1 // Copyright 2009 The Go Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style
3 // license that can be found in the LICENSE file.
5 // Package sha512 implements the SHA-384, SHA-512, SHA-512/224, and SHA-512/256
6 // hash algorithms as defined in FIPS 180-4.
8 // All the hash.Hash implementations returned by this package also
9 // implement encoding.BinaryMarshaler and encoding.BinaryUnmarshaler to
10 // marshal and unmarshal the internal state of the hash.
20 crypto.RegisterHash(crypto.SHA384, New384)
21 crypto.RegisterHash(crypto.SHA512, New)
22 crypto.RegisterHash(crypto.SHA512_224, New512_224)
23 crypto.RegisterHash(crypto.SHA512_256, New512_256)
27 // Size is the size, in bytes, of a SHA-512 checksum.
30 // Size224 is the size, in bytes, of a SHA-512/224 checksum.
33 // Size256 is the size, in bytes, of a SHA-512/256 checksum.
36 // Size384 is the size, in bytes, of a SHA-384 checksum.
39 // BlockSize is the block size, in bytes, of the SHA-512/224,
40 // SHA-512/256, SHA-384 and SHA-512 hash functions.
46 init0 = 0x6a09e667f3bcc908
47 init1 = 0xbb67ae8584caa73b
48 init2 = 0x3c6ef372fe94f82b
49 init3 = 0xa54ff53a5f1d36f1
50 init4 = 0x510e527fade682d1
51 init5 = 0x9b05688c2b3e6c1f
52 init6 = 0x1f83d9abfb41bd6b
53 init7 = 0x5be0cd19137e2179
54 init0_224 = 0x8c3d37c819544da2
55 init1_224 = 0x73e1996689dcd4d6
56 init2_224 = 0x1dfab7ae32ff9c82
57 init3_224 = 0x679dd514582f9fcf
58 init4_224 = 0x0f6d2b697bd44da8
59 init5_224 = 0x77e36f7304c48942
60 init6_224 = 0x3f9d85a86a1d36c8
61 init7_224 = 0x1112e6ad91d692a1
62 init0_256 = 0x22312194fc2bf72c
63 init1_256 = 0x9f555fa3c84c64c2
64 init2_256 = 0x2393b86b6f53b151
65 init3_256 = 0x963877195940eabd
66 init4_256 = 0x96283ee2a88effe3
67 init5_256 = 0xbe5e1e2553863992
68 init6_256 = 0x2b0199fc2c85b8aa
69 init7_256 = 0x0eb72ddc81c52ca2
70 init0_384 = 0xcbbb9d5dc1059ed8
71 init1_384 = 0x629a292a367cd507
72 init2_384 = 0x9159015a3070dd17
73 init3_384 = 0x152fecd8f70e5939
74 init4_384 = 0x67332667ffc00b31
75 init5_384 = 0x8eb44a8768581511
76 init6_384 = 0xdb0c2e0d64f98fa7
77 init7_384 = 0x47b5481dbefa4fa4
80 // digest represents the partial evaluation of a checksum.
89 func (d *digest) Reset() {
100 case crypto.SHA512_224:
109 case crypto.SHA512_256:
134 magic512_224 = "sha\x05"
135 magic512_256 = "sha\x06"
137 marshaledSize = len(magic512) + 8*8 + chunk + 8
140 func (d *digest) MarshalBinary() ([]byte, error) {
141 b := make([]byte, 0, marshaledSize)
144 b = append(b, magic384...)
145 case crypto.SHA512_224:
146 b = append(b, magic512_224...)
147 case crypto.SHA512_256:
148 b = append(b, magic512_256...)
150 b = append(b, magic512...)
152 return nil, errors.New("crypto/sha512: invalid hash function")
154 b = appendUint64(b, d.h[0])
155 b = appendUint64(b, d.h[1])
156 b = appendUint64(b, d.h[2])
157 b = appendUint64(b, d.h[3])
158 b = appendUint64(b, d.h[4])
159 b = appendUint64(b, d.h[5])
160 b = appendUint64(b, d.h[6])
161 b = appendUint64(b, d.h[7])
162 b = append(b, d.x[:]...)
163 b = appendUint64(b, d.len)
167 func (d *digest) UnmarshalBinary(b []byte) error {
168 if len(b) < len(magic512) {
169 return errors.New("crypto/sha512: invalid hash state identifier")
172 case d.function == crypto.SHA384 && string(b[:len(magic384)]) == magic384:
173 case d.function == crypto.SHA512_224 && string(b[:len(magic512_224)]) == magic512_224:
174 case d.function == crypto.SHA512_256 && string(b[:len(magic512_256)]) == magic512_256:
175 case d.function == crypto.SHA512 && string(b[:len(magic512)]) == magic512:
177 return errors.New("crypto/sha512: invalid hash state identifier")
179 if len(b) != marshaledSize {
180 return errors.New("crypto/sha512: invalid hash state size")
182 b = b[len(magic512):]
183 b, d.h[0] = consumeUint64(b)
184 b, d.h[1] = consumeUint64(b)
185 b, d.h[2] = consumeUint64(b)
186 b, d.h[3] = consumeUint64(b)
187 b, d.h[4] = consumeUint64(b)
188 b, d.h[5] = consumeUint64(b)
189 b, d.h[6] = consumeUint64(b)
190 b, d.h[7] = consumeUint64(b)
191 b = b[copy(d.x[:], b):]
192 b, d.len = consumeUint64(b)
193 d.nx = int(d.len) % chunk
197 func appendUint64(b []byte, x uint64) []byte {
208 return append(b, a[:]...)
211 func consumeUint64(b []byte) ([]byte, uint64) {
213 x := uint64(b[7]) | uint64(b[6])<<8 | uint64(b[5])<<16 | uint64(b[4])<<24 |
214 uint64(b[3])<<32 | uint64(b[2])<<40 | uint64(b[1])<<48 | uint64(b[0])<<56
218 // New returns a new hash.Hash computing the SHA-512 checksum.
219 func New() hash.Hash {
220 d := &digest{function: crypto.SHA512}
225 // New512_224 returns a new hash.Hash computing the SHA-512/224 checksum.
226 func New512_224() hash.Hash {
227 d := &digest{function: crypto.SHA512_224}
232 // New512_256 returns a new hash.Hash computing the SHA-512/256 checksum.
233 func New512_256() hash.Hash {
234 d := &digest{function: crypto.SHA512_256}
239 // New384 returns a new hash.Hash computing the SHA-384 checksum.
240 func New384() hash.Hash {
241 d := &digest{function: crypto.SHA384}
246 func (d *digest) Size() int {
248 case crypto.SHA512_224:
250 case crypto.SHA512_256:
259 func (d *digest) BlockSize() int { return BlockSize }
261 func (d *digest) Write(p []byte) (nn int, err error) {
265 n := copy(d.x[d.nx:], p)
274 n := len(p) &^ (chunk - 1)
279 d.nx = copy(d.x[:], p)
284 func (d0 *digest) Sum(in []byte) []byte {
285 // Make a copy of d0 so that caller can keep writing and summing.
291 return append(in, hash[:Size384]...)
292 case crypto.SHA512_224:
293 return append(in, hash[:Size224]...)
294 case crypto.SHA512_256:
295 return append(in, hash[:Size256]...)
297 return append(in, hash[:]...)
301 func (d *digest) checkSum() [Size]byte {
302 // Padding. Add a 1 bit and 0 bits until 112 bytes mod 128.
307 d.Write(tmp[0 : 112-len%128])
309 d.Write(tmp[0 : 128+112-len%128])
314 for i := uint(0); i < 16; i++ {
315 tmp[i] = byte(len >> (120 - 8*i))
324 if d.function == crypto.SHA384 {
328 var digest [Size]byte
329 for i, s := range h {
330 digest[i*8] = byte(s >> 56)
331 digest[i*8+1] = byte(s >> 48)
332 digest[i*8+2] = byte(s >> 40)
333 digest[i*8+3] = byte(s >> 32)
334 digest[i*8+4] = byte(s >> 24)
335 digest[i*8+5] = byte(s >> 16)
336 digest[i*8+6] = byte(s >> 8)
337 digest[i*8+7] = byte(s)
343 // Sum512 returns the SHA512 checksum of the data.
344 func Sum512(data []byte) [Size]byte {
345 d := digest{function: crypto.SHA512}
351 // Sum384 returns the SHA384 checksum of the data.
352 func Sum384(data []byte) (sum384 [Size384]byte) {
353 d := digest{function: crypto.SHA384}
357 copy(sum384[:], sum[:Size384])
361 // Sum512_224 returns the Sum512/224 checksum of the data.
362 func Sum512_224(data []byte) (sum224 [Size224]byte) {
363 d := digest{function: crypto.SHA512_224}
367 copy(sum224[:], sum[:Size224])
371 // Sum512_256 returns the Sum512/256 checksum of the data.
372 func Sum512_256(data []byte) (sum256 [Size256]byte) {
373 d := digest{function: crypto.SHA512_256}
377 copy(sum256[:], sum[:Size256])