remove SHA-512 code, use libgcrypt implementation

author: Nils Durner <durner@gnunet.org> 2010-10-07 19:23:01 +0000
committer: Nils Durner <durner@gnunet.org> 2010-10-07 19:23:01 +0000
commit: c03a8dc85818b7c22d14a19f6b50fd93b526edbb (patch)
tree: eecbfb5d4cffb0efbe8cb19aa05bd3d31c7f9e06 /src/util
parent: 36b5044de4b11d46027a81e491c2dd4cccea17b5 (diff)
download: gnunet-c03a8dc85818b7c22d14a19f6b50fd93b526edbb.tar.gz
gnunet-c03a8dc85818b7c22d14a19f6b50fd93b526edbb.zip
1 files changed, 18 insertions, 346 deletions
diff --git a/src/util/crypto_hash.c b/src/util/crypto_hash.c
index 6cad12c6b..72dc48399 100644
--- a/src/util/crypto_hash.c
+++ b/src/util/crypto_hash.c
@@ -34,321 +34,7 @@
 #include "gnunet_common.h"
 #include "gnunet_crypto_lib.h"
 #include "gnunet_disk_lib.h"
+#include <gcrypt.h>
-#define SHA512_DIGEST_SIZE 64
-#define SHA512_HMAC_BLOCK_SIZE 128
-struct sha512_ctx
-{
-  unsigned long long state[8];
-  unsigned int count[4];
-  unsigned char buf[128];
-};
-static unsigned long long
-Ch (unsigned long long x, unsigned long long y, unsigned long long z)
-{
-  return z ^ (x & (y ^ z));
-}
-static unsigned long long
-Maj (unsigned long long x, unsigned long long y, unsigned long long z)
-{
-  return (x & y) | (z & (x | y));
-}
-static unsigned long long
-RORu64 (unsigned long long x, unsigned long long y)
-{
-  return (x >> y) | (x << (64 - y));
-}
-#define e0(x)       (RORu64(x,28) ^ RORu64(x,34) ^ RORu64(x,39))
-#define e1(x)       (RORu64(x,14) ^ RORu64(x,18) ^ RORu64(x,41))
-#define s0(x)       (RORu64(x, 1) ^ RORu64(x, 8) ^ (x >> 7))
-#define s1(x)       (RORu64(x,19) ^ RORu64(x,61) ^ (x >> 6))
-/* H* initial state for SHA-512 */
-#define H0         0x6a09e667f3bcc908ULL
-#define H1         0xbb67ae8584caa73bULL
-#define H2         0x3c6ef372fe94f82bULL
-#define H3         0xa54ff53a5f1d36f1ULL
-#define H4         0x510e527fade682d1ULL
-#define H5         0x9b05688c2b3e6c1fULL
-#define H6         0x1f83d9abfb41bd6bULL
-#define H7         0x5be0cd19137e2179ULL
-/* H'* initial state for SHA-384 */
-#define HP0 0xcbbb9d5dc1059ed8ULL
-#define HP1 0x629a292a367cd507ULL
-#define HP2 0x9159015a3070dd17ULL
-#define HP3 0x152fecd8f70e5939ULL
-#define HP4 0x67332667ffc00b31ULL
-#define HP5 0x8eb44a8768581511ULL
-#define HP6 0xdb0c2e0d64f98fa7ULL
-#define HP7 0x47b5481dbefa4fa4ULL
-#define LOAD_OP(t1, I, W, input) \
-  t1  = input[(8*I)  ] & 0xff;\
-  t1 <<= 8;\
-  t1 |= input[(8*I)+1] & 0xff;\
-  t1 <<= 8;\
-  t1 |= input[(8*I)+2] & 0xff;\
-  t1 <<= 8;\
-  t1 |= input[(8*I)+3] & 0xff;\
-  t1 <<= 8;\
-  t1 |= input[(8*I)+4] & 0xff;\
-  t1 <<= 8;\
-  t1 |= input[(8*I)+5] & 0xff;\
-  t1 <<= 8;\
-  t1 |= input[(8*I)+6] & 0xff;\
-  t1 <<= 8;\
-  t1 |= input[(8*I)+7] & 0xff;\
-  W[I] = t1;
-#define BLEND_OP(I, W) \
-  W[I] = s1(W[I-2]) + W[I-7] + s0(W[I-15]) + W[I-16];
-static void
-sha512_transform (unsigned long long *state, const unsigned char *input)
-{
-  static const unsigned long long sha512_K[80] = {
-    0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL, 0xb5c0fbcfec4d3b2fULL,
-    0xe9b5dba58189dbbcULL, 0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL,
-    0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL, 0xd807aa98a3030242ULL,
-    0x12835b0145706fbeULL, 0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL,
-    0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL, 0x9bdc06a725c71235ULL,
-    0xc19bf174cf692694ULL, 0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL,
-    0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL, 0x2de92c6f592b0275ULL,
-    0x4a7484aa6ea6e483ULL, 0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL,
-    0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL, 0xb00327c898fb213fULL,
-    0xbf597fc7beef0ee4ULL, 0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL,
-    0x06ca6351e003826fULL, 0x142929670a0e6e70ULL, 0x27b70a8546d22ffcULL,
-    0x2e1b21385c26c926ULL, 0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL,
-    0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL, 0x81c2c92e47edaee6ULL,
-    0x92722c851482353bULL, 0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL,
-    0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL, 0xd192e819d6ef5218ULL,
-    0xd69906245565a910ULL, 0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL,
-    0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL, 0x2748774cdf8eeb99ULL,
-    0x34b0bcb5e19b48a8ULL, 0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL,
-    0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL, 0x748f82ee5defb2fcULL,
-    0x78a5636f43172f60ULL, 0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL,
-    0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL, 0xbef9a3f7b2c67915ULL,
-    0xc67178f2e372532bULL, 0xca273eceea26619cULL, 0xd186b8c721c0c207ULL,
-    0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL, 0x06f067aa72176fbaULL,
-    0x0a637dc5a2c898a6ULL, 0x113f9804bef90daeULL, 0x1b710b35131c471bULL,
-    0x28db77f523047d84ULL, 0x32caab7b40c72493ULL, 0x3c9ebe0a15c9bebcULL,
-    0x431d67c49c100d4cULL, 0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL,
-    0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL,
-  };
-  
-  unsigned long long a, b, c, d, e, f, g, h, t1, t2;
-  unsigned long long W[80];
-  unsigned long long t0;
-  int i;
-  /* load the input */
-  for (i = 0; i < 16; i++)
-    {
-      LOAD_OP (t0, i, W, input);
-    }
-  for (i = 16; i < 80; i++)
-    {
-      BLEND_OP (i, W);
-    }
-  /* load the state into our registers */
-  a = state[0];
-  b = state[1];
-  c = state[2];
-  d = state[3];
-  e = state[4];
-  f = state[5];
-  g = state[6];
-  h = state[7];
-  /* now iterate */
-  for (i = 0; i < 80; i += 8)
-    {
-      t1 = h + e1 (e) + Ch (e, f, g) + sha512_K[i] + W[i];
-      t2 = e0 (a) + Maj (a, b, c);
-      d += t1;
-      h = t1 + t2;
-      t1 = g + e1 (d) + Ch (d, e, f) + sha512_K[i + 1] + W[i + 1];
-      t2 = e0 (h) + Maj (h, a, b);
-      c += t1;
-      g = t1 + t2;
-      t1 = f + e1 (c) + Ch (c, d, e) + sha512_K[i + 2] + W[i + 2];
-      t2 = e0 (g) + Maj (g, h, a);
-      b += t1;
-      f = t1 + t2;
-      t1 = e + e1 (b) + Ch (b, c, d) + sha512_K[i + 3] + W[i + 3];
-      t2 = e0 (f) + Maj (f, g, h);
-      a += t1;
-      e = t1 + t2;
-      t1 = d + e1 (a) + Ch (a, b, c) + sha512_K[i + 4] + W[i + 4];
-      t2 = e0 (e) + Maj (e, f, g);
-      h += t1;
-      d = t1 + t2;
-      t1 = c + e1 (h) + Ch (h, a, b) + sha512_K[i + 5] + W[i + 5];
-      t2 = e0 (d) + Maj (d, e, f);
-      g += t1;
-      c = t1 + t2;
-      t1 = b + e1 (g) + Ch (g, h, a) + sha512_K[i + 6] + W[i + 6];
-      t2 = e0 (c) + Maj (c, d, e);
-      f += t1;
-      b = t1 + t2;
-      t1 = a + e1 (f) + Ch (f, g, h) + sha512_K[i + 7] + W[i + 7];
-      t2 = e0 (b) + Maj (b, c, d);
-      e += t1;
-      a = t1 + t2;
-    }
-  state[0] += a;
-  state[1] += b;
-  state[2] += c;
-  state[3] += d;
-  state[4] += e;
-  state[5] += f;
-  state[6] += g;
-  state[7] += h;
-}
-static void
-sha512_init (struct sha512_ctx *sctx)
-{
-  sctx->state[0] = H0;
-  sctx->state[1] = H1;
-  sctx->state[2] = H2;
-  sctx->state[3] = H3;
-  sctx->state[4] = H4;
-  sctx->state[5] = H5;
-  sctx->state[6] = H6;
-  sctx->state[7] = H7;
-  sctx->count[0] = sctx->count[1] = sctx->count[2] = sctx->count[3] = 0;
-  memset (sctx->buf, 0, sizeof (sctx->buf));
-}
-static void
-sha512_update (struct sha512_ctx *sctx,
-               const unsigned char *data, unsigned int len)
-{
-  unsigned int i, index, part_len;
-  /* Compute number of bytes mod 128 */
-  index = (unsigned int) ((sctx->count[0] >> 3) & 0x7F);
-  /* Update number of bits */
-  if ((sctx->count[0] += (len << 3)) < (len << 3))
-    {
-      if ((sctx->count[1] += 1) < 1)
-        if ((sctx->count[2] += 1) < 1)
-          sctx->count[3]++;
-      sctx->count[1] += (len >> 29);
-    }
-  part_len = 128 - index;
-  /* Transform as many times as possible. */
-  if (len >= part_len)
-    {
-      memcpy (&sctx->buf[index], data, part_len);
-      sha512_transform (sctx->state, sctx->buf);
-      for (i = part_len; i + 127 < len; i += 128)
-        sha512_transform (sctx->state, &data[i]);
-      index = 0;
-    }
-  else
-    {
-      i = 0;
-    }
-  /* Buffer remaining input */
-  memcpy (&sctx->buf[index], &data[i], len - i);
-}
-static void
-sha512_final (struct sha512_ctx *sctx, unsigned char *hash)
-{
-  static unsigned char padding[128] = { 0x80, };
-  unsigned int t;
-  unsigned char bits[128];
-  unsigned int index;
-  unsigned int pad_len;
-  unsigned long long t2;
-  int i, j;
-  /* Save number of bits */
-  t = sctx->count[0];
-  bits[15] = t;
-  t >>= 8;
-  bits[14] = t;
-  t >>= 8;
-  bits[13] = t;
-  t >>= 8;
-  bits[12] = t;
-  t = sctx->count[1];
-  bits[11] = t;
-  t >>= 8;
-  bits[10] = t;
-  t >>= 8;
-  bits[9] = t;
-  t >>= 8;
-  bits[8] = t;
-  t = sctx->count[2];
-  bits[7] = t;
-  t >>= 8;
-  bits[6] = t;
-  t >>= 8;
-  bits[5] = t;
-  t >>= 8;
-  bits[4] = t;
-  t = sctx->count[3];
-  bits[3] = t;
-  t >>= 8;
-  bits[2] = t;
-  t >>= 8;
-  bits[1] = t;
-  t >>= 8;
-  bits[0] = t;
-  /* Pad out to 112 mod 128. */
-  index = (sctx->count[0] >> 3) & 0x7f;
-  pad_len = (index < 112) ? (112 - index) : ((128 + 112) - index);
-  sha512_update (sctx, padding, pad_len);
-  /* Append length (before padding) */
-  sha512_update (sctx, bits, 16);
-  /* Store state in digest */
-  for (i = j = 0; i < 8; i++, j += 8)
-    {
-      t2 = sctx->state[i];
-      hash[j + 7] = (char) t2 & 0xff;
-      t2 >>= 8;
-      hash[j + 6] = (char) t2 & 0xff;
-      t2 >>= 8;
-      hash[j + 5] = (char) t2 & 0xff;
-      t2 >>= 8;
-      hash[j + 4] = (char) t2 & 0xff;
-      t2 >>= 8;
-      hash[j + 3] = (char) t2 & 0xff;
-      t2 >>= 8;
-      hash[j + 2] = (char) t2 & 0xff;
-      t2 >>= 8;
-      hash[j + 1] = (char) t2 & 0xff;
-      t2 >>= 8;
-      hash[j] = (char) t2 & 0xff;
-    }
-  /* Zeroize sensitive information. */
-  memset (sctx, 0, sizeof (struct sha512_ctx));
-}
 /**
@@ -361,11 +47,7 @@ sha512_final (struct sha512_ctx *sctx, unsigned char *hash)
 void
 GNUNET_CRYPTO_hash (const void *block, size_t size, GNUNET_HashCode * ret)
 {
-  struct sha512_ctx ctx;
+  gcry_md_hash_buffer (GCRY_MD_SHA512, ret, block, size);
-  sha512_init (&ctx);
-  sha512_update (&ctx, block, size);
-  sha512_final (&ctx, (unsigned char *) ret);
 }
@@ -408,7 +90,7 @@ struct GNUNET_CRYPTO_FileHashContext
  /**
   * Cummulated hash.
   */
-  struct sha512_ctx hctx;
+  gcry_md_hd_t md;
  /**
   * Size of the file.
@@ -459,7 +141,7 @@ static void
 file_hash_task (void *cls, const struct GNUNET_SCHEDULER_TaskContext *tc)
 {
  struct GNUNET_CRYPTO_FileHashContext *fhc = cls;
-  GNUNET_HashCode res;
+  GNUNET_HashCode *res;
  size_t delta;
  fhc->task = GNUNET_SCHEDULER_NO_TASK;
@@ -474,12 +156,13 @@ file_hash_task (void *cls, const struct GNUNET_SCHEDULER_TaskContext *tc)
      file_hash_finish (fhc, NULL);
      return;
    }
-  sha512_update (&fhc->hctx, fhc->buffer, delta);
+  gcry_md_write (fhc->md, fhc->buffer, delta);
  fhc->offset += delta;
  if (fhc->offset == fhc->fsize)
    {
-      sha512_final (&fhc->hctx, (unsigned char *) &res);
+      res = (GNUNET_HashCode *) gcry_md_read (fhc->md, GCRY_MD_SHA512);
      file_hash_finish (fhc, &res);
+      gcry_md_close (fhc->md);
      return;
    }
  fhc->task 
@@ -517,8 +200,7 @@ GNUNET_CRYPTO_hash_file (struct GNUNET_SCHEDULER_Handle *sched,
  fhc->sched = sched;
  fhc->buffer = (unsigned char *) &fhc[1];
  fhc->filename = GNUNET_strdup (filename);
-  fhc->fh = NULL;
+  fhc->md = gcry_md_open (&fhc->md, GCRY_MD_SHA512, 0);
-  sha512_init (&fhc->hctx);
  fhc->bsize = blocksize;
  if (GNUNET_OK != GNUNET_DISK_file_size (filename, &fhc->fsize, GNUNET_NO))
    {
@@ -887,26 +569,16 @@ GNUNET_CRYPTO_hmac (const struct GNUNET_CRYPTO_AuthKey *key,
                    size_t plaintext_len,
                    GNUNET_HashCode *hmac)
 {
-  GNUNET_HashCode kh;
+  gcry_md_hd_t md;
-  GNUNET_HashCode ipad;
+  unsigned char *mc;
-  GNUNET_HashCode opad;
-  GNUNET_HashCode him;
+  md = gcry_md_open (&md, GCRY_MD_SHA512, GCRY_MD_FLAG_HMAC);
-  struct sha512_ctx sctx;
+  gcry_md_setkey (md, key->key, sizeof(key->key));
+  gcry_md_write (md, plaintext, plaintext_len);
-  memset (&kh, 0, sizeof (kh));
+  mc = gcry_md_read (md, GCRY_MD_SHA512);
-  memcpy (&kh, key->key, sizeof (struct GNUNET_CRYPTO_AuthKey));
+  if (mc != NULL)
-  memset (&ipad, 0x5c, sizeof (ipad));
+    memcpy (hmac->bits, mc, sizeof(hmac->bits));
-  memset (&opad, 0x36, sizeof (opad));
+  gcry_md_close (md);
-  GNUNET_CRYPTO_hash_xor (&ipad, &kh, &ipad);
-  GNUNET_CRYPTO_hash_xor (&opad, &kh, &opad);
-  sha512_init (&sctx);
-  sha512_update (&sctx, (const unsigned char*) &ipad, sizeof (ipad));
-  sha512_update (&sctx, plaintext, plaintext_len);
-  sha512_final (&sctx, (unsigned char*) &him);
-  sha512_init (&sctx);
-  sha512_update (&sctx, (const unsigned char*) &opad, sizeof (opad));
-  sha512_update (&sctx, (const unsigned char*) &him, sizeof (him));
-  sha512_final (&sctx, (unsigned char*) hmac);
 }
author	Nils Durner <durner@gnunet.org>	2010-10-07 19:23:01 +0000
committer	Nils Durner <durner@gnunet.org>	2010-10-07 19:23:01 +0000
commit	c03a8dc85818b7c22d14a19f6b50fd93b526edbb (patch)
tree	eecbfb5d4cffb0efbe8cb19aa05bd3d31c7f9e06 /src/util
parent	36b5044de4b11d46027a81e491c2dd4cccea17b5 (diff)
download	gnunet-c03a8dc85818b7c22d14a19f6b50fd93b526edbb.tar.gz gnunet-c03a8dc85818b7c22d14a19f6b50fd93b526edbb.zip

diff --git a/src/util/crypto_hash.c b/src/util/crypto_hash.c index 6cad12c6b..72dc48399 100644 --- a/src/util/crypto_hash.c +++ b/src/util/crypto_hash.c
@@ -34,321 +34,7 @@
34	#include "gnunet_common.h"	34	#include "gnunet_common.h"
35	#include "gnunet_crypto_lib.h"	35	#include "gnunet_crypto_lib.h"
36	#include "gnunet_disk_lib.h"	36	#include "gnunet_disk_lib.h"
37		37	#include <gcrypt.h>
38	#define SHA512_DIGEST_SIZE 64
39	#define SHA512_HMAC_BLOCK_SIZE 128
40
41	struct sha512_ctx
42	{
43	unsigned long long state[8];
44	unsigned int count[4];
45	unsigned char buf[128];
46	};
47
48	static unsigned long long
49	Ch (unsigned long long x, unsigned long long y, unsigned long long z)
50	{
51	return z ^ (x & (y ^ z));
52	}
53
54	static unsigned long long
55	Maj (unsigned long long x, unsigned long long y, unsigned long long z)
56	{
57	return (x & y) \| (z & (x \| y));
58	}
59
60	static unsigned long long
61	RORu64 (unsigned long long x, unsigned long long y)
62	{
63	return (x >> y) \| (x << (64 - y));
64	}
65
66	#define e0(x) (RORu64(x,28) ^ RORu64(x,34) ^ RORu64(x,39))
67	#define e1(x) (RORu64(x,14) ^ RORu64(x,18) ^ RORu64(x,41))
68	#define s0(x) (RORu64(x, 1) ^ RORu64(x, 8) ^ (x >> 7))
69	#define s1(x) (RORu64(x,19) ^ RORu64(x,61) ^ (x >> 6))
70
71	/* H* initial state for SHA-512 */
72	#define H0 0x6a09e667f3bcc908ULL
73	#define H1 0xbb67ae8584caa73bULL
74	#define H2 0x3c6ef372fe94f82bULL
75	#define H3 0xa54ff53a5f1d36f1ULL
76	#define H4 0x510e527fade682d1ULL
77	#define H5 0x9b05688c2b3e6c1fULL
78	#define H6 0x1f83d9abfb41bd6bULL
79	#define H7 0x5be0cd19137e2179ULL
80
81	/* H'* initial state for SHA-384 */
82	#define HP0 0xcbbb9d5dc1059ed8ULL
83	#define HP1 0x629a292a367cd507ULL
84	#define HP2 0x9159015a3070dd17ULL
85	#define HP3 0x152fecd8f70e5939ULL
86	#define HP4 0x67332667ffc00b31ULL
87	#define HP5 0x8eb44a8768581511ULL
88	#define HP6 0xdb0c2e0d64f98fa7ULL
89	#define HP7 0x47b5481dbefa4fa4ULL
90
91	#define LOAD_OP(t1, I, W, input) \
92	t1 = input[(8*I) ] & 0xff;\
93	t1 <<= 8;\
94	t1 \|= input[(8*I)+1] & 0xff;\
95	t1 <<= 8;\
96	t1 \|= input[(8*I)+2] & 0xff;\
97	t1 <<= 8;\
98	t1 \|= input[(8*I)+3] & 0xff;\
99	t1 <<= 8;\
100	t1 \|= input[(8*I)+4] & 0xff;\
101	t1 <<= 8;\
102	t1 \|= input[(8*I)+5] & 0xff;\
103	t1 <<= 8;\
104	t1 \|= input[(8*I)+6] & 0xff;\
105	t1 <<= 8;\
106	t1 \|= input[(8*I)+7] & 0xff;\
107	W[I] = t1;
108
109
110	#define BLEND_OP(I, W) \
111	W[I] = s1(W[I-2]) + W[I-7] + s0(W[I-15]) + W[I-16];
112
113	static void
114	sha512_transform (unsigned long long state, const unsigned char input)
115	{
116	static const unsigned long long sha512_K[80] = {
117	0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL, 0xb5c0fbcfec4d3b2fULL,
118	0xe9b5dba58189dbbcULL, 0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL,
119	0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL, 0xd807aa98a3030242ULL,
120	0x12835b0145706fbeULL, 0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL,
121	0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL, 0x9bdc06a725c71235ULL,
122	0xc19bf174cf692694ULL, 0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL,
123	0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL, 0x2de92c6f592b0275ULL,
124	0x4a7484aa6ea6e483ULL, 0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL,
125	0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL, 0xb00327c898fb213fULL,
126	0xbf597fc7beef0ee4ULL, 0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL,
127	0x06ca6351e003826fULL, 0x142929670a0e6e70ULL, 0x27b70a8546d22ffcULL,
128	0x2e1b21385c26c926ULL, 0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL,
129	0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL, 0x81c2c92e47edaee6ULL,
130	0x92722c851482353bULL, 0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL,
131	0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL, 0xd192e819d6ef5218ULL,
132	0xd69906245565a910ULL, 0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL,
133	0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL, 0x2748774cdf8eeb99ULL,
134	0x34b0bcb5e19b48a8ULL, 0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL,
135	0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL, 0x748f82ee5defb2fcULL,
136	0x78a5636f43172f60ULL, 0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL,
137	0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL, 0xbef9a3f7b2c67915ULL,
138	0xc67178f2e372532bULL, 0xca273eceea26619cULL, 0xd186b8c721c0c207ULL,
139	0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL, 0x06f067aa72176fbaULL,
140	0x0a637dc5a2c898a6ULL, 0x113f9804bef90daeULL, 0x1b710b35131c471bULL,
141	0x28db77f523047d84ULL, 0x32caab7b40c72493ULL, 0x3c9ebe0a15c9bebcULL,
142	0x431d67c49c100d4cULL, 0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL,
143	0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL,
144	};
145
146	unsigned long long a, b, c, d, e, f, g, h, t1, t2;
147	unsigned long long W[80];
148	unsigned long long t0;
149	int i;
150
151	/* load the input */
152	for (i = 0; i < 16; i++)
153	{
154	LOAD_OP (t0, i, W, input);
155	}
156
157	for (i = 16; i < 80; i++)
158	{
159	BLEND_OP (i, W);
160	}
161
162	/* load the state into our registers */
163	a = state[0];
164	b = state[1];
165	c = state[2];
166	d = state[3];
167	e = state[4];
168	f = state[5];
169	g = state[6];
170	h = state[7];
171
172	/* now iterate */
173	for (i = 0; i < 80; i += 8)
174	{
175	t1 = h + e1 (e) + Ch (e, f, g) + sha512_K[i] + W[i];
176	t2 = e0 (a) + Maj (a, b, c);
177	d += t1;
178	h = t1 + t2;
179	t1 = g + e1 (d) + Ch (d, e, f) + sha512_K[i + 1] + W[i + 1];
180	t2 = e0 (h) + Maj (h, a, b);
181	c += t1;
182	g = t1 + t2;
183	t1 = f + e1 (c) + Ch (c, d, e) + sha512_K[i + 2] + W[i + 2];
184	t2 = e0 (g) + Maj (g, h, a);
185	b += t1;
186	f = t1 + t2;
187	t1 = e + e1 (b) + Ch (b, c, d) + sha512_K[i + 3] + W[i + 3];
188	t2 = e0 (f) + Maj (f, g, h);
189	a += t1;
190	e = t1 + t2;
191	t1 = d + e1 (a) + Ch (a, b, c) + sha512_K[i + 4] + W[i + 4];
192	t2 = e0 (e) + Maj (e, f, g);
193	h += t1;
194	d = t1 + t2;
195	t1 = c + e1 (h) + Ch (h, a, b) + sha512_K[i + 5] + W[i + 5];
196	t2 = e0 (d) + Maj (d, e, f);
197	g += t1;
198	c = t1 + t2;
199	t1 = b + e1 (g) + Ch (g, h, a) + sha512_K[i + 6] + W[i + 6];
200	t2 = e0 (c) + Maj (c, d, e);
201	f += t1;
202	b = t1 + t2;
203	t1 = a + e1 (f) + Ch (f, g, h) + sha512_K[i + 7] + W[i + 7];
204	t2 = e0 (b) + Maj (b, c, d);
205	e += t1;
206	a = t1 + t2;
207	}
208
209	state[0] += a;
210	state[1] += b;
211	state[2] += c;
212	state[3] += d;
213	state[4] += e;
214	state[5] += f;
215	state[6] += g;
216	state[7] += h;
217	}
218
219	static void
220	sha512_init (struct sha512_ctx *sctx)
221	{
222	sctx->state[0] = H0;
223	sctx->state[1] = H1;
224	sctx->state[2] = H2;
225	sctx->state[3] = H3;
226	sctx->state[4] = H4;
227	sctx->state[5] = H5;
228	sctx->state[6] = H6;
229	sctx->state[7] = H7;
230	sctx->count[0] = sctx->count[1] = sctx->count[2] = sctx->count[3] = 0;
231	memset (sctx->buf, 0, sizeof (sctx->buf));
232	}
233
234	static void
235	sha512_update (struct sha512_ctx *sctx,
236	const unsigned char *data, unsigned int len)
237	{
238	unsigned int i, index, part_len;
239
240	/* Compute number of bytes mod 128 */
241	index = (unsigned int) ((sctx->count[0] >> 3) & 0x7F);
242
243	/* Update number of bits */
244	if ((sctx->count[0] += (len << 3)) < (len << 3))
245	{
246	if ((sctx->count[1] += 1) < 1)
247	if ((sctx->count[2] += 1) < 1)
248	sctx->count[3]++;
249	sctx->count[1] += (len >> 29);
250	}
251
252	part_len = 128 - index;
253
254	/* Transform as many times as possible. */
255	if (len >= part_len)
256	{
257	memcpy (&sctx->buf[index], data, part_len);
258	sha512_transform (sctx->state, sctx->buf);
259
260	for (i = part_len; i + 127 < len; i += 128)
261	sha512_transform (sctx->state, &data[i]);
262
263	index = 0;
264	}
265	else
266	{
267	i = 0;
268	}
269
270	/* Buffer remaining input */
271	memcpy (&sctx->buf[index], &data[i], len - i);
272	}
273
274	static void
275	sha512_final (struct sha512_ctx sctx, unsigned char hash)
276	{
277	static unsigned char padding[128] = { 0x80, };
278
279	unsigned int t;
280	unsigned char bits[128];
281	unsigned int index;
282	unsigned int pad_len;
283	unsigned long long t2;
284	int i, j;
285
286	/* Save number of bits */
287	t = sctx->count[0];
288	bits[15] = t;
289	t >>= 8;
290	bits[14] = t;
291	t >>= 8;
292	bits[13] = t;
293	t >>= 8;
294	bits[12] = t;
295	t = sctx->count[1];
296	bits[11] = t;
297	t >>= 8;
298	bits[10] = t;
299	t >>= 8;
300	bits[9] = t;
301	t >>= 8;
302	bits[8] = t;
303	t = sctx->count[2];
304	bits[7] = t;
305	t >>= 8;
306	bits[6] = t;
307	t >>= 8;
308	bits[5] = t;
309	t >>= 8;
310	bits[4] = t;
311	t = sctx->count[3];
312	bits[3] = t;
313	t >>= 8;
314	bits[2] = t;
315	t >>= 8;
316	bits[1] = t;
317	t >>= 8;
318	bits[0] = t;
319
320	/* Pad out to 112 mod 128. */
321	index = (sctx->count[0] >> 3) & 0x7f;
322	pad_len = (index < 112) ? (112 - index) : ((128 + 112) - index);
323	sha512_update (sctx, padding, pad_len);
324
325	/* Append length (before padding) */
326	sha512_update (sctx, bits, 16);
327
328	/* Store state in digest */
329	for (i = j = 0; i < 8; i++, j += 8)
330	{
331	t2 = sctx->state[i];
332	hash[j + 7] = (char) t2 & 0xff;
333	t2 >>= 8;
334	hash[j + 6] = (char) t2 & 0xff;
335	t2 >>= 8;
336	hash[j + 5] = (char) t2 & 0xff;
337	t2 >>= 8;
338	hash[j + 4] = (char) t2 & 0xff;
339	t2 >>= 8;
340	hash[j + 3] = (char) t2 & 0xff;
341	t2 >>= 8;
342	hash[j + 2] = (char) t2 & 0xff;
343	t2 >>= 8;
344	hash[j + 1] = (char) t2 & 0xff;
345	t2 >>= 8;
346	hash[j] = (char) t2 & 0xff;
347	}
348
349	/* Zeroize sensitive information. */
350	memset (sctx, 0, sizeof (struct sha512_ctx));
351	}
352		38
353		39
354	/**	40	/**
@@ -361,11 +47,7 @@ sha512_final (struct sha512_ctx sctx, unsigned char hash)
361	void	47	void
362	GNUNET_CRYPTO_hash (const void block, size_t size, GNUNET_HashCode ret)	48	GNUNET_CRYPTO_hash (const void block, size_t size, GNUNET_HashCode ret)
363	{	49	{
364	struct sha512_ctx ctx;	50	gcry_md_hash_buffer (GCRY_MD_SHA512, ret, block, size);
365
366	sha512_init (&ctx);
367	sha512_update (&ctx, block, size);
368	sha512_final (&ctx, (unsigned char *) ret);
369	}	51	}
370		52
371		53
@@ -408,7 +90,7 @@ struct GNUNET_CRYPTO_FileHashContext
408	/**	90	/**
409	* Cummulated hash.	91	* Cummulated hash.
410	*/	92	*/
411	struct sha512_ctx hctx;	93	gcry_md_hd_t md;
412		94
413	/**	95	/**
414	* Size of the file.	96	* Size of the file.
@@ -459,7 +141,7 @@ static void
459	file_hash_task (void cls, const struct GNUNET_SCHEDULER_TaskContext tc)	141	file_hash_task (void cls, const struct GNUNET_SCHEDULER_TaskContext tc)
460	{	142	{
461	struct GNUNET_CRYPTO_FileHashContext *fhc = cls;	143	struct GNUNET_CRYPTO_FileHashContext *fhc = cls;
462	GNUNET_HashCode res;	144	GNUNET_HashCode *res;
463	size_t delta;	145	size_t delta;
464		146
465	fhc->task = GNUNET_SCHEDULER_NO_TASK;	147	fhc->task = GNUNET_SCHEDULER_NO_TASK;
@@ -474,12 +156,13 @@ file_hash_task (void cls, const struct GNUNET_SCHEDULER_TaskContext tc)
474	file_hash_finish (fhc, NULL);	156	file_hash_finish (fhc, NULL);
475	return;	157	return;
476	}	158	}
477	sha512_update (&fhc->hctx, fhc->buffer, delta);	159	gcry_md_write (fhc->md, fhc->buffer, delta);
478	fhc->offset += delta;	160	fhc->offset += delta;
479	if (fhc->offset == fhc->fsize)	161	if (fhc->offset == fhc->fsize)
480	{	162	{
481	sha512_final (&fhc->hctx, (unsigned char *) &res);	163	res = (GNUNET_HashCode *) gcry_md_read (fhc->md, GCRY_MD_SHA512);
482	file_hash_finish (fhc, &res);	164	file_hash_finish (fhc, &res);
		165	gcry_md_close (fhc->md);
483	return;	166	return;
484	}	167	}
485	fhc->task	168	fhc->task
@@ -517,8 +200,7 @@ GNUNET_CRYPTO_hash_file (struct GNUNET_SCHEDULER_Handle *sched,
517	fhc->sched = sched;	200	fhc->sched = sched;
518	fhc->buffer = (unsigned char *) &fhc[1];	201	fhc->buffer = (unsigned char *) &fhc[1];
519	fhc->filename = GNUNET_strdup (filename);	202	fhc->filename = GNUNET_strdup (filename);
520	fhc->fh = NULL;	203	fhc->md = gcry_md_open (&fhc->md, GCRY_MD_SHA512, 0);
521	sha512_init (&fhc->hctx);
522	fhc->bsize = blocksize;	204	fhc->bsize = blocksize;
523	if (GNUNET_OK != GNUNET_DISK_file_size (filename, &fhc->fsize, GNUNET_NO))	205	if (GNUNET_OK != GNUNET_DISK_file_size (filename, &fhc->fsize, GNUNET_NO))
524	{	206	{
@@ -887,26 +569,16 @@ GNUNET_CRYPTO_hmac (const struct GNUNET_CRYPTO_AuthKey *key,
887	size_t plaintext_len,	569	size_t plaintext_len,
888	GNUNET_HashCode *hmac)	570	GNUNET_HashCode *hmac)
889	{	571	{
890	GNUNET_HashCode kh;	572	gcry_md_hd_t md;
891	GNUNET_HashCode ipad;	573	unsigned char *mc;
892	GNUNET_HashCode opad;	574
893	GNUNET_HashCode him;	575	md = gcry_md_open (&md, GCRY_MD_SHA512, GCRY_MD_FLAG_HMAC);
894	struct sha512_ctx sctx;	576	gcry_md_setkey (md, key->key, sizeof(key->key));
895		577	gcry_md_write (md, plaintext, plaintext_len);
896	memset (&kh, 0, sizeof (kh));	578	mc = gcry_md_read (md, GCRY_MD_SHA512);
897	memcpy (&kh, key->key, sizeof (struct GNUNET_CRYPTO_AuthKey));	579	if (mc != NULL)
898	memset (&ipad, 0x5c, sizeof (ipad));	580	memcpy (hmac->bits, mc, sizeof(hmac->bits));
899	memset (&opad, 0x36, sizeof (opad));	581	gcry_md_close (md);
900	GNUNET_CRYPTO_hash_xor (&ipad, &kh, &ipad);
901	GNUNET_CRYPTO_hash_xor (&opad, &kh, &opad);
902	sha512_init (&sctx);
903	sha512_update (&sctx, (const unsigned char*) &ipad, sizeof (ipad));
904	sha512_update (&sctx, plaintext, plaintext_len);
905	sha512_final (&sctx, (unsigned char*) &him);
906	sha512_init (&sctx);
907	sha512_update (&sctx, (const unsigned char*) &opad, sizeof (opad));
908	sha512_update (&sctx, (const unsigned char*) &him, sizeof (him));
909	sha512_final (&sctx, (unsigned char*) hmac);
910	}	582	}
911		583
912		584