1 /*
2 +----------------------------------------------------------------------+
3 | PHP Version 7 |
4 +----------------------------------------------------------------------+
5 | Copyright (c) The PHP Group |
6 +----------------------------------------------------------------------+
7 | This source file is subject to version 3.01 of the PHP license, |
8 | that is bundled with this package in the file LICENSE, and is |
9 | available through the world-wide-web at the following url: |
10 | http://www.php.net/license/3_01.txt |
11 | If you did not receive a copy of the PHP license and are unable to |
12 | obtain it through the world-wide-web, please send a note to |
13 | license@php.net so we can mail you a copy immediately. |
14 +----------------------------------------------------------------------+
15 | Authors: Steffan Esser <sesser@php.net> |
16 | Sara Golemon <pollita@php.net> |
17 +----------------------------------------------------------------------+
18 */
19
20 #include "php_hash.h"
21 #include "php_hash_sha.h"
22
23 static const unsigned char PADDING[128] =
24 {
25 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
26 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
27 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
28 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
29 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
30 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
31 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
32 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
33 };
34
35 /* {{{ SHAEncode32
36 Encodes input (uint32_t) into output (unsigned char). Assumes len is
37 a multiple of 4.
38 */
SHAEncode32(unsigned char * output,uint32_t * input,unsigned int len)39 static void SHAEncode32(unsigned char *output, uint32_t *input, unsigned int len)
40 {
41 unsigned int i, j;
42
43 for (i = 0, j = 0; j < len; i++, j += 4) {
44 output[j] = (unsigned char) ((input[i] >> 24) & 0xff);
45 output[j + 1] = (unsigned char) ((input[i] >> 16) & 0xff);
46 output[j + 2] = (unsigned char) ((input[i] >> 8) & 0xff);
47 output[j + 3] = (unsigned char) (input[i] & 0xff);
48 }
49 }
50 /* }}} */
51
52
53 /* {{{ SHADecode32
54 Decodes input (unsigned char) into output (uint32_t). Assumes len is
55 a multiple of 4.
56 */
SHADecode32(uint32_t * output,const unsigned char * input,unsigned int len)57 static void SHADecode32(uint32_t *output, const unsigned char *input, unsigned int len)
58 {
59 unsigned int i, j;
60
61 for (i = 0, j = 0; j < len; i++, j += 4)
62 output[i] = ((uint32_t) input[j + 3]) | (((uint32_t) input[j + 2]) << 8) |
63 (((uint32_t) input[j + 1]) << 16) | (((uint32_t) input[j]) << 24);
64 }
65 /* }}} */
66
67 const php_hash_ops php_hash_sha1_ops = {
68 (php_hash_init_func_t) PHP_SHA1Init,
69 (php_hash_update_func_t) PHP_SHA1Update,
70 (php_hash_final_func_t) PHP_SHA1Final,
71 (php_hash_copy_func_t) php_hash_copy,
72 20,
73 64,
74 sizeof(PHP_SHA1_CTX),
75 1
76 };
77
78 #ifdef PHP_HASH_SHA1_NOT_IN_CORE
79
make_sha1_digest(char * sha1str,unsigned char * digest)80 PHP_HASH_API void make_sha1_digest(char *sha1str, unsigned char *digest)
81 {
82 php_hash_bin2hex(sha1str, digest, 20);
83 sha1str[40] = '\0';
84 }
85
86 /* {{{ proto string sha1(string str [, bool raw_output])
87 Calculate the sha1 hash of a string */
PHP_FUNCTION(sha1)88 PHP_FUNCTION(sha1)
89 {
90 char *arg;
91 size_t arg_len;
92 zend_bool raw_output = 0;
93 PHP_SHA1_CTX context;
94 unsigned char digest[20];
95
96 if (zend_parse_parameters(ZEND_NUM_ARGS(), "s|b", &arg, &arg_len, &raw_output) == FAILURE) {
97 return;
98 }
99
100 PHP_SHA1Init(&context);
101 PHP_SHA1Update(&context, arg, arg_len);
102 PHP_SHA1Final(digest, &context);
103 if (raw_output) {
104 RETURN_STRINGL(digest, 20);
105 } else {
106 RETVAL_NEW_STR(zend_string_alloc(40, 0));
107 make_sha1_digest(Z_STRVAL_P(return_value), digest);
108 }
109
110 }
111
112 /* }}} */
113
114 /* {{{ proto string sha1_file(string filename [, bool raw_output])
115 Calculate the sha1 hash of given filename */
PHP_FUNCTION(sha1_file)116 PHP_FUNCTION(sha1_file)
117 {
118 char *arg;
119 size_t arg_len;
120 zend_bool raw_output = 0;
121 unsigned char buf[1024];
122 unsigned char digest[20];
123 PHP_SHA1_CTX context;
124 int n;
125 php_stream *stream;
126
127 if (zend_parse_parameters(ZEND_NUM_ARGS(), "p|b", &arg, &arg_len, &raw_output) == FAILURE) {
128 return;
129 }
130
131 stream = php_stream_open_wrapper(arg, "rb", REPORT_ERRORS, NULL);
132 if (!stream) {
133 RETURN_FALSE;
134 }
135
136 PHP_SHA1Init(&context);
137
138 while ((n = php_stream_read(stream, buf, sizeof(buf))) > 0) {
139 PHP_SHA1Update(&context, buf, n);
140 }
141
142 PHP_SHA1Final(digest, &context);
143
144 php_stream_close(stream);
145
146 if (n<0) {
147 RETURN_FALSE;
148 }
149
150 if (raw_output) {
151 RETURN_STRINGL(digest, 20);
152 } else {
153 RETVAL_NEW_STR(zend_string_alloc(40, 0));
154 make_sha1_digest(Z_STRVAL_P(return_value), digest);
155 }
156 }
157 /* }}} */
158
159 /* F, G, H and I are basic SHA1 functions.
160 */
161 #define F(x, y, z) ((z) ^ ((x) & ((y) ^ (z))))
162 #define G(x, y, z) ((x) ^ (y) ^ (z))
163 #define H(x, y, z) (((x) & (y)) | ((z) & ((x) | (y))))
164 #define I(x, y, z) ((x) ^ (y) ^ (z))
165
166 /* ROTATE_LEFT rotates x left n bits.
167 */
168 #define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32-(n))))
169
170 /* W[i]
171 */
172 #define W(i) ( tmp=x[(i-3)&15]^x[(i-8)&15]^x[(i-14)&15]^x[i&15], \
173 (x[i&15]=ROTATE_LEFT(tmp, 1)) )
174
175 /* FF, GG, HH, and II transformations for rounds 1, 2, 3, and 4.
176 */
177 #define FF(a, b, c, d, e, w) { \
178 (e) += F ((b), (c), (d)) + (w) + (uint32_t)(0x5A827999); \
179 (e) += ROTATE_LEFT ((a), 5); \
180 (b) = ROTATE_LEFT((b), 30); \
181 }
182 #define GG(a, b, c, d, e, w) { \
183 (e) += G ((b), (c), (d)) + (w) + (uint32_t)(0x6ED9EBA1); \
184 (e) += ROTATE_LEFT ((a), 5); \
185 (b) = ROTATE_LEFT((b), 30); \
186 }
187 #define HH(a, b, c, d, e, w) { \
188 (e) += H ((b), (c), (d)) + (w) + (uint32_t)(0x8F1BBCDC); \
189 (e) += ROTATE_LEFT ((a), 5); \
190 (b) = ROTATE_LEFT((b), 30); \
191 }
192 #define II(a, b, c, d, e, w) { \
193 (e) += I ((b), (c), (d)) + (w) + (uint32_t)(0xCA62C1D6); \
194 (e) += ROTATE_LEFT ((a), 5); \
195 (b) = ROTATE_LEFT((b), 30); \
196 }
197
198
199 /* {{{ PHP_SHA1Init
200 * SHA1 initialization. Begins an SHA1 operation, writing a new context.
201 */
PHP_SHA1Init(PHP_SHA1_CTX * context)202 PHP_HASH_API void PHP_SHA1Init(PHP_SHA1_CTX * context)
203 {
204 context->count[0] = context->count[1] = 0;
205 /* Load magic initialization constants.
206 */
207 context->state[0] = 0x67452301;
208 context->state[1] = 0xefcdab89;
209 context->state[2] = 0x98badcfe;
210 context->state[3] = 0x10325476;
211 context->state[4] = 0xc3d2e1f0;
212 }
213 /* }}} */
214
215 /* {{{ SHA1Transform
216 * SHA1 basic transformation. Transforms state based on block.
217 */
SHA1Transform(uint32_t state[5],const unsigned char block[64])218 static void SHA1Transform(uint32_t state[5], const unsigned char block[64])
219 {
220 uint32_t a = state[0], b = state[1], c = state[2];
221 uint32_t d = state[3], e = state[4], x[16], tmp;
222
223 SHADecode32(x, block, 64);
224
225 /* Round 1 */
226 FF(a, b, c, d, e, x[0]); /* 1 */
227 FF(e, a, b, c, d, x[1]); /* 2 */
228 FF(d, e, a, b, c, x[2]); /* 3 */
229 FF(c, d, e, a, b, x[3]); /* 4 */
230 FF(b, c, d, e, a, x[4]); /* 5 */
231 FF(a, b, c, d, e, x[5]); /* 6 */
232 FF(e, a, b, c, d, x[6]); /* 7 */
233 FF(d, e, a, b, c, x[7]); /* 8 */
234 FF(c, d, e, a, b, x[8]); /* 9 */
235 FF(b, c, d, e, a, x[9]); /* 10 */
236 FF(a, b, c, d, e, x[10]); /* 11 */
237 FF(e, a, b, c, d, x[11]); /* 12 */
238 FF(d, e, a, b, c, x[12]); /* 13 */
239 FF(c, d, e, a, b, x[13]); /* 14 */
240 FF(b, c, d, e, a, x[14]); /* 15 */
241 FF(a, b, c, d, e, x[15]); /* 16 */
242 FF(e, a, b, c, d, W(16)); /* 17 */
243 FF(d, e, a, b, c, W(17)); /* 18 */
244 FF(c, d, e, a, b, W(18)); /* 19 */
245 FF(b, c, d, e, a, W(19)); /* 20 */
246
247 /* Round 2 */
248 GG(a, b, c, d, e, W(20)); /* 21 */
249 GG(e, a, b, c, d, W(21)); /* 22 */
250 GG(d, e, a, b, c, W(22)); /* 23 */
251 GG(c, d, e, a, b, W(23)); /* 24 */
252 GG(b, c, d, e, a, W(24)); /* 25 */
253 GG(a, b, c, d, e, W(25)); /* 26 */
254 GG(e, a, b, c, d, W(26)); /* 27 */
255 GG(d, e, a, b, c, W(27)); /* 28 */
256 GG(c, d, e, a, b, W(28)); /* 29 */
257 GG(b, c, d, e, a, W(29)); /* 30 */
258 GG(a, b, c, d, e, W(30)); /* 31 */
259 GG(e, a, b, c, d, W(31)); /* 32 */
260 GG(d, e, a, b, c, W(32)); /* 33 */
261 GG(c, d, e, a, b, W(33)); /* 34 */
262 GG(b, c, d, e, a, W(34)); /* 35 */
263 GG(a, b, c, d, e, W(35)); /* 36 */
264 GG(e, a, b, c, d, W(36)); /* 37 */
265 GG(d, e, a, b, c, W(37)); /* 38 */
266 GG(c, d, e, a, b, W(38)); /* 39 */
267 GG(b, c, d, e, a, W(39)); /* 40 */
268
269 /* Round 3 */
270 HH(a, b, c, d, e, W(40)); /* 41 */
271 HH(e, a, b, c, d, W(41)); /* 42 */
272 HH(d, e, a, b, c, W(42)); /* 43 */
273 HH(c, d, e, a, b, W(43)); /* 44 */
274 HH(b, c, d, e, a, W(44)); /* 45 */
275 HH(a, b, c, d, e, W(45)); /* 46 */
276 HH(e, a, b, c, d, W(46)); /* 47 */
277 HH(d, e, a, b, c, W(47)); /* 48 */
278 HH(c, d, e, a, b, W(48)); /* 49 */
279 HH(b, c, d, e, a, W(49)); /* 50 */
280 HH(a, b, c, d, e, W(50)); /* 51 */
281 HH(e, a, b, c, d, W(51)); /* 52 */
282 HH(d, e, a, b, c, W(52)); /* 53 */
283 HH(c, d, e, a, b, W(53)); /* 54 */
284 HH(b, c, d, e, a, W(54)); /* 55 */
285 HH(a, b, c, d, e, W(55)); /* 56 */
286 HH(e, a, b, c, d, W(56)); /* 57 */
287 HH(d, e, a, b, c, W(57)); /* 58 */
288 HH(c, d, e, a, b, W(58)); /* 59 */
289 HH(b, c, d, e, a, W(59)); /* 60 */
290
291 /* Round 4 */
292 II(a, b, c, d, e, W(60)); /* 61 */
293 II(e, a, b, c, d, W(61)); /* 62 */
294 II(d, e, a, b, c, W(62)); /* 63 */
295 II(c, d, e, a, b, W(63)); /* 64 */
296 II(b, c, d, e, a, W(64)); /* 65 */
297 II(a, b, c, d, e, W(65)); /* 66 */
298 II(e, a, b, c, d, W(66)); /* 67 */
299 II(d, e, a, b, c, W(67)); /* 68 */
300 II(c, d, e, a, b, W(68)); /* 69 */
301 II(b, c, d, e, a, W(69)); /* 70 */
302 II(a, b, c, d, e, W(70)); /* 71 */
303 II(e, a, b, c, d, W(71)); /* 72 */
304 II(d, e, a, b, c, W(72)); /* 73 */
305 II(c, d, e, a, b, W(73)); /* 74 */
306 II(b, c, d, e, a, W(74)); /* 75 */
307 II(a, b, c, d, e, W(75)); /* 76 */
308 II(e, a, b, c, d, W(76)); /* 77 */
309 II(d, e, a, b, c, W(77)); /* 78 */
310 II(c, d, e, a, b, W(78)); /* 79 */
311 II(b, c, d, e, a, W(79)); /* 80 */
312
313 state[0] += a;
314 state[1] += b;
315 state[2] += c;
316 state[3] += d;
317 state[4] += e;
318
319 /* Zeroize sensitive information. */
320 ZEND_SECURE_ZERO((unsigned char*) x, sizeof(x));
321 }
322 /* }}} */
323
324 /* {{{ PHP_SHA1Update
325 SHA1 block update operation. Continues an SHA1 message-digest
326 operation, processing another message block, and updating the
327 context.
328 */
PHP_SHA1Update(PHP_SHA1_CTX * context,const unsigned char * input,size_t inputLen)329 PHP_HASH_API void PHP_SHA1Update(PHP_SHA1_CTX * context, const unsigned char *input,
330 size_t inputLen)
331 {
332 unsigned int i, index, partLen;
333
334 /* Compute number of bytes mod 64 */
335 index = (unsigned int) ((context->count[0] >> 3) & 0x3F);
336
337 /* Update number of bits */
338 if ((context->count[0] += ((uint32_t) inputLen << 3))
339 < ((uint32_t) inputLen << 3))
340 context->count[1]++;
341 context->count[1] += ((uint32_t) inputLen >> 29);
342
343 partLen = 64 - index;
344
345 /* Transform as many times as possible.
346 */
347 if (inputLen >= partLen) {
348 memcpy
349 ((unsigned char*) & context->buffer[index], (unsigned char*) input, partLen);
350 SHA1Transform(context->state, context->buffer);
351
352 for (i = partLen; i + 63 < inputLen; i += 64)
353 SHA1Transform(context->state, &input[i]);
354
355 index = 0;
356 } else
357 i = 0;
358
359 /* Buffer remaining input */
360 memcpy
361 ((unsigned char*) & context->buffer[index], (unsigned char*) & input[i],
362 inputLen - i);
363 }
364 /* }}} */
365
366 /* {{{ PHP_SHA1Final
367 SHA1 finalization. Ends an SHA1 message-digest operation, writing the
368 the message digest and zeroizing the context.
369 */
PHP_SHA1Final(unsigned char digest[20],PHP_SHA1_CTX * context)370 PHP_HASH_API void PHP_SHA1Final(unsigned char digest[20], PHP_SHA1_CTX * context)
371 {
372 unsigned char bits[8];
373 unsigned int index, padLen;
374
375 /* Save number of bits */
376 bits[7] = context->count[0] & 0xFF;
377 bits[6] = (context->count[0] >> 8) & 0xFF;
378 bits[5] = (context->count[0] >> 16) & 0xFF;
379 bits[4] = (context->count[0] >> 24) & 0xFF;
380 bits[3] = context->count[1] & 0xFF;
381 bits[2] = (context->count[1] >> 8) & 0xFF;
382 bits[1] = (context->count[1] >> 16) & 0xFF;
383 bits[0] = (context->count[1] >> 24) & 0xFF;
384
385 /* Pad out to 56 mod 64.
386 */
387 index = (unsigned int) ((context->count[0] >> 3) & 0x3f);
388 padLen = (index < 56) ? (56 - index) : (120 - index);
389 PHP_SHA1Update(context, PADDING, padLen);
390
391 /* Append length (before padding) */
392 PHP_SHA1Update(context, bits, 8);
393
394 /* Store state in digest */
395 SHAEncode32(digest, context->state, 20);
396
397 /* Zeroize sensitive information.
398 */
399 ZEND_SECURE_ZERO((unsigned char*) context, sizeof(*context));
400 }
401 /* }}} */
402
403 #endif /* PHP_HASH_SHA1_NOT_IN_CORE */
404
405 /* sha224/sha256 */
406
407 const php_hash_ops php_hash_sha256_ops = {
408 (php_hash_init_func_t) PHP_SHA256Init,
409 (php_hash_update_func_t) PHP_SHA256Update,
410 (php_hash_final_func_t) PHP_SHA256Final,
411 (php_hash_copy_func_t) php_hash_copy,
412 32,
413 64,
414 sizeof(PHP_SHA256_CTX),
415 1
416 };
417
418 const php_hash_ops php_hash_sha224_ops = {
419 (php_hash_init_func_t) PHP_SHA224Init,
420 (php_hash_update_func_t) PHP_SHA224Update,
421 (php_hash_final_func_t) PHP_SHA224Final,
422 (php_hash_copy_func_t) php_hash_copy,
423 28,
424 64,
425 sizeof(PHP_SHA224_CTX),
426 1
427 };
428
429 #define ROTR32(b,x) ((x >> b) | (x << (32 - b)))
430 #define ROTR64(b,x) ((x >> b) | (x << (64 - b)))
431 #define SHR(b, x) (x >> b)
432
433 /* Ch */
434 #define SHA256_F0(x,y,z) (((x) & (y)) ^ ((~(x)) & (z)))
435 /* Maj */
436 #define SHA256_F1(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
437 /* SUM0 */
438 #define SHA256_F2(x) (ROTR32( 2,(x)) ^ ROTR32(13,(x)) ^ ROTR32(22,(x)))
439 /* SUM1 */
440 #define SHA256_F3(x) (ROTR32( 6,(x)) ^ ROTR32(11,(x)) ^ ROTR32(25,(x)))
441 /* OM0 */
442 #define SHA256_F4(x) (ROTR32( 7,(x)) ^ ROTR32(18,(x)) ^ SHR( 3,(x)))
443 /* OM1 */
444 #define SHA256_F5(x) (ROTR32(17,(x)) ^ ROTR32(19,(x)) ^ SHR(10,(x)))
445
446 static const uint32_t SHA256_K[64] = {
447 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
448 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
449 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
450 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
451 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
452 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
453 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
454 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2 };
455
456 /* {{{ PHP_SHA256Init
457 * SHA256 initialization. Begins an SHA256 operation, writing a new context.
458 */
PHP_SHA256Init(PHP_SHA256_CTX * context)459 PHP_HASH_API void PHP_SHA256Init(PHP_SHA256_CTX * context)
460 {
461 context->count[0] = context->count[1] = 0;
462 /* Load magic initialization constants.
463 */
464 context->state[0] = 0x6a09e667;
465 context->state[1] = 0xbb67ae85;
466 context->state[2] = 0x3c6ef372;
467 context->state[3] = 0xa54ff53a;
468 context->state[4] = 0x510e527f;
469 context->state[5] = 0x9b05688c;
470 context->state[6] = 0x1f83d9ab;
471 context->state[7] = 0x5be0cd19;
472 }
473 /* }}} */
474
475 /* {{{ SHA256Transform
476 * SHA256 basic transformation. Transforms state based on block.
477 */
SHA256Transform(uint32_t state[8],const unsigned char block[64])478 static void SHA256Transform(uint32_t state[8], const unsigned char block[64])
479 {
480 uint32_t a = state[0], b = state[1], c = state[2], d = state[3];
481 uint32_t e = state[4], f = state[5], g = state[6], h = state[7];
482 uint32_t x[16], T1, T2, W[64];
483 int i;
484
485 SHADecode32(x, block, 64);
486
487 /* Schedule */
488 for(i = 0; i < 16; i++) {
489 W[i] = x[i];
490 }
491 for(i = 16; i < 64; i++) {
492 W[i] = SHA256_F5(W[i-2]) + W[i-7] + SHA256_F4(W[i-15]) + W[i-16];
493 }
494
495 for (i = 0; i < 64; i++) {
496 T1 = h + SHA256_F3(e) + SHA256_F0(e,f,g) + SHA256_K[i] + W[i];
497 T2 = SHA256_F2(a) + SHA256_F1(a,b,c);
498 h = g; g = f; f = e; e = d + T1;
499 d = c; c = b; b = a; a = T1 + T2;
500 }
501
502 state[0] += a;
503 state[1] += b;
504 state[2] += c;
505 state[3] += d;
506 state[4] += e;
507 state[5] += f;
508 state[6] += g;
509 state[7] += h;
510
511 /* Zeroize sensitive information. */
512 ZEND_SECURE_ZERO((unsigned char*) x, sizeof(x));
513 }
514 /* }}} */
515
516 /* {{{ PHP_SHA224Init
517 * SHA224 initialization. Begins an SHA224 operation, writing a new context.
518 */
PHP_SHA224Init(PHP_SHA224_CTX * context)519 PHP_HASH_API void PHP_SHA224Init(PHP_SHA224_CTX * context)
520 {
521 context->count[0] = context->count[1] = 0;
522 /* Load magic initialization constants.
523 */
524 context->state[0] = 0xc1059ed8;
525 context->state[1] = 0x367cd507;
526 context->state[2] = 0x3070dd17;
527 context->state[3] = 0xf70e5939;
528 context->state[4] = 0xffc00b31;
529 context->state[5] = 0x68581511;
530 context->state[6] = 0x64f98fa7;
531 context->state[7] = 0xbefa4fa4;
532 }
533 /* }}} */
534
535 /* {{{ PHP_SHA224Update
536 SHA224 block update operation. Continues an SHA224 message-digest
537 operation, processing another message block, and updating the
538 context.
539 */
PHP_SHA224Update(PHP_SHA224_CTX * context,const unsigned char * input,size_t inputLen)540 PHP_HASH_API void PHP_SHA224Update(PHP_SHA224_CTX * context, const unsigned char *input, size_t inputLen)
541 {
542 unsigned int i, index, partLen;
543
544 /* Compute number of bytes mod 64 */
545 index = (unsigned int) ((context->count[0] >> 3) & 0x3F);
546
547 /* Update number of bits */
548 if ((context->count[0] += ((uint32_t) inputLen << 3)) < ((uint32_t) inputLen << 3)) {
549 context->count[1]++;
550 }
551 context->count[1] += ((uint32_t) inputLen >> 29);
552
553 partLen = 64 - index;
554
555 /* Transform as many times as possible.
556 */
557 if (inputLen >= partLen) {
558 memcpy((unsigned char*) & context->buffer[index], (unsigned char*) input, partLen);
559 SHA256Transform(context->state, context->buffer);
560
561 for (i = partLen; i + 63 < inputLen; i += 64) {
562 SHA256Transform(context->state, &input[i]);
563 }
564
565 index = 0;
566 } else {
567 i = 0;
568 }
569
570 /* Buffer remaining input */
571 memcpy((unsigned char*) & context->buffer[index], (unsigned char*) & input[i], inputLen - i);
572 }
573 /* }}} */
574
575 /* {{{ PHP_SHA224Final
576 SHA224 finalization. Ends an SHA224 message-digest operation, writing the
577 the message digest and zeroizing the context.
578 */
PHP_SHA224Final(unsigned char digest[28],PHP_SHA224_CTX * context)579 PHP_HASH_API void PHP_SHA224Final(unsigned char digest[28], PHP_SHA224_CTX * context)
580 {
581 unsigned char bits[8];
582 unsigned int index, padLen;
583
584 /* Save number of bits */
585 bits[7] = (unsigned char) (context->count[0] & 0xFF);
586 bits[6] = (unsigned char) ((context->count[0] >> 8) & 0xFF);
587 bits[5] = (unsigned char) ((context->count[0] >> 16) & 0xFF);
588 bits[4] = (unsigned char) ((context->count[0] >> 24) & 0xFF);
589 bits[3] = (unsigned char) (context->count[1] & 0xFF);
590 bits[2] = (unsigned char) ((context->count[1] >> 8) & 0xFF);
591 bits[1] = (unsigned char) ((context->count[1] >> 16) & 0xFF);
592 bits[0] = (unsigned char) ((context->count[1] >> 24) & 0xFF);
593
594 /* Pad out to 56 mod 64.
595 */
596 index = (unsigned int) ((context->count[0] >> 3) & 0x3f);
597 padLen = (index < 56) ? (56 - index) : (120 - index);
598 PHP_SHA224Update(context, PADDING, padLen);
599
600 /* Append length (before padding) */
601 PHP_SHA224Update(context, bits, 8);
602
603 /* Store state in digest */
604 SHAEncode32(digest, context->state, 28);
605
606 /* Zeroize sensitive information.
607 */
608 ZEND_SECURE_ZERO((unsigned char*) context, sizeof(*context));
609 }
610 /* }}} */
611
612 /* {{{ PHP_SHA256Update
613 SHA256 block update operation. Continues an SHA256 message-digest
614 operation, processing another message block, and updating the
615 context.
616 */
PHP_SHA256Update(PHP_SHA256_CTX * context,const unsigned char * input,size_t inputLen)617 PHP_HASH_API void PHP_SHA256Update(PHP_SHA256_CTX * context, const unsigned char *input, size_t inputLen)
618 {
619 unsigned int i, index, partLen;
620
621 /* Compute number of bytes mod 64 */
622 index = (unsigned int) ((context->count[0] >> 3) & 0x3F);
623
624 /* Update number of bits */
625 if ((context->count[0] += ((uint32_t) inputLen << 3)) < ((uint32_t) inputLen << 3)) {
626 context->count[1]++;
627 }
628 context->count[1] += ((uint32_t) inputLen >> 29);
629
630 partLen = 64 - index;
631
632 /* Transform as many times as possible.
633 */
634 if (inputLen >= partLen) {
635 memcpy((unsigned char*) & context->buffer[index], (unsigned char*) input, partLen);
636 SHA256Transform(context->state, context->buffer);
637
638 for (i = partLen; i + 63 < inputLen; i += 64) {
639 SHA256Transform(context->state, &input[i]);
640 }
641
642 index = 0;
643 } else {
644 i = 0;
645 }
646
647 /* Buffer remaining input */
648 memcpy((unsigned char*) & context->buffer[index], (unsigned char*) & input[i], inputLen - i);
649 }
650 /* }}} */
651
652 /* {{{ PHP_SHA256Final
653 SHA256 finalization. Ends an SHA256 message-digest operation, writing the
654 the message digest and zeroizing the context.
655 */
PHP_SHA256Final(unsigned char digest[32],PHP_SHA256_CTX * context)656 PHP_HASH_API void PHP_SHA256Final(unsigned char digest[32], PHP_SHA256_CTX * context)
657 {
658 unsigned char bits[8];
659 unsigned int index, padLen;
660
661 /* Save number of bits */
662 bits[7] = (unsigned char) (context->count[0] & 0xFF);
663 bits[6] = (unsigned char) ((context->count[0] >> 8) & 0xFF);
664 bits[5] = (unsigned char) ((context->count[0] >> 16) & 0xFF);
665 bits[4] = (unsigned char) ((context->count[0] >> 24) & 0xFF);
666 bits[3] = (unsigned char) (context->count[1] & 0xFF);
667 bits[2] = (unsigned char) ((context->count[1] >> 8) & 0xFF);
668 bits[1] = (unsigned char) ((context->count[1] >> 16) & 0xFF);
669 bits[0] = (unsigned char) ((context->count[1] >> 24) & 0xFF);
670
671 /* Pad out to 56 mod 64.
672 */
673 index = (unsigned int) ((context->count[0] >> 3) & 0x3f);
674 padLen = (index < 56) ? (56 - index) : (120 - index);
675 PHP_SHA256Update(context, PADDING, padLen);
676
677 /* Append length (before padding) */
678 PHP_SHA256Update(context, bits, 8);
679
680 /* Store state in digest */
681 SHAEncode32(digest, context->state, 32);
682
683 /* Zeroize sensitive information.
684 */
685 ZEND_SECURE_ZERO((unsigned char*) context, sizeof(*context));
686 }
687 /* }}} */
688
689 /* sha384/sha512 */
690
691 /* Ch */
692 #define SHA512_F0(x,y,z) (((x) & (y)) ^ ((~(x)) & (z)))
693 /* Maj */
694 #define SHA512_F1(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
695 /* SUM0 */
696 #define SHA512_F2(x) (ROTR64(28, x) ^ ROTR64(34, x) ^ ROTR64(39, x))
697 /* SUM1 */
698 #define SHA512_F3(x) (ROTR64(14, x) ^ ROTR64(18, x) ^ ROTR64(41, x))
699 /* OM0 */
700 #define SHA512_F4(x) (ROTR64( 1, x) ^ ROTR64( 8, x) ^ SHR(7, x))
701 /* OM1 */
702 #define SHA512_F5(x) (ROTR64(19, x) ^ ROTR64(61, x) ^ SHR(6, x))
703
704 static const uint64_t SHA512_K[128] = {
705 L64(0x428a2f98d728ae22), L64(0x7137449123ef65cd), L64(0xb5c0fbcfec4d3b2f), L64(0xe9b5dba58189dbbc),
706 L64(0x3956c25bf348b538), L64(0x59f111f1b605d019), L64(0x923f82a4af194f9b), L64(0xab1c5ed5da6d8118),
707 L64(0xd807aa98a3030242), L64(0x12835b0145706fbe), L64(0x243185be4ee4b28c), L64(0x550c7dc3d5ffb4e2),
708 L64(0x72be5d74f27b896f), L64(0x80deb1fe3b1696b1), L64(0x9bdc06a725c71235), L64(0xc19bf174cf692694),
709 L64(0xe49b69c19ef14ad2), L64(0xefbe4786384f25e3), L64(0x0fc19dc68b8cd5b5), L64(0x240ca1cc77ac9c65),
710 L64(0x2de92c6f592b0275), L64(0x4a7484aa6ea6e483), L64(0x5cb0a9dcbd41fbd4), L64(0x76f988da831153b5),
711 L64(0x983e5152ee66dfab), L64(0xa831c66d2db43210), L64(0xb00327c898fb213f), L64(0xbf597fc7beef0ee4),
712 L64(0xc6e00bf33da88fc2), L64(0xd5a79147930aa725), L64(0x06ca6351e003826f), L64(0x142929670a0e6e70),
713 L64(0x27b70a8546d22ffc), L64(0x2e1b21385c26c926), L64(0x4d2c6dfc5ac42aed), L64(0x53380d139d95b3df),
714 L64(0x650a73548baf63de), L64(0x766a0abb3c77b2a8), L64(0x81c2c92e47edaee6), L64(0x92722c851482353b),
715 L64(0xa2bfe8a14cf10364), L64(0xa81a664bbc423001), L64(0xc24b8b70d0f89791), L64(0xc76c51a30654be30),
716 L64(0xd192e819d6ef5218), L64(0xd69906245565a910), L64(0xf40e35855771202a), L64(0x106aa07032bbd1b8),
717 L64(0x19a4c116b8d2d0c8), L64(0x1e376c085141ab53), L64(0x2748774cdf8eeb99), L64(0x34b0bcb5e19b48a8),
718 L64(0x391c0cb3c5c95a63), L64(0x4ed8aa4ae3418acb), L64(0x5b9cca4f7763e373), L64(0x682e6ff3d6b2b8a3),
719 L64(0x748f82ee5defb2fc), L64(0x78a5636f43172f60), L64(0x84c87814a1f0ab72), L64(0x8cc702081a6439ec),
720 L64(0x90befffa23631e28), L64(0xa4506cebde82bde9), L64(0xbef9a3f7b2c67915), L64(0xc67178f2e372532b),
721 L64(0xca273eceea26619c), L64(0xd186b8c721c0c207), L64(0xeada7dd6cde0eb1e), L64(0xf57d4f7fee6ed178),
722 L64(0x06f067aa72176fba), L64(0x0a637dc5a2c898a6), L64(0x113f9804bef90dae), L64(0x1b710b35131c471b),
723 L64(0x28db77f523047d84), L64(0x32caab7b40c72493), L64(0x3c9ebe0a15c9bebc), L64(0x431d67c49c100d4c),
724 L64(0x4cc5d4becb3e42b6), L64(0x597f299cfc657e2a), L64(0x5fcb6fab3ad6faec), L64(0x6c44198c4a475817) };
725
726 /* {{{ SHAEncode64
727 Encodes input (uint64_t) into output (unsigned char). Assumes len is
728 a multiple of 8.
729 */
SHAEncode64(unsigned char * output,uint64_t * input,unsigned int len)730 static void SHAEncode64(unsigned char *output, uint64_t *input, unsigned int len)
731 {
732 unsigned int i, j;
733
734 for (i = 0, j = 0; j < len; i++, j += 8) {
735 output[j] = (unsigned char) ((input[i] >> 56) & 0xff);
736 output[j + 1] = (unsigned char) ((input[i] >> 48) & 0xff);
737 output[j + 2] = (unsigned char) ((input[i] >> 40) & 0xff);
738 output[j + 3] = (unsigned char) ((input[i] >> 32) & 0xff);
739 output[j + 4] = (unsigned char) ((input[i] >> 24) & 0xff);
740 output[j + 5] = (unsigned char) ((input[i] >> 16) & 0xff);
741 output[j + 6] = (unsigned char) ((input[i] >> 8) & 0xff);
742 output[j + 7] = (unsigned char) (input[i] & 0xff);
743 }
744 }
745 /* }}} */
746
747
748 /* {{{ SHADecode64
749 Decodes input (unsigned char) into output (uint64_t). Assumes len is
750 a multiple of 8.
751 */
SHADecode64(uint64_t * output,const unsigned char * input,unsigned int len)752 static void SHADecode64(uint64_t *output, const unsigned char *input, unsigned int len)
753 {
754 unsigned int i, j;
755
756 for (i = 0, j = 0; j < len; i++, j += 8)
757 output[i] =
758 ((uint64_t) input[j + 7]) | (((uint64_t) input[j + 6]) << 8) |
759 (((uint64_t) input[j + 5]) << 16) | (((uint64_t) input[j + 4]) << 24) |
760 (((uint64_t) input[j + 3]) << 32) | (((uint64_t) input[j + 2]) << 40) |
761 (((uint64_t) input[j + 1]) << 48) | (((uint64_t) input[j]) << 56);
762 }
763 /* }}} */
764
765 /* {{{ PHP_SHA384Init
766 * SHA384 initialization. Begins an SHA384 operation, writing a new context.
767 */
PHP_SHA384Init(PHP_SHA384_CTX * context)768 PHP_HASH_API void PHP_SHA384Init(PHP_SHA384_CTX * context)
769 {
770 context->count[0] = context->count[1] = 0;
771 /* Load magic initialization constants.
772 */
773 context->state[0] = L64(0xcbbb9d5dc1059ed8);
774 context->state[1] = L64(0x629a292a367cd507);
775 context->state[2] = L64(0x9159015a3070dd17);
776 context->state[3] = L64(0x152fecd8f70e5939);
777 context->state[4] = L64(0x67332667ffc00b31);
778 context->state[5] = L64(0x8eb44a8768581511);
779 context->state[6] = L64(0xdb0c2e0d64f98fa7);
780 context->state[7] = L64(0x47b5481dbefa4fa4);
781 }
782 /* }}} */
783
784 /* {{{ SHA512Transform
785 * SHA512 basic transformation. Transforms state based on block.
786 * SHA384 uses the exact same algorithm
787 */
SHA512Transform(uint64_t state[8],const unsigned char block[128])788 static void SHA512Transform(uint64_t state[8], const unsigned char block[128])
789 {
790 uint64_t a = state[0], b = state[1], c = state[2], d = state[3];
791 uint64_t e = state[4], f = state[5], g = state[6], h = state[7];
792 uint64_t x[16], T1, T2, W[80];
793 int i;
794
795 SHADecode64(x, block, 128);
796
797 /* Schedule */
798 for(i = 0; i < 16; i++) {
799 W[i] = x[i];
800 }
801 for(i = 16; i < 80; i++) {
802 W[i] = SHA512_F5(W[i-2]) + W[i-7] + SHA512_F4(W[i-15]) + W[i-16];
803 }
804
805 for (i = 0; i < 80; i++) {
806 T1 = h + SHA512_F3(e) + SHA512_F0(e,f,g) + SHA512_K[i] + W[i];
807 T2 = SHA512_F2(a) + SHA512_F1(a,b,c);
808 h = g; g = f; f = e; e = d + T1;
809 d = c; c = b; b = a; a = T1 + T2;
810 }
811
812 state[0] += a;
813 state[1] += b;
814 state[2] += c;
815 state[3] += d;
816 state[4] += e;
817 state[5] += f;
818 state[6] += g;
819 state[7] += h;
820
821 /* Zeroize sensitive information. */
822 ZEND_SECURE_ZERO((unsigned char*) x, sizeof(x));
823 }
824 /* }}} */
825
826 /* {{{ PHP_SHA384Update
827 SHA384 block update operation. Continues an SHA384 message-digest
828 operation, processing another message block, and updating the
829 context.
830 */
PHP_SHA384Update(PHP_SHA384_CTX * context,const unsigned char * input,size_t inputLen)831 PHP_HASH_API void PHP_SHA384Update(PHP_SHA384_CTX * context, const unsigned char *input, size_t inputLen)
832 {
833 unsigned int i = 0, index, partLen;
834
835 /* Compute number of bytes mod 128 */
836 index = (unsigned int) ((context->count[0] >> 3) & 0x7F);
837
838 /* Update number of bits */
839 if ((context->count[0] += ((uint64_t) inputLen << 3)) < ((uint64_t) inputLen << 3)) {
840 context->count[1]++;
841 }
842 context->count[1] += ((uint64_t) inputLen >> 61);
843
844 partLen = 128 - index;
845
846 /* Transform as many times as possible.
847 */
848 if (inputLen >= partLen) {
849 memcpy((unsigned char*) & context->buffer[index], (unsigned char*) input, partLen);
850 SHA512Transform(context->state, context->buffer);
851
852 for (i = partLen; i + 127 < inputLen; i += 128) {
853 SHA512Transform(context->state, &input[i]);
854 }
855
856 index = 0;
857 }
858
859 /* Buffer remaining input */
860 memcpy((unsigned char*) & context->buffer[index], (unsigned char*) & input[i], inputLen - i);
861 }
862 /* }}} */
863
864 /* {{{ PHP_SHA384Final
865 SHA384 finalization. Ends an SHA384 message-digest operation, writing the
866 the message digest and zeroizing the context.
867 */
PHP_SHA384Final(unsigned char digest[48],PHP_SHA384_CTX * context)868 PHP_HASH_API void PHP_SHA384Final(unsigned char digest[48], PHP_SHA384_CTX * context)
869 {
870 unsigned char bits[16];
871 unsigned int index, padLen;
872
873 /* Save number of bits */
874 bits[15] = (unsigned char) (context->count[0] & 0xFF);
875 bits[14] = (unsigned char) ((context->count[0] >> 8) & 0xFF);
876 bits[13] = (unsigned char) ((context->count[0] >> 16) & 0xFF);
877 bits[12] = (unsigned char) ((context->count[0] >> 24) & 0xFF);
878 bits[11] = (unsigned char) ((context->count[0] >> 32) & 0xFF);
879 bits[10] = (unsigned char) ((context->count[0] >> 40) & 0xFF);
880 bits[9] = (unsigned char) ((context->count[0] >> 48) & 0xFF);
881 bits[8] = (unsigned char) ((context->count[0] >> 56) & 0xFF);
882 bits[7] = (unsigned char) (context->count[1] & 0xFF);
883 bits[6] = (unsigned char) ((context->count[1] >> 8) & 0xFF);
884 bits[5] = (unsigned char) ((context->count[1] >> 16) & 0xFF);
885 bits[4] = (unsigned char) ((context->count[1] >> 24) & 0xFF);
886 bits[3] = (unsigned char) ((context->count[1] >> 32) & 0xFF);
887 bits[2] = (unsigned char) ((context->count[1] >> 40) & 0xFF);
888 bits[1] = (unsigned char) ((context->count[1] >> 48) & 0xFF);
889 bits[0] = (unsigned char) ((context->count[1] >> 56) & 0xFF);
890
891 /* Pad out to 112 mod 128.
892 */
893 index = (unsigned int) ((context->count[0] >> 3) & 0x7f);
894 padLen = (index < 112) ? (112 - index) : (240 - index);
895 PHP_SHA384Update(context, PADDING, padLen);
896
897 /* Append length (before padding) */
898 PHP_SHA384Update(context, bits, 16);
899
900 /* Store state in digest */
901 SHAEncode64(digest, context->state, 48);
902
903 /* Zeroize sensitive information.
904 */
905 ZEND_SECURE_ZERO((unsigned char*) context, sizeof(*context));
906 }
907 /* }}} */
908
909 const php_hash_ops php_hash_sha384_ops = {
910 (php_hash_init_func_t) PHP_SHA384Init,
911 (php_hash_update_func_t) PHP_SHA384Update,
912 (php_hash_final_func_t) PHP_SHA384Final,
913 (php_hash_copy_func_t) php_hash_copy,
914 48,
915 128,
916 sizeof(PHP_SHA384_CTX),
917 1
918 };
919
920 /* {{{ PHP_SHA512Init
921 * SHA512 initialization. Begins an SHA512 operation, writing a new context.
922 */
PHP_SHA512Init(PHP_SHA512_CTX * context)923 PHP_HASH_API void PHP_SHA512Init(PHP_SHA512_CTX * context)
924 {
925 context->count[0] = context->count[1] = 0;
926 /* Load magic initialization constants.
927 */
928 context->state[0] = L64(0x6a09e667f3bcc908);
929 context->state[1] = L64(0xbb67ae8584caa73b);
930 context->state[2] = L64(0x3c6ef372fe94f82b);
931 context->state[3] = L64(0xa54ff53a5f1d36f1);
932 context->state[4] = L64(0x510e527fade682d1);
933 context->state[5] = L64(0x9b05688c2b3e6c1f);
934 context->state[6] = L64(0x1f83d9abfb41bd6b);
935 context->state[7] = L64(0x5be0cd19137e2179);
936 }
937 /* }}} */
938
939 /* {{{ PHP_SHA512_256Init
940 * SHA512/245 initialization. Identical algorithm to SHA512, using alternate initval and truncation
941 */
PHP_SHA512_256Init(PHP_SHA512_CTX * context)942 PHP_HASH_API void PHP_SHA512_256Init(PHP_SHA512_CTX * context)
943 {
944 context->count[0] = context->count[1] = 0;
945
946 context->state[0] = L64(0x22312194FC2BF72C);
947 context->state[1] = L64(0x9F555FA3C84C64C2);
948 context->state[2] = L64(0x2393B86B6F53B151);
949 context->state[3] = L64(0x963877195940EABD);
950 context->state[4] = L64(0x96283EE2A88EFFE3);
951 context->state[5] = L64(0xBE5E1E2553863992);
952 context->state[6] = L64(0x2B0199FC2C85B8AA);
953 context->state[7] = L64(0x0EB72DDC81C52CA2);
954 }
955 /* }}} */
956
957 /* {{{ PHP_SHA512_224Init
958 * SHA512/224 initialization. Identical algorithm to SHA512, using alternate initval and truncation
959 */
PHP_SHA512_224Init(PHP_SHA512_CTX * context)960 PHP_HASH_API void PHP_SHA512_224Init(PHP_SHA512_CTX * context)
961 {
962 context->count[0] = context->count[1] = 0;
963
964 context->state[0] = L64(0x8C3D37C819544DA2);
965 context->state[1] = L64(0x73E1996689DCD4D6);
966 context->state[2] = L64(0x1DFAB7AE32FF9C82);
967 context->state[3] = L64(0x679DD514582F9FCF);
968 context->state[4] = L64(0x0F6D2B697BD44DA8);
969 context->state[5] = L64(0x77E36F7304C48942);
970 context->state[6] = L64(0x3F9D85A86A1D36C8);
971 context->state[7] = L64(0x1112E6AD91D692A1);
972 }
973 /* }}} */
974
975 /* {{{ PHP_SHA512Update
976 SHA512 block update operation. Continues an SHA512 message-digest
977 operation, processing another message block, and updating the
978 context.
979 */
PHP_SHA512Update(PHP_SHA512_CTX * context,const unsigned char * input,size_t inputLen)980 PHP_HASH_API void PHP_SHA512Update(PHP_SHA512_CTX * context, const unsigned char *input, size_t inputLen)
981 {
982 unsigned int i, index, partLen;
983
984 /* Compute number of bytes mod 128 */
985 index = (unsigned int) ((context->count[0] >> 3) & 0x7F);
986
987 /* Update number of bits */
988 if ((context->count[0] += ((uint64_t) inputLen << 3)) < ((uint64_t) inputLen << 3)) {
989 context->count[1]++;
990 }
991 context->count[1] += ((uint64_t) inputLen >> 61);
992
993 partLen = 128 - index;
994
995 /* Transform as many times as possible.
996 */
997 if (inputLen >= partLen) {
998 memcpy((unsigned char*) & context->buffer[index], (unsigned char*) input, partLen);
999 SHA512Transform(context->state, context->buffer);
1000
1001 for (i = partLen; i + 127 < inputLen; i += 128) {
1002 SHA512Transform(context->state, &input[i]);
1003 }
1004
1005 index = 0;
1006 } else {
1007 i = 0;
1008 }
1009
1010 /* Buffer remaining input */
1011 memcpy((unsigned char*) & context->buffer[index], (unsigned char*) & input[i], inputLen - i);
1012 }
1013 /* }}} */
1014
1015 /* {{{ PHP_SHA512Final
1016 SHA512 finalization. Ends an SHA512 message-digest operation, writing the
1017 the message digest and zeroizing the context.
1018 */
PHP_SHA512Final(unsigned char digest[64],PHP_SHA512_CTX * context)1019 PHP_HASH_API void PHP_SHA512Final(unsigned char digest[64], PHP_SHA512_CTX * context)
1020 {
1021 unsigned char bits[16];
1022 unsigned int index, padLen;
1023
1024 /* Save number of bits */
1025 bits[15] = (unsigned char) (context->count[0] & 0xFF);
1026 bits[14] = (unsigned char) ((context->count[0] >> 8) & 0xFF);
1027 bits[13] = (unsigned char) ((context->count[0] >> 16) & 0xFF);
1028 bits[12] = (unsigned char) ((context->count[0] >> 24) & 0xFF);
1029 bits[11] = (unsigned char) ((context->count[0] >> 32) & 0xFF);
1030 bits[10] = (unsigned char) ((context->count[0] >> 40) & 0xFF);
1031 bits[9] = (unsigned char) ((context->count[0] >> 48) & 0xFF);
1032 bits[8] = (unsigned char) ((context->count[0] >> 56) & 0xFF);
1033 bits[7] = (unsigned char) (context->count[1] & 0xFF);
1034 bits[6] = (unsigned char) ((context->count[1] >> 8) & 0xFF);
1035 bits[5] = (unsigned char) ((context->count[1] >> 16) & 0xFF);
1036 bits[4] = (unsigned char) ((context->count[1] >> 24) & 0xFF);
1037 bits[3] = (unsigned char) ((context->count[1] >> 32) & 0xFF);
1038 bits[2] = (unsigned char) ((context->count[1] >> 40) & 0xFF);
1039 bits[1] = (unsigned char) ((context->count[1] >> 48) & 0xFF);
1040 bits[0] = (unsigned char) ((context->count[1] >> 56) & 0xFF);
1041
1042 /* Pad out to 112 mod 128.
1043 */
1044 index = (unsigned int) ((context->count[0] >> 3) & 0x7f);
1045 padLen = (index < 112) ? (112 - index) : (240 - index);
1046 PHP_SHA512Update(context, PADDING, padLen);
1047
1048 /* Append length (before padding) */
1049 PHP_SHA512Update(context, bits, 16);
1050
1051 /* Store state in digest */
1052 SHAEncode64(digest, context->state, 64);
1053
1054 /* Zeroize sensitive information.
1055 */
1056 ZEND_SECURE_ZERO((unsigned char*) context, sizeof(*context));
1057 }
1058 /* }}} */
1059
1060 /* {{{ PHP_SHA512_256Final
1061 SHA512/256 finalization. Identical to SHA512Final, but with truncation
1062 */
PHP_SHA512_256Final(unsigned char digest[32],PHP_SHA512_CTX * context)1063 PHP_HASH_API void PHP_SHA512_256Final(unsigned char digest[32], PHP_SHA512_CTX * context)
1064 {
1065 unsigned char full_digest[64];
1066 PHP_SHA512Final(full_digest, context);
1067 memcpy(digest, full_digest, 32);
1068 }
1069 /* }}} */
1070
1071 /* {{{ PHP_SHA512_224Final
1072 SHA512/224 finalization. Identical to SHA512Final, but with truncation
1073 */
PHP_SHA512_224Final(unsigned char digest[28],PHP_SHA512_CTX * context)1074 PHP_HASH_API void PHP_SHA512_224Final(unsigned char digest[28], PHP_SHA512_CTX * context)
1075 {
1076 unsigned char full_digest[64];
1077 PHP_SHA512Final(full_digest, context);
1078 memcpy(digest, full_digest, 28);
1079 }
1080 /* }}} */
1081
1082 const php_hash_ops php_hash_sha512_ops = {
1083 (php_hash_init_func_t) PHP_SHA512Init,
1084 (php_hash_update_func_t) PHP_SHA512Update,
1085 (php_hash_final_func_t) PHP_SHA512Final,
1086 (php_hash_copy_func_t) php_hash_copy,
1087 64,
1088 128,
1089 sizeof(PHP_SHA512_CTX),
1090 1
1091 };
1092
1093 const php_hash_ops php_hash_sha512_256_ops = {
1094 (php_hash_init_func_t) PHP_SHA512_256Init,
1095 (php_hash_update_func_t) PHP_SHA512_256Update,
1096 (php_hash_final_func_t) PHP_SHA512_256Final,
1097 (php_hash_copy_func_t) php_hash_copy,
1098 32,
1099 128,
1100 sizeof(PHP_SHA512_CTX),
1101 1
1102 };
1103
1104 const php_hash_ops php_hash_sha512_224_ops = {
1105 (php_hash_init_func_t) PHP_SHA512_224Init,
1106 (php_hash_update_func_t) PHP_SHA512_224Update,
1107 (php_hash_final_func_t) PHP_SHA512_224Final,
1108 (php_hash_copy_func_t) php_hash_copy,
1109 28,
1110 128,
1111 sizeof(PHP_SHA512_CTX),
1112 1
1113 };
1114
