2 // System.Security.Cryptography.SHA512Managed.cs
5 // Dan Lewis (dihlewis@yahoo.co.uk)
6 // Sebastien Pouliot (sebastien@ximian.com)
9 // Implementation translated from Bouncy Castle JCE (http://www.bouncycastle.org/)
10 // See bouncycastle.txt for license.
11 // Copyright (C) 2004-2005 Novell, Inc (http://www.novell.com)
13 // Permission is hereby granted, free of charge, to any person obtaining
14 // a copy of this software and associated documentation files (the
15 // "Software"), to deal in the Software without restriction, including
16 // without limitation the rights to use, copy, modify, merge, publish,
17 // distribute, sublicense, and/or sell copies of the Software, and to
18 // permit persons to whom the Software is furnished to do so, subject to
19 // the following conditions:
21 // The above copyright notice and this permission notice shall be
22 // included in all copies or substantial portions of the Software.
24 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
25 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
26 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
27 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
28 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
29 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
30 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
35 using System.Runtime.InteropServices;
37 namespace System.Security.Cryptography {
42 public class SHA512Managed : SHA512 {
47 private ulong byteCount1;
48 private ulong byteCount2;
50 private ulong H1, H2, H3, H4, H5, H6, H7, H8;
55 public SHA512Managed ()
59 Initialize (false); // limited initialization
62 private void Initialize (bool reuse)
64 // SHA-512 initial hash value
65 // The first 64 bits of the fractional parts of the square roots
66 // of the first eight prime numbers
67 H1 = 0x6a09e667f3bcc908L;
68 H2 = 0xbb67ae8584caa73bL;
69 H3 = 0x3c6ef372fe94f82bL;
70 H4 = 0xa54ff53a5f1d36f1L;
71 H5 = 0x510e527fade682d1L;
72 H6 = 0x9b05688c2b3e6c1fL;
73 H7 = 0x1f83d9abfb41bd6bL;
74 H8 = 0x5be0cd19137e2179L;
81 for (int i = 0; i < xBuf.Length; i++)
85 for (int i = 0; i != W.Length; i++)
90 public override void Initialize ()
92 Initialize (true); // reuse instance
97 protected override void HashCore (byte[] rgb, int ibStart, int cbSize)
99 // fill the current word
100 while ((xBufOff != 0) && (cbSize > 0)) {
101 update (rgb [ibStart]);
106 // process whole words.
107 while (cbSize > xBuf.Length) {
108 processWord (rgb, ibStart);
109 ibStart += xBuf.Length;
110 cbSize -= xBuf.Length;
111 byteCount1 += (ulong) xBuf.Length;
114 // load in the remainder.
116 update (rgb [ibStart]);
122 protected override byte[] HashFinal ()
126 ulong lowBitLength = byteCount1 << 3;
127 ulong hiBitLength = byteCount2;
129 // add the pad bytes.
134 processLength (lowBitLength, hiBitLength);
137 byte[] output = new byte [64];
138 unpackWord(H1, output, 0);
139 unpackWord(H2, output, 8);
140 unpackWord(H3, output, 16);
141 unpackWord(H4, output, 24);
142 unpackWord(H5, output, 32);
143 unpackWord(H6, output, 40);
144 unpackWord(H7, output, 48);
145 unpackWord(H8, output, 56);
151 private void update (byte input)
153 xBuf [xBufOff++] = input;
154 if (xBufOff == xBuf.Length) {
155 processWord(xBuf, 0);
161 private void processWord (byte[] input, int inOff)
163 W [wOff++] = ( (ulong) input [inOff] << 56)
164 | ( (ulong) input [inOff + 1] << 48)
165 | ( (ulong) input [inOff + 2] << 40)
166 | ( (ulong) input [inOff + 3] << 32)
167 | ( (ulong) input [inOff + 4] << 24)
168 | ( (ulong) input [inOff + 5] << 16)
169 | ( (ulong) input [inOff + 6] << 8)
170 | ( (ulong) input [inOff + 7]);
175 private void unpackWord (ulong word, byte[] output, int outOff)
177 output[outOff] = (byte) (word >> 56);
178 output[outOff + 1] = (byte) (word >> 48);
179 output[outOff + 2] = (byte) (word >> 40);
180 output[outOff + 3] = (byte) (word >> 32);
181 output[outOff + 4] = (byte) (word >> 24);
182 output[outOff + 5] = (byte) (word >> 16);
183 output[outOff + 6] = (byte) (word >> 8);
184 output[outOff + 7] = (byte) word;
187 // adjust the byte counts so that byteCount2 represents the
188 // upper long (less 3 bits) word of the byte count.
189 private void adjustByteCounts ()
191 if (byteCount1 > 0x1fffffffffffffffL) {
192 byteCount2 += (byteCount1 >> 61);
193 byteCount1 &= 0x1fffffffffffffffL;
197 private void processLength (ulong lowW, ulong hiW)
205 private void processBlock ()
208 // expand 16 word block into 80 word blocks.
209 for (int t = 16; t <= 79; t++)
210 W[t] = Sigma1 (W [t - 2]) + W [t - 7] + Sigma0 (W [t - 15]) + W [t - 16];
212 // set up working variables.
222 for (int t = 0; t <= 79; t++) {
223 ulong T1 = h + Sum1 (e) + Ch (e, f, g) + SHAConstants.K2 [t] + W [t];
224 ulong T2 = Sum0 (a) + Maj (a, b, c);
243 // reset the offset and clean out the word buffer.
245 for (int i = 0; i != W.Length; i++)
249 private ulong rotateRight (ulong x, int n)
251 return (x >> n) | (x << (64 - n));
254 /* SHA-512 and SHA-512 functions (as for SHA-256 but for longs) */
255 private ulong Ch (ulong x, ulong y, ulong z)
257 return ((x & y) ^ ((~x) & z));
260 private ulong Maj (ulong x, ulong y, ulong z)
262 return ((x & y) ^ (x & z) ^ (y & z));
265 private ulong Sum0 (ulong x)
267 return rotateRight (x, 28) ^ rotateRight (x, 34) ^ rotateRight (x, 39);
270 private ulong Sum1 (ulong x)
272 return rotateRight (x, 14) ^ rotateRight (x, 18) ^ rotateRight (x, 41);
275 private ulong Sigma0 (ulong x)
277 return rotateRight (x, 1) ^ rotateRight(x, 8) ^ (x >> 7);
280 private ulong Sigma1 (ulong x)
282 return rotateRight (x, 19) ^ rotateRight (x, 61) ^ (x >> 6);