PHP_SHA512_224Final,
1115 (php_hash_copy_func_t) php_hash_copy,
1116 28,
1117 128,
1118 sizeof(PHP_SHA512_CTX),
1119 1
1120 };
1121
1122 /*
1123 * Local variables:
1124 * tab-width: 4
1125 * c-basic-offset: 4
1126 * End:
1127 * vim600: sw=4 ts=4 fdm=marker
1128 * vim<600: sw=4 ts=4
1129 */
1130
