Annotation of embedaddon/ntp/lib/isc/sha2.c, revision 1.1.1.1
1.1 misho 1: /*
2: * Copyright (C) 2005-2007, 2009 Internet Systems Consortium, Inc. ("ISC")
3: *
4: * Permission to use, copy, modify, and/or distribute this software for any
5: * purpose with or without fee is hereby granted, provided that the above
6: * copyright notice and this permission notice appear in all copies.
7: *
8: * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
9: * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
10: * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
11: * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
12: * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
13: * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
14: * PERFORMANCE OF THIS SOFTWARE.
15: */
16:
17: /* $Id: sha2.c,v 1.13.332.2 2009/01/18 23:47:41 tbox Exp $ */
18:
19: /* $FreeBSD: src/sys/crypto/sha2/sha2.c,v 1.2.2.2 2002/03/05 08:36:47 ume Exp $ */
20: /* $KAME: sha2.c,v 1.8 2001/11/08 01:07:52 itojun Exp $ */
21:
22: /*
23: * sha2.c
24: *
25: * Version 1.0.0beta1
26: *
27: * Written by Aaron D. Gifford <me@aarongifford.com>
28: *
29: * Copyright 2000 Aaron D. Gifford. All rights reserved.
30: *
31: * Redistribution and use in source and binary forms, with or without
32: * modification, are permitted provided that the following conditions
33: * are met:
34: * 1. Redistributions of source code must retain the above copyright
35: * notice, this list of conditions and the following disclaimer.
36: * 2. Redistributions in binary form must reproduce the above copyright
37: * notice, this list of conditions and the following disclaimer in the
38: * documentation and/or other materials provided with the distribution.
39: * 3. Neither the name of the copyright holder nor the names of contributors
40: * may be used to endorse or promote products derived from this software
41: * without specific prior written permission.
42: *
43: * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) AND CONTRIBUTOR(S) ``AS IS'' AND
44: * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
45: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
46: * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR(S) OR CONTRIBUTOR(S) BE LIABLE
47: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
48: * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
49: * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
50: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
51: * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
52: * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
53: * SUCH DAMAGE.
54: *
55: */
56:
57:
58: #include <config.h>
59:
60: #include <isc/assertions.h>
61: #include <isc/sha2.h>
62: #include <isc/string.h>
63: #include <isc/util.h>
64:
65: /*
66: * UNROLLED TRANSFORM LOOP NOTE:
67: * You can define SHA2_UNROLL_TRANSFORM to use the unrolled transform
68: * loop version for the hash transform rounds (defined using macros
69: * later in this file). Either define on the command line, for example:
70: *
71: * cc -DISC_SHA2_UNROLL_TRANSFORM -o sha2 sha2.c sha2prog.c
72: *
73: * or define below:
74: *
75: * \#define ISC_SHA2_UNROLL_TRANSFORM
76: *
77: */
78:
79: /*** SHA-256/384/512 Machine Architecture Definitions *****************/
80: /*
81: * BYTE_ORDER NOTE:
82: *
83: * Please make sure that your system defines BYTE_ORDER. If your
84: * architecture is little-endian, make sure it also defines
85: * LITTLE_ENDIAN and that the two (BYTE_ORDER and LITTLE_ENDIAN) are
86: * equivalent.
87: *
88: * If your system does not define the above, then you can do so by
89: * hand like this:
90: *
91: * \#define LITTLE_ENDIAN 1234
92: * \#define BIG_ENDIAN 4321
93: *
94: * And for little-endian machines, add:
95: *
96: * \#define BYTE_ORDER LITTLE_ENDIAN
97: *
98: * Or for big-endian machines:
99: *
100: * \#define BYTE_ORDER BIG_ENDIAN
101: *
102: * The FreeBSD machine this was written on defines BYTE_ORDER
103: * appropriately by including <sys/types.h> (which in turn includes
104: * <machine/endian.h> where the appropriate definitions are actually
105: * made).
106: */
107: #if !defined(BYTE_ORDER) || (BYTE_ORDER != LITTLE_ENDIAN && BYTE_ORDER != BIG_ENDIAN)
108: #ifndef BYTE_ORDER
109: #ifndef BIG_ENDIAN
110: #define BIG_ENDIAN 4321
111: #endif
112: #ifndef LITTLE_ENDIAN
113: #define LITTLE_ENDIAN 1234
114: #endif
115: #ifdef WORDS_BIGENDIAN
116: #define BYTE_ORDER BIG_ENDIAN
117: #else
118: #define BYTE_ORDER LITTLE_ENDIAN
119: #endif
120: #else
121: #error Define BYTE_ORDER to be equal to either LITTLE_ENDIAN or BIG_ENDIAN
122: #endif
123: #endif
124:
125: /*** SHA-256/384/512 Various Length Definitions ***********************/
126: /* NOTE: Most of these are in sha2.h */
127: #define ISC_SHA256_SHORT_BLOCK_LENGTH (ISC_SHA256_BLOCK_LENGTH - 8)
128: #define ISC_SHA384_SHORT_BLOCK_LENGTH (ISC_SHA384_BLOCK_LENGTH - 16)
129: #define ISC_SHA512_SHORT_BLOCK_LENGTH (ISC_SHA512_BLOCK_LENGTH - 16)
130:
131:
132: /*** ENDIAN REVERSAL MACROS *******************************************/
133: #if BYTE_ORDER == LITTLE_ENDIAN
134: #define REVERSE32(w,x) { \
135: isc_uint32_t tmp = (w); \
136: tmp = (tmp >> 16) | (tmp << 16); \
137: (x) = ((tmp & 0xff00ff00UL) >> 8) | ((tmp & 0x00ff00ffUL) << 8); \
138: }
139: #ifdef WIN32
140: #define REVERSE64(w,x) { \
141: isc_uint64_t tmp = (w); \
142: tmp = (tmp >> 32) | (tmp << 32); \
143: tmp = ((tmp & 0xff00ff00ff00ff00UL) >> 8) | \
144: ((tmp & 0x00ff00ff00ff00ffUL) << 8); \
145: (x) = ((tmp & 0xffff0000ffff0000UL) >> 16) | \
146: ((tmp & 0x0000ffff0000ffffUL) << 16); \
147: }
148: #else
149: #define REVERSE64(w,x) { \
150: isc_uint64_t tmp = (w); \
151: tmp = (tmp >> 32) | (tmp << 32); \
152: tmp = ((tmp & 0xff00ff00ff00ff00ULL) >> 8) | \
153: ((tmp & 0x00ff00ff00ff00ffULL) << 8); \
154: (x) = ((tmp & 0xffff0000ffff0000ULL) >> 16) | \
155: ((tmp & 0x0000ffff0000ffffULL) << 16); \
156: }
157: #endif
158: #endif /* BYTE_ORDER == LITTLE_ENDIAN */
159:
160: /*
161: * Macro for incrementally adding the unsigned 64-bit integer n to the
162: * unsigned 128-bit integer (represented using a two-element array of
163: * 64-bit words):
164: */
165: #define ADDINC128(w,n) { \
166: (w)[0] += (isc_uint64_t)(n); \
167: if ((w)[0] < (n)) { \
168: (w)[1]++; \
169: } \
170: }
171:
172: /*** THE SIX LOGICAL FUNCTIONS ****************************************/
173: /*
174: * Bit shifting and rotation (used by the six SHA-XYZ logical functions:
175: *
176: * NOTE: The naming of R and S appears backwards here (R is a SHIFT and
177: * S is a ROTATION) because the SHA-256/384/512 description document
178: * (see http://csrc.nist.gov/cryptval/shs/sha256-384-512.pdf) uses this
179: * same "backwards" definition.
180: */
181: /* Shift-right (used in SHA-256, SHA-384, and SHA-512): */
182: #define R(b,x) ((x) >> (b))
183: /* 32-bit Rotate-right (used in SHA-256): */
184: #define S32(b,x) (((x) >> (b)) | ((x) << (32 - (b))))
185: /* 64-bit Rotate-right (used in SHA-384 and SHA-512): */
186: #define S64(b,x) (((x) >> (b)) | ((x) << (64 - (b))))
187:
188: /* Two of six logical functions used in SHA-256, SHA-384, and SHA-512: */
189: #define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z)))
190: #define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
191:
192: /* Four of six logical functions used in SHA-256: */
193: #define Sigma0_256(x) (S32(2, (x)) ^ S32(13, (x)) ^ S32(22, (x)))
194: #define Sigma1_256(x) (S32(6, (x)) ^ S32(11, (x)) ^ S32(25, (x)))
195: #define sigma0_256(x) (S32(7, (x)) ^ S32(18, (x)) ^ R(3 , (x)))
196: #define sigma1_256(x) (S32(17, (x)) ^ S32(19, (x)) ^ R(10, (x)))
197:
198: /* Four of six logical functions used in SHA-384 and SHA-512: */
199: #define Sigma0_512(x) (S64(28, (x)) ^ S64(34, (x)) ^ S64(39, (x)))
200: #define Sigma1_512(x) (S64(14, (x)) ^ S64(18, (x)) ^ S64(41, (x)))
201: #define sigma0_512(x) (S64( 1, (x)) ^ S64( 8, (x)) ^ R( 7, (x)))
202: #define sigma1_512(x) (S64(19, (x)) ^ S64(61, (x)) ^ R( 6, (x)))
203:
204: /*** INTERNAL FUNCTION PROTOTYPES *************************************/
205: /* NOTE: These should not be accessed directly from outside this
206: * library -- they are intended for private internal visibility/use
207: * only.
208: */
209: void isc_sha512_last(isc_sha512_t *);
210: void isc_sha256_transform(isc_sha256_t *, const isc_uint32_t*);
211: void isc_sha512_transform(isc_sha512_t *, const isc_uint64_t*);
212:
213:
214: /*** SHA-XYZ INITIAL HASH VALUES AND CONSTANTS ************************/
215: /* Hash constant words K for SHA-224 and SHA-256: */
216: static const isc_uint32_t K256[64] = {
217: 0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL,
218: 0x3956c25bUL, 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL,
219: 0xd807aa98UL, 0x12835b01UL, 0x243185beUL, 0x550c7dc3UL,
220: 0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL, 0xc19bf174UL,
221: 0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL,
222: 0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL,
223: 0x983e5152UL, 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL,
224: 0xc6e00bf3UL, 0xd5a79147UL, 0x06ca6351UL, 0x14292967UL,
225: 0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL, 0x53380d13UL,
226: 0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL,
227: 0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL,
228: 0xd192e819UL, 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL,
229: 0x19a4c116UL, 0x1e376c08UL, 0x2748774cUL, 0x34b0bcb5UL,
230: 0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL, 0x682e6ff3UL,
231: 0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL,
232: 0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL
233: };
234:
235: /* Initial hash value H for SHA-224: */
236: static const isc_uint32_t sha224_initial_hash_value[8] = {
237: 0xc1059ed8UL,
238: 0x367cd507UL,
239: 0x3070dd17UL,
240: 0xf70e5939UL,
241: 0xffc00b31UL,
242: 0x68581511UL,
243: 0x64f98fa7UL,
244: 0xbefa4fa4UL
245: };
246:
247: /* Initial hash value H for SHA-256: */
248: static const isc_uint32_t sha256_initial_hash_value[8] = {
249: 0x6a09e667UL,
250: 0xbb67ae85UL,
251: 0x3c6ef372UL,
252: 0xa54ff53aUL,
253: 0x510e527fUL,
254: 0x9b05688cUL,
255: 0x1f83d9abUL,
256: 0x5be0cd19UL
257: };
258:
259: #ifdef WIN32
260: /* Hash constant words K for SHA-384 and SHA-512: */
261: static const isc_uint64_t K512[80] = {
262: 0x428a2f98d728ae22UL, 0x7137449123ef65cdUL,
263: 0xb5c0fbcfec4d3b2fUL, 0xe9b5dba58189dbbcUL,
264: 0x3956c25bf348b538UL, 0x59f111f1b605d019UL,
265: 0x923f82a4af194f9bUL, 0xab1c5ed5da6d8118UL,
266: 0xd807aa98a3030242UL, 0x12835b0145706fbeUL,
267: 0x243185be4ee4b28cUL, 0x550c7dc3d5ffb4e2UL,
268: 0x72be5d74f27b896fUL, 0x80deb1fe3b1696b1UL,
269: 0x9bdc06a725c71235UL, 0xc19bf174cf692694UL,
270: 0xe49b69c19ef14ad2UL, 0xefbe4786384f25e3UL,
271: 0x0fc19dc68b8cd5b5UL, 0x240ca1cc77ac9c65UL,
272: 0x2de92c6f592b0275UL, 0x4a7484aa6ea6e483UL,
273: 0x5cb0a9dcbd41fbd4UL, 0x76f988da831153b5UL,
274: 0x983e5152ee66dfabUL, 0xa831c66d2db43210UL,
275: 0xb00327c898fb213fUL, 0xbf597fc7beef0ee4UL,
276: 0xc6e00bf33da88fc2UL, 0xd5a79147930aa725UL,
277: 0x06ca6351e003826fUL, 0x142929670a0e6e70UL,
278: 0x27b70a8546d22ffcUL, 0x2e1b21385c26c926UL,
279: 0x4d2c6dfc5ac42aedUL, 0x53380d139d95b3dfUL,
280: 0x650a73548baf63deUL, 0x766a0abb3c77b2a8UL,
281: 0x81c2c92e47edaee6UL, 0x92722c851482353bUL,
282: 0xa2bfe8a14cf10364UL, 0xa81a664bbc423001UL,
283: 0xc24b8b70d0f89791UL, 0xc76c51a30654be30UL,
284: 0xd192e819d6ef5218UL, 0xd69906245565a910UL,
285: 0xf40e35855771202aUL, 0x106aa07032bbd1b8UL,
286: 0x19a4c116b8d2d0c8UL, 0x1e376c085141ab53UL,
287: 0x2748774cdf8eeb99UL, 0x34b0bcb5e19b48a8UL,
288: 0x391c0cb3c5c95a63UL, 0x4ed8aa4ae3418acbUL,
289: 0x5b9cca4f7763e373UL, 0x682e6ff3d6b2b8a3UL,
290: 0x748f82ee5defb2fcUL, 0x78a5636f43172f60UL,
291: 0x84c87814a1f0ab72UL, 0x8cc702081a6439ecUL,
292: 0x90befffa23631e28UL, 0xa4506cebde82bde9UL,
293: 0xbef9a3f7b2c67915UL, 0xc67178f2e372532bUL,
294: 0xca273eceea26619cUL, 0xd186b8c721c0c207UL,
295: 0xeada7dd6cde0eb1eUL, 0xf57d4f7fee6ed178UL,
296: 0x06f067aa72176fbaUL, 0x0a637dc5a2c898a6UL,
297: 0x113f9804bef90daeUL, 0x1b710b35131c471bUL,
298: 0x28db77f523047d84UL, 0x32caab7b40c72493UL,
299: 0x3c9ebe0a15c9bebcUL, 0x431d67c49c100d4cUL,
300: 0x4cc5d4becb3e42b6UL, 0x597f299cfc657e2aUL,
301: 0x5fcb6fab3ad6faecUL, 0x6c44198c4a475817UL
302: };
303:
304: /* Initial hash value H for SHA-384: */
305: static const isc_uint64_t sha384_initial_hash_value[8] = {
306: 0xcbbb9d5dc1059ed8UL,
307: 0x629a292a367cd507UL,
308: 0x9159015a3070dd17UL,
309: 0x152fecd8f70e5939UL,
310: 0x67332667ffc00b31UL,
311: 0x8eb44a8768581511UL,
312: 0xdb0c2e0d64f98fa7UL,
313: 0x47b5481dbefa4fa4UL
314: };
315:
316: /* Initial hash value H for SHA-512: */
317: static const isc_uint64_t sha512_initial_hash_value[8] = {
318: 0x6a09e667f3bcc908U,
319: 0xbb67ae8584caa73bUL,
320: 0x3c6ef372fe94f82bUL,
321: 0xa54ff53a5f1d36f1UL,
322: 0x510e527fade682d1UL,
323: 0x9b05688c2b3e6c1fUL,
324: 0x1f83d9abfb41bd6bUL,
325: 0x5be0cd19137e2179UL
326: };
327: #else
328: /* Hash constant words K for SHA-384 and SHA-512: */
329: static const isc_uint64_t K512[80] = {
330: 0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL,
331: 0xb5c0fbcfec4d3b2fULL, 0xe9b5dba58189dbbcULL,
332: 0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL,
333: 0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL,
334: 0xd807aa98a3030242ULL, 0x12835b0145706fbeULL,
335: 0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL,
336: 0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL,
337: 0x9bdc06a725c71235ULL, 0xc19bf174cf692694ULL,
338: 0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL,
339: 0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL,
340: 0x2de92c6f592b0275ULL, 0x4a7484aa6ea6e483ULL,
341: 0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL,
342: 0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL,
343: 0xb00327c898fb213fULL, 0xbf597fc7beef0ee4ULL,
344: 0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL,
345: 0x06ca6351e003826fULL, 0x142929670a0e6e70ULL,
346: 0x27b70a8546d22ffcULL, 0x2e1b21385c26c926ULL,
347: 0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL,
348: 0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL,
349: 0x81c2c92e47edaee6ULL, 0x92722c851482353bULL,
350: 0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL,
351: 0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL,
352: 0xd192e819d6ef5218ULL, 0xd69906245565a910ULL,
353: 0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL,
354: 0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL,
355: 0x2748774cdf8eeb99ULL, 0x34b0bcb5e19b48a8ULL,
356: 0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL,
357: 0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL,
358: 0x748f82ee5defb2fcULL, 0x78a5636f43172f60ULL,
359: 0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL,
360: 0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL,
361: 0xbef9a3f7b2c67915ULL, 0xc67178f2e372532bULL,
362: 0xca273eceea26619cULL, 0xd186b8c721c0c207ULL,
363: 0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL,
364: 0x06f067aa72176fbaULL, 0x0a637dc5a2c898a6ULL,
365: 0x113f9804bef90daeULL, 0x1b710b35131c471bULL,
366: 0x28db77f523047d84ULL, 0x32caab7b40c72493ULL,
367: 0x3c9ebe0a15c9bebcULL, 0x431d67c49c100d4cULL,
368: 0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL,
369: 0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL
370: };
371:
372: /* Initial hash value H for SHA-384: */
373: static const isc_uint64_t sha384_initial_hash_value[8] = {
374: 0xcbbb9d5dc1059ed8ULL,
375: 0x629a292a367cd507ULL,
376: 0x9159015a3070dd17ULL,
377: 0x152fecd8f70e5939ULL,
378: 0x67332667ffc00b31ULL,
379: 0x8eb44a8768581511ULL,
380: 0xdb0c2e0d64f98fa7ULL,
381: 0x47b5481dbefa4fa4ULL
382: };
383:
384: /* Initial hash value H for SHA-512: */
385: static const isc_uint64_t sha512_initial_hash_value[8] = {
386: 0x6a09e667f3bcc908ULL,
387: 0xbb67ae8584caa73bULL,
388: 0x3c6ef372fe94f82bULL,
389: 0xa54ff53a5f1d36f1ULL,
390: 0x510e527fade682d1ULL,
391: 0x9b05688c2b3e6c1fULL,
392: 0x1f83d9abfb41bd6bULL,
393: 0x5be0cd19137e2179ULL
394: };
395: #endif
396:
397: /*
398: * Constant used by SHA256/384/512_End() functions for converting the
399: * digest to a readable hexadecimal character string:
400: */
401: static const char *sha2_hex_digits = "0123456789abcdef";
402:
403:
404:
405: /*** SHA-224: *********************************************************/
406: void
407: isc_sha224_init(isc_sha224_t *context) {
408: if (context == (isc_sha256_t *)0) {
409: return;
410: }
411: memcpy(context->state, sha224_initial_hash_value,
412: ISC_SHA256_DIGESTLENGTH);
413: memset(context->buffer, 0, ISC_SHA256_BLOCK_LENGTH);
414: context->bitcount = 0;
415: }
416:
417: void
418: isc_sha224_update(isc_sha224_t *context, const isc_uint8_t* data, size_t len) {
419: isc_sha256_update((isc_sha256_t *)context, data, len);
420: }
421:
422: void
423: isc_sha224_final(isc_uint8_t digest[], isc_sha224_t *context) {
424: isc_uint8_t sha256_digest[ISC_SHA256_DIGESTLENGTH];
425: isc_sha256_final(sha256_digest, (isc_sha256_t *)context);
426: memcpy(digest, sha256_digest, ISC_SHA224_DIGESTLENGTH);
427: memset(sha256_digest, 0, ISC_SHA256_DIGESTLENGTH);
428: }
429:
430: char *
431: isc_sha224_end(isc_sha224_t *context, char buffer[]) {
432: isc_uint8_t digest[ISC_SHA224_DIGESTLENGTH], *d = digest;
433: unsigned int i;
434:
435: /* Sanity check: */
436: REQUIRE(context != (isc_sha224_t *)0);
437:
438: if (buffer != (char*)0) {
439: isc_sha224_final(digest, context);
440:
441: for (i = 0; i < ISC_SHA224_DIGESTLENGTH; i++) {
442: *buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4];
443: *buffer++ = sha2_hex_digits[*d & 0x0f];
444: d++;
445: }
446: *buffer = (char)0;
447: } else {
448: memset(context, 0, sizeof(context));
449: }
450: memset(digest, 0, ISC_SHA224_DIGESTLENGTH);
451: return buffer;
452: }
453:
454: char*
455: isc_sha224_data(const isc_uint8_t *data, size_t len,
456: char digest[ISC_SHA224_DIGESTSTRINGLENGTH])
457: {
458: isc_sha224_t context;
459:
460: isc_sha224_init(&context);
461: isc_sha224_update(&context, data, len);
462: return (isc_sha224_end(&context, digest));
463: }
464:
465: /*** SHA-256: *********************************************************/
466: void
467: isc_sha256_init(isc_sha256_t *context) {
468: if (context == (isc_sha256_t *)0) {
469: return;
470: }
471: memcpy(context->state, sha256_initial_hash_value,
472: ISC_SHA256_DIGESTLENGTH);
473: memset(context->buffer, 0, ISC_SHA256_BLOCK_LENGTH);
474: context->bitcount = 0;
475: }
476:
477: #ifdef ISC_SHA2_UNROLL_TRANSFORM
478:
479: /* Unrolled SHA-256 round macros: */
480:
481: #if BYTE_ORDER == LITTLE_ENDIAN
482:
483: #define ROUND256_0_TO_15(a,b,c,d,e,f,g,h) \
484: REVERSE32(*data++, W256[j]); \
485: T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + \
486: K256[j] + W256[j]; \
487: (d) += T1; \
488: (h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \
489: j++
490:
491:
492: #else /* BYTE_ORDER == LITTLE_ENDIAN */
493:
494: #define ROUND256_0_TO_15(a,b,c,d,e,f,g,h) \
495: T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + \
496: K256[j] + (W256[j] = *data++); \
497: (d) += T1; \
498: (h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \
499: j++
500:
501: #endif /* BYTE_ORDER == LITTLE_ENDIAN */
502:
503: #define ROUND256(a,b,c,d,e,f,g,h) \
504: s0 = W256[(j+1)&0x0f]; \
505: s0 = sigma0_256(s0); \
506: s1 = W256[(j+14)&0x0f]; \
507: s1 = sigma1_256(s1); \
508: T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + K256[j] + \
509: (W256[j&0x0f] += s1 + W256[(j+9)&0x0f] + s0); \
510: (d) += T1; \
511: (h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \
512: j++
513:
514: void isc_sha256_transform(isc_sha256_t *context, const isc_uint32_t* data) {
515: isc_uint32_t a, b, c, d, e, f, g, h, s0, s1;
516: isc_uint32_t T1, *W256;
517: int j;
518:
519: W256 = (isc_uint32_t*)context->buffer;
520:
521: /* Initialize registers with the prev. intermediate value */
522: a = context->state[0];
523: b = context->state[1];
524: c = context->state[2];
525: d = context->state[3];
526: e = context->state[4];
527: f = context->state[5];
528: g = context->state[6];
529: h = context->state[7];
530:
531: j = 0;
532: do {
533: /* Rounds 0 to 15 (unrolled): */
534: ROUND256_0_TO_15(a,b,c,d,e,f,g,h);
535: ROUND256_0_TO_15(h,a,b,c,d,e,f,g);
536: ROUND256_0_TO_15(g,h,a,b,c,d,e,f);
537: ROUND256_0_TO_15(f,g,h,a,b,c,d,e);
538: ROUND256_0_TO_15(e,f,g,h,a,b,c,d);
539: ROUND256_0_TO_15(d,e,f,g,h,a,b,c);
540: ROUND256_0_TO_15(c,d,e,f,g,h,a,b);
541: ROUND256_0_TO_15(b,c,d,e,f,g,h,a);
542: } while (j < 16);
543:
544: /* Now for the remaining rounds to 64: */
545: do {
546: ROUND256(a,b,c,d,e,f,g,h);
547: ROUND256(h,a,b,c,d,e,f,g);
548: ROUND256(g,h,a,b,c,d,e,f);
549: ROUND256(f,g,h,a,b,c,d,e);
550: ROUND256(e,f,g,h,a,b,c,d);
551: ROUND256(d,e,f,g,h,a,b,c);
552: ROUND256(c,d,e,f,g,h,a,b);
553: ROUND256(b,c,d,e,f,g,h,a);
554: } while (j < 64);
555:
556: /* Compute the current intermediate hash value */
557: context->state[0] += a;
558: context->state[1] += b;
559: context->state[2] += c;
560: context->state[3] += d;
561: context->state[4] += e;
562: context->state[5] += f;
563: context->state[6] += g;
564: context->state[7] += h;
565:
566: /* Clean up */
567: a = b = c = d = e = f = g = h = T1 = 0;
568: }
569:
570: #else /* ISC_SHA2_UNROLL_TRANSFORM */
571:
572: void
573: isc_sha256_transform(isc_sha256_t *context, const isc_uint32_t* data) {
574: isc_uint32_t a, b, c, d, e, f, g, h, s0, s1;
575: isc_uint32_t T1, T2, *W256;
576: int j;
577:
578: W256 = (isc_uint32_t*)context->buffer;
579:
580: /* Initialize registers with the prev. intermediate value */
581: a = context->state[0];
582: b = context->state[1];
583: c = context->state[2];
584: d = context->state[3];
585: e = context->state[4];
586: f = context->state[5];
587: g = context->state[6];
588: h = context->state[7];
589:
590: j = 0;
591: do {
592: #if BYTE_ORDER == LITTLE_ENDIAN
593: /* Copy data while converting to host byte order */
594: REVERSE32(*data++,W256[j]);
595: /* Apply the SHA-256 compression function to update a..h */
596: T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + W256[j];
597: #else /* BYTE_ORDER == LITTLE_ENDIAN */
598: /* Apply the SHA-256 compression function to update a..h with copy */
599: T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + (W256[j] = *data++);
600: #endif /* BYTE_ORDER == LITTLE_ENDIAN */
601: T2 = Sigma0_256(a) + Maj(a, b, c);
602: h = g;
603: g = f;
604: f = e;
605: e = d + T1;
606: d = c;
607: c = b;
608: b = a;
609: a = T1 + T2;
610:
611: j++;
612: } while (j < 16);
613:
614: do {
615: /* Part of the message block expansion: */
616: s0 = W256[(j+1)&0x0f];
617: s0 = sigma0_256(s0);
618: s1 = W256[(j+14)&0x0f];
619: s1 = sigma1_256(s1);
620:
621: /* Apply the SHA-256 compression function to update a..h */
622: T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] +
623: (W256[j&0x0f] += s1 + W256[(j+9)&0x0f] + s0);
624: T2 = Sigma0_256(a) + Maj(a, b, c);
625: h = g;
626: g = f;
627: f = e;
628: e = d + T1;
629: d = c;
630: c = b;
631: b = a;
632: a = T1 + T2;
633:
634: j++;
635: } while (j < 64);
636:
637: /* Compute the current intermediate hash value */
638: context->state[0] += a;
639: context->state[1] += b;
640: context->state[2] += c;
641: context->state[3] += d;
642: context->state[4] += e;
643: context->state[5] += f;
644: context->state[6] += g;
645: context->state[7] += h;
646:
647: /* Clean up */
648: a = b = c = d = e = f = g = h = T1 = T2 = 0;
649: }
650:
651: #endif /* ISC_SHA2_UNROLL_TRANSFORM */
652:
653: void
654: isc_sha256_update(isc_sha256_t *context, const isc_uint8_t *data, size_t len) {
655: unsigned int freespace, usedspace;
656:
657: if (len == 0U) {
658: /* Calling with no data is valid - we do nothing */
659: return;
660: }
661:
662: /* Sanity check: */
663: REQUIRE(context != (isc_sha256_t *)0 && data != (isc_uint8_t*)0);
664:
665: usedspace = (unsigned int)((context->bitcount >> 3) %
666: ISC_SHA256_BLOCK_LENGTH);
667: if (usedspace > 0) {
668: /* Calculate how much free space is available in the buffer */
669: freespace = ISC_SHA256_BLOCK_LENGTH - usedspace;
670:
671: if (len >= freespace) {
672: /* Fill the buffer completely and process it */
673: memcpy(&context->buffer[usedspace], data, freespace);
674: context->bitcount += freespace << 3;
675: len -= freespace;
676: data += freespace;
677: isc_sha256_transform(context,
678: (isc_uint32_t*)context->buffer);
679: } else {
680: /* The buffer is not yet full */
681: memcpy(&context->buffer[usedspace], data, len);
682: context->bitcount += len << 3;
683: /* Clean up: */
684: usedspace = freespace = 0;
685: return;
686: }
687: }
688: while (len >= ISC_SHA256_BLOCK_LENGTH) {
689: /* Process as many complete blocks as we can */
690: memcpy(context->buffer, data, ISC_SHA256_BLOCK_LENGTH);
691: isc_sha256_transform(context, (isc_uint32_t*)context->buffer);
692: context->bitcount += ISC_SHA256_BLOCK_LENGTH << 3;
693: len -= ISC_SHA256_BLOCK_LENGTH;
694: data += ISC_SHA256_BLOCK_LENGTH;
695: }
696: if (len > 0U) {
697: /* There's left-overs, so save 'em */
698: memcpy(context->buffer, data, len);
699: context->bitcount += len << 3;
700: }
701: /* Clean up: */
702: usedspace = freespace = 0;
703: }
704:
705: void
706: isc_sha256_final(isc_uint8_t digest[], isc_sha256_t *context) {
707: isc_uint32_t *d = (isc_uint32_t*)digest;
708: unsigned int usedspace;
709:
710: /* Sanity check: */
711: REQUIRE(context != (isc_sha256_t *)0);
712:
713: /* If no digest buffer is passed, we don't bother doing this: */
714: if (digest != (isc_uint8_t*)0) {
715: usedspace = (unsigned int)((context->bitcount >> 3) %
716: ISC_SHA256_BLOCK_LENGTH);
717: #if BYTE_ORDER == LITTLE_ENDIAN
718: /* Convert FROM host byte order */
719: REVERSE64(context->bitcount,context->bitcount);
720: #endif
721: if (usedspace > 0) {
722: /* Begin padding with a 1 bit: */
723: context->buffer[usedspace++] = 0x80;
724:
725: if (usedspace <= ISC_SHA256_SHORT_BLOCK_LENGTH) {
726: /* Set-up for the last transform: */
727: memset(&context->buffer[usedspace], 0,
728: ISC_SHA256_SHORT_BLOCK_LENGTH - usedspace);
729: } else {
730: if (usedspace < ISC_SHA256_BLOCK_LENGTH) {
731: memset(&context->buffer[usedspace], 0,
732: ISC_SHA256_BLOCK_LENGTH -
733: usedspace);
734: }
735: /* Do second-to-last transform: */
736: isc_sha256_transform(context,
737: (isc_uint32_t*)context->buffer);
738:
739: /* And set-up for the last transform: */
740: memset(context->buffer, 0,
741: ISC_SHA256_SHORT_BLOCK_LENGTH);
742: }
743: } else {
744: /* Set-up for the last transform: */
745: memset(context->buffer, 0, ISC_SHA256_SHORT_BLOCK_LENGTH);
746:
747: /* Begin padding with a 1 bit: */
748: *context->buffer = 0x80;
749: }
750: /* Set the bit count: */
751: *(isc_uint64_t*)&context->buffer[ISC_SHA256_SHORT_BLOCK_LENGTH] = context->bitcount;
752:
753: /* Final transform: */
754: isc_sha256_transform(context, (isc_uint32_t*)context->buffer);
755:
756: #if BYTE_ORDER == LITTLE_ENDIAN
757: {
758: /* Convert TO host byte order */
759: int j;
760: for (j = 0; j < 8; j++) {
761: REVERSE32(context->state[j],context->state[j]);
762: *d++ = context->state[j];
763: }
764: }
765: #else
766: memcpy(d, context->state, ISC_SHA256_DIGESTLENGTH);
767: #endif
768: }
769:
770: /* Clean up state data: */
771: memset(context, 0, sizeof(context));
772: usedspace = 0;
773: }
774:
775: char *
776: isc_sha256_end(isc_sha256_t *context, char buffer[]) {
777: isc_uint8_t digest[ISC_SHA256_DIGESTLENGTH], *d = digest;
778: unsigned int i;
779:
780: /* Sanity check: */
781: REQUIRE(context != (isc_sha256_t *)0);
782:
783: if (buffer != (char*)0) {
784: isc_sha256_final(digest, context);
785:
786: for (i = 0; i < ISC_SHA256_DIGESTLENGTH; i++) {
787: *buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4];
788: *buffer++ = sha2_hex_digits[*d & 0x0f];
789: d++;
790: }
791: *buffer = (char)0;
792: } else {
793: memset(context, 0, sizeof(context));
794: }
795: memset(digest, 0, ISC_SHA256_DIGESTLENGTH);
796: return buffer;
797: }
798:
799: char *
800: isc_sha256_data(const isc_uint8_t* data, size_t len,
801: char digest[ISC_SHA256_DIGESTSTRINGLENGTH])
802: {
803: isc_sha256_t context;
804:
805: isc_sha256_init(&context);
806: isc_sha256_update(&context, data, len);
807: return (isc_sha256_end(&context, digest));
808: }
809:
810:
811: /*** SHA-512: *********************************************************/
812: void
813: isc_sha512_init(isc_sha512_t *context) {
814: if (context == (isc_sha512_t *)0) {
815: return;
816: }
817: memcpy(context->state, sha512_initial_hash_value,
818: ISC_SHA512_DIGESTLENGTH);
819: memset(context->buffer, 0, ISC_SHA512_BLOCK_LENGTH);
820: context->bitcount[0] = context->bitcount[1] = 0;
821: }
822:
823: #ifdef ISC_SHA2_UNROLL_TRANSFORM
824:
825: /* Unrolled SHA-512 round macros: */
826: #if BYTE_ORDER == LITTLE_ENDIAN
827:
828: #define ROUND512_0_TO_15(a,b,c,d,e,f,g,h) \
829: REVERSE64(*data++, W512[j]); \
830: T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + \
831: K512[j] + W512[j]; \
832: (d) += T1, \
833: (h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)), \
834: j++
835:
836:
837: #else /* BYTE_ORDER == LITTLE_ENDIAN */
838:
839: #define ROUND512_0_TO_15(a,b,c,d,e,f,g,h) \
840: T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + \
841: K512[j] + (W512[j] = *data++); \
842: (d) += T1; \
843: (h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)); \
844: j++
845:
846: #endif /* BYTE_ORDER == LITTLE_ENDIAN */
847:
848: #define ROUND512(a,b,c,d,e,f,g,h) \
849: s0 = W512[(j+1)&0x0f]; \
850: s0 = sigma0_512(s0); \
851: s1 = W512[(j+14)&0x0f]; \
852: s1 = sigma1_512(s1); \
853: T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + K512[j] + \
854: (W512[j&0x0f] += s1 + W512[(j+9)&0x0f] + s0); \
855: (d) += T1; \
856: (h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)); \
857: j++
858:
859: void isc_sha512_transform(isc_sha512_t *context, const isc_uint64_t* data) {
860: isc_uint64_t a, b, c, d, e, f, g, h, s0, s1;
861: isc_uint64_t T1, *W512 = (isc_uint64_t*)context->buffer;
862: int j;
863:
864: /* Initialize registers with the prev. intermediate value */
865: a = context->state[0];
866: b = context->state[1];
867: c = context->state[2];
868: d = context->state[3];
869: e = context->state[4];
870: f = context->state[5];
871: g = context->state[6];
872: h = context->state[7];
873:
874: j = 0;
875: do {
876: ROUND512_0_TO_15(a,b,c,d,e,f,g,h);
877: ROUND512_0_TO_15(h,a,b,c,d,e,f,g);
878: ROUND512_0_TO_15(g,h,a,b,c,d,e,f);
879: ROUND512_0_TO_15(f,g,h,a,b,c,d,e);
880: ROUND512_0_TO_15(e,f,g,h,a,b,c,d);
881: ROUND512_0_TO_15(d,e,f,g,h,a,b,c);
882: ROUND512_0_TO_15(c,d,e,f,g,h,a,b);
883: ROUND512_0_TO_15(b,c,d,e,f,g,h,a);
884: } while (j < 16);
885:
886: /* Now for the remaining rounds up to 79: */
887: do {
888: ROUND512(a,b,c,d,e,f,g,h);
889: ROUND512(h,a,b,c,d,e,f,g);
890: ROUND512(g,h,a,b,c,d,e,f);
891: ROUND512(f,g,h,a,b,c,d,e);
892: ROUND512(e,f,g,h,a,b,c,d);
893: ROUND512(d,e,f,g,h,a,b,c);
894: ROUND512(c,d,e,f,g,h,a,b);
895: ROUND512(b,c,d,e,f,g,h,a);
896: } while (j < 80);
897:
898: /* Compute the current intermediate hash value */
899: context->state[0] += a;
900: context->state[1] += b;
901: context->state[2] += c;
902: context->state[3] += d;
903: context->state[4] += e;
904: context->state[5] += f;
905: context->state[6] += g;
906: context->state[7] += h;
907:
908: /* Clean up */
909: a = b = c = d = e = f = g = h = T1 = 0;
910: }
911:
912: #else /* ISC_SHA2_UNROLL_TRANSFORM */
913:
914: void
915: isc_sha512_transform(isc_sha512_t *context, const isc_uint64_t* data) {
916: isc_uint64_t a, b, c, d, e, f, g, h, s0, s1;
917: isc_uint64_t T1, T2, *W512 = (isc_uint64_t*)context->buffer;
918: int j;
919:
920: /* Initialize registers with the prev. intermediate value */
921: a = context->state[0];
922: b = context->state[1];
923: c = context->state[2];
924: d = context->state[3];
925: e = context->state[4];
926: f = context->state[5];
927: g = context->state[6];
928: h = context->state[7];
929:
930: j = 0;
931: do {
932: #if BYTE_ORDER == LITTLE_ENDIAN
933: /* Convert TO host byte order */
934: REVERSE64(*data++, W512[j]);
935: /* Apply the SHA-512 compression function to update a..h */
936: T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + W512[j];
937: #else /* BYTE_ORDER == LITTLE_ENDIAN */
938: /* Apply the SHA-512 compression function to update a..h with copy */
939: T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + (W512[j] = *data++);
940: #endif /* BYTE_ORDER == LITTLE_ENDIAN */
941: T2 = Sigma0_512(a) + Maj(a, b, c);
942: h = g;
943: g = f;
944: f = e;
945: e = d + T1;
946: d = c;
947: c = b;
948: b = a;
949: a = T1 + T2;
950:
951: j++;
952: } while (j < 16);
953:
954: do {
955: /* Part of the message block expansion: */
956: s0 = W512[(j+1)&0x0f];
957: s0 = sigma0_512(s0);
958: s1 = W512[(j+14)&0x0f];
959: s1 = sigma1_512(s1);
960:
961: /* Apply the SHA-512 compression function to update a..h */
962: T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] +
963: (W512[j&0x0f] += s1 + W512[(j+9)&0x0f] + s0);
964: T2 = Sigma0_512(a) + Maj(a, b, c);
965: h = g;
966: g = f;
967: f = e;
968: e = d + T1;
969: d = c;
970: c = b;
971: b = a;
972: a = T1 + T2;
973:
974: j++;
975: } while (j < 80);
976:
977: /* Compute the current intermediate hash value */
978: context->state[0] += a;
979: context->state[1] += b;
980: context->state[2] += c;
981: context->state[3] += d;
982: context->state[4] += e;
983: context->state[5] += f;
984: context->state[6] += g;
985: context->state[7] += h;
986:
987: /* Clean up */
988: a = b = c = d = e = f = g = h = T1 = T2 = 0;
989: }
990:
991: #endif /* ISC_SHA2_UNROLL_TRANSFORM */
992:
993: void isc_sha512_update(isc_sha512_t *context, const isc_uint8_t *data, size_t len) {
994: unsigned int freespace, usedspace;
995:
996: if (len == 0U) {
997: /* Calling with no data is valid - we do nothing */
998: return;
999: }
1000:
1001: /* Sanity check: */
1002: REQUIRE(context != (isc_sha512_t *)0 && data != (isc_uint8_t*)0);
1003:
1004: usedspace = (unsigned int)((context->bitcount[0] >> 3) %
1005: ISC_SHA512_BLOCK_LENGTH);
1006: if (usedspace > 0) {
1007: /* Calculate how much free space is available in the buffer */
1008: freespace = ISC_SHA512_BLOCK_LENGTH - usedspace;
1009:
1010: if (len >= freespace) {
1011: /* Fill the buffer completely and process it */
1012: memcpy(&context->buffer[usedspace], data, freespace);
1013: ADDINC128(context->bitcount, freespace << 3);
1014: len -= freespace;
1015: data += freespace;
1016: isc_sha512_transform(context,
1017: (isc_uint64_t*)context->buffer);
1018: } else {
1019: /* The buffer is not yet full */
1020: memcpy(&context->buffer[usedspace], data, len);
1021: ADDINC128(context->bitcount, len << 3);
1022: /* Clean up: */
1023: usedspace = freespace = 0;
1024: return;
1025: }
1026: }
1027: while (len >= ISC_SHA512_BLOCK_LENGTH) {
1028: /* Process as many complete blocks as we can */
1029: memcpy(context->buffer, data, ISC_SHA512_BLOCK_LENGTH);
1030: isc_sha512_transform(context, (isc_uint64_t*)context->buffer);
1031: ADDINC128(context->bitcount, ISC_SHA512_BLOCK_LENGTH << 3);
1032: len -= ISC_SHA512_BLOCK_LENGTH;
1033: data += ISC_SHA512_BLOCK_LENGTH;
1034: }
1035: if (len > 0U) {
1036: /* There's left-overs, so save 'em */
1037: memcpy(context->buffer, data, len);
1038: ADDINC128(context->bitcount, len << 3);
1039: }
1040: /* Clean up: */
1041: usedspace = freespace = 0;
1042: }
1043:
1044: void isc_sha512_last(isc_sha512_t *context) {
1045: unsigned int usedspace;
1046:
1047: usedspace = (unsigned int)((context->bitcount[0] >> 3) %
1048: ISC_SHA512_BLOCK_LENGTH);
1049: #if BYTE_ORDER == LITTLE_ENDIAN
1050: /* Convert FROM host byte order */
1051: REVERSE64(context->bitcount[0],context->bitcount[0]);
1052: REVERSE64(context->bitcount[1],context->bitcount[1]);
1053: #endif
1054: if (usedspace > 0) {
1055: /* Begin padding with a 1 bit: */
1056: context->buffer[usedspace++] = 0x80;
1057:
1058: if (usedspace <= ISC_SHA512_SHORT_BLOCK_LENGTH) {
1059: /* Set-up for the last transform: */
1060: memset(&context->buffer[usedspace], 0,
1061: ISC_SHA512_SHORT_BLOCK_LENGTH - usedspace);
1062: } else {
1063: if (usedspace < ISC_SHA512_BLOCK_LENGTH) {
1064: memset(&context->buffer[usedspace], 0,
1065: ISC_SHA512_BLOCK_LENGTH - usedspace);
1066: }
1067: /* Do second-to-last transform: */
1068: isc_sha512_transform(context,
1069: (isc_uint64_t*)context->buffer);
1070:
1071: /* And set-up for the last transform: */
1072: memset(context->buffer, 0, ISC_SHA512_BLOCK_LENGTH - 2);
1073: }
1074: } else {
1075: /* Prepare for final transform: */
1076: memset(context->buffer, 0, ISC_SHA512_SHORT_BLOCK_LENGTH);
1077:
1078: /* Begin padding with a 1 bit: */
1079: *context->buffer = 0x80;
1080: }
1081: /* Store the length of input data (in bits): */
1082: *(isc_uint64_t*)&context->buffer[ISC_SHA512_SHORT_BLOCK_LENGTH] = context->bitcount[1];
1083: *(isc_uint64_t*)&context->buffer[ISC_SHA512_SHORT_BLOCK_LENGTH+8] = context->bitcount[0];
1084:
1085: /* Final transform: */
1086: isc_sha512_transform(context, (isc_uint64_t*)context->buffer);
1087: }
1088:
1089: void isc_sha512_final(isc_uint8_t digest[], isc_sha512_t *context) {
1090: isc_uint64_t *d = (isc_uint64_t*)digest;
1091:
1092: /* Sanity check: */
1093: REQUIRE(context != (isc_sha512_t *)0);
1094:
1095: /* If no digest buffer is passed, we don't bother doing this: */
1096: if (digest != (isc_uint8_t*)0) {
1097: isc_sha512_last(context);
1098:
1099: /* Save the hash data for output: */
1100: #if BYTE_ORDER == LITTLE_ENDIAN
1101: {
1102: /* Convert TO host byte order */
1103: int j;
1104: for (j = 0; j < 8; j++) {
1105: REVERSE64(context->state[j],context->state[j]);
1106: *d++ = context->state[j];
1107: }
1108: }
1109: #else
1110: memcpy(d, context->state, ISC_SHA512_DIGESTLENGTH);
1111: #endif
1112: }
1113:
1114: /* Zero out state data */
1115: memset(context, 0, sizeof(context));
1116: }
1117:
1118: char *
1119: isc_sha512_end(isc_sha512_t *context, char buffer[]) {
1120: isc_uint8_t digest[ISC_SHA512_DIGESTLENGTH], *d = digest;
1121: unsigned int i;
1122:
1123: /* Sanity check: */
1124: REQUIRE(context != (isc_sha512_t *)0);
1125:
1126: if (buffer != (char*)0) {
1127: isc_sha512_final(digest, context);
1128:
1129: for (i = 0; i < ISC_SHA512_DIGESTLENGTH; i++) {
1130: *buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4];
1131: *buffer++ = sha2_hex_digits[*d & 0x0f];
1132: d++;
1133: }
1134: *buffer = (char)0;
1135: } else {
1136: memset(context, 0, sizeof(context));
1137: }
1138: memset(digest, 0, ISC_SHA512_DIGESTLENGTH);
1139: return buffer;
1140: }
1141:
1142: char *
1143: isc_sha512_data(const isc_uint8_t *data, size_t len,
1144: char digest[ISC_SHA512_DIGESTSTRINGLENGTH])
1145: {
1146: isc_sha512_t context;
1147:
1148: isc_sha512_init(&context);
1149: isc_sha512_update(&context, data, len);
1150: return (isc_sha512_end(&context, digest));
1151: }
1152:
1153:
1154: /*** SHA-384: *********************************************************/
1155: void
1156: isc_sha384_init(isc_sha384_t *context) {
1157: if (context == (isc_sha384_t *)0) {
1158: return;
1159: }
1160: memcpy(context->state, sha384_initial_hash_value,
1161: ISC_SHA512_DIGESTLENGTH);
1162: memset(context->buffer, 0, ISC_SHA384_BLOCK_LENGTH);
1163: context->bitcount[0] = context->bitcount[1] = 0;
1164: }
1165:
1166: void
1167: isc_sha384_update(isc_sha384_t *context, const isc_uint8_t* data, size_t len) {
1168: isc_sha512_update((isc_sha512_t *)context, data, len);
1169: }
1170:
1171: void
1172: isc_sha384_final(isc_uint8_t digest[], isc_sha384_t *context) {
1173: isc_uint64_t *d = (isc_uint64_t*)digest;
1174:
1175: /* Sanity check: */
1176: REQUIRE(context != (isc_sha384_t *)0);
1177:
1178: /* If no digest buffer is passed, we don't bother doing this: */
1179: if (digest != (isc_uint8_t*)0) {
1180: isc_sha512_last((isc_sha512_t *)context);
1181:
1182: /* Save the hash data for output: */
1183: #if BYTE_ORDER == LITTLE_ENDIAN
1184: {
1185: /* Convert TO host byte order */
1186: int j;
1187: for (j = 0; j < 6; j++) {
1188: REVERSE64(context->state[j],context->state[j]);
1189: *d++ = context->state[j];
1190: }
1191: }
1192: #else
1193: memcpy(d, context->state, ISC_SHA384_DIGESTLENGTH);
1194: #endif
1195: }
1196:
1197: /* Zero out state data */
1198: memset(context, 0, sizeof(context));
1199: }
1200:
1201: char *
1202: isc_sha384_end(isc_sha384_t *context, char buffer[]) {
1203: isc_uint8_t digest[ISC_SHA384_DIGESTLENGTH], *d = digest;
1204: unsigned int i;
1205:
1206: /* Sanity check: */
1207: REQUIRE(context != (isc_sha384_t *)0);
1208:
1209: if (buffer != (char*)0) {
1210: isc_sha384_final(digest, context);
1211:
1212: for (i = 0; i < ISC_SHA384_DIGESTLENGTH; i++) {
1213: *buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4];
1214: *buffer++ = sha2_hex_digits[*d & 0x0f];
1215: d++;
1216: }
1217: *buffer = (char)0;
1218: } else {
1219: memset(context, 0, sizeof(context));
1220: }
1221: memset(digest, 0, ISC_SHA384_DIGESTLENGTH);
1222: return buffer;
1223: }
1224:
1225: char*
1226: isc_sha384_data(const isc_uint8_t *data, size_t len,
1227: char digest[ISC_SHA384_DIGESTSTRINGLENGTH])
1228: {
1229: isc_sha384_t context;
1230:
1231: isc_sha384_init(&context);
1232: isc_sha384_update(&context, data, len);
1233: return (isc_sha384_end(&context, digest));
1234: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to sha2.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / ntp / lib / isc