sha2.c revision 224092
1/* 2 * Copyright (C) 2005-2007, 2009 Internet Systems Consortium, Inc. ("ISC") 3 * 4 * Permission to use, copy, modify, and/or distribute this software for any 5 * purpose with or without fee is hereby granted, provided that the above 6 * copyright notice and this permission notice appear in all copies. 7 * 8 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH 9 * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 10 * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, 11 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM 12 * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE 13 * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 14 * PERFORMANCE OF THIS SOFTWARE. 15 */ 16 17/* $Id: sha2.c,v 1.18 2009-10-22 02:21:31 each Exp $ */ 18 19/* $FreeBSD: head/contrib/bind9/lib/isc/sha2.c 224092 2011-07-16 11:12:09Z dougb $ */ 20/* $KAME: sha2.c,v 1.8 2001/11/08 01:07:52 itojun Exp $ */ 21 22/* 23 * sha2.c 24 * 25 * Version 1.0.0beta1 26 * 27 * Written by Aaron D. Gifford <me@aarongifford.com> 28 * 29 * Copyright 2000 Aaron D. Gifford. All rights reserved. 30 * 31 * Redistribution and use in source and binary forms, with or without 32 * modification, are permitted provided that the following conditions 33 * are met: 34 * 1. Redistributions of source code must retain the above copyright 35 * notice, this list of conditions and the following disclaimer. 36 * 2. Redistributions in binary form must reproduce the above copyright 37 * notice, this list of conditions and the following disclaimer in the 38 * documentation and/or other materials provided with the distribution. 39 * 3. Neither the name of the copyright holder nor the names of contributors 40 * may be used to endorse or promote products derived from this software 41 * without specific prior written permission. 42 * 43 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) AND CONTRIBUTOR(S) ``AS IS'' AND 44 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 45 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 46 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR(S) OR CONTRIBUTOR(S) BE LIABLE 47 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 48 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 49 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 50 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 51 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 52 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 53 * SUCH DAMAGE. 54 * 55 */ 56 57 58#include <config.h> 59 60#include <isc/assertions.h> 61#include <isc/platform.h> 62#include <isc/sha2.h> 63#include <isc/string.h> 64#include <isc/util.h> 65 66#ifdef ISC_PLATFORM_OPENSSLHASH 67 68void 69isc_sha224_init(isc_sha224_t *context) { 70 if (context == (isc_sha224_t *)0) { 71 return; 72 } 73 EVP_DigestInit(context, EVP_sha224()); 74} 75 76void 77isc_sha224_invalidate(isc_sha224_t *context) { 78 EVP_MD_CTX_cleanup(context); 79} 80 81void 82isc_sha224_update(isc_sha224_t *context, const isc_uint8_t* data, size_t len) { 83 if (len == 0U) { 84 /* Calling with no data is valid - we do nothing */ 85 return; 86 } 87 88 /* Sanity check: */ 89 REQUIRE(context != (isc_sha224_t *)0 && data != (isc_uint8_t*)0); 90 91 EVP_DigestUpdate(context, (const void *) data, len); 92} 93 94void 95isc_sha224_final(isc_uint8_t digest[], isc_sha224_t *context) { 96 /* Sanity check: */ 97 REQUIRE(context != (isc_sha224_t *)0); 98 99 /* If no digest buffer is passed, we don't bother doing this: */ 100 if (digest != (isc_uint8_t*)0) { 101 EVP_DigestFinal(context, digest, NULL); 102 } else { 103 EVP_MD_CTX_cleanup(context); 104 } 105} 106 107void 108isc_sha256_init(isc_sha256_t *context) { 109 if (context == (isc_sha256_t *)0) { 110 return; 111 } 112 EVP_DigestInit(context, EVP_sha256()); 113} 114 115void 116isc_sha256_invalidate(isc_sha256_t *context) { 117 EVP_MD_CTX_cleanup(context); 118} 119 120void 121isc_sha256_update(isc_sha256_t *context, const isc_uint8_t *data, size_t len) { 122 if (len == 0U) { 123 /* Calling with no data is valid - we do nothing */ 124 return; 125 } 126 127 /* Sanity check: */ 128 REQUIRE(context != (isc_sha256_t *)0 && data != (isc_uint8_t*)0); 129 130 EVP_DigestUpdate(context, (const void *) data, len); 131} 132 133void 134isc_sha256_final(isc_uint8_t digest[], isc_sha256_t *context) { 135 /* Sanity check: */ 136 REQUIRE(context != (isc_sha256_t *)0); 137 138 /* If no digest buffer is passed, we don't bother doing this: */ 139 if (digest != (isc_uint8_t*)0) { 140 EVP_DigestFinal(context, digest, NULL); 141 } else { 142 EVP_MD_CTX_cleanup(context); 143 } 144} 145 146void 147isc_sha512_init(isc_sha512_t *context) { 148 if (context == (isc_sha512_t *)0) { 149 return; 150 } 151 EVP_DigestInit(context, EVP_sha512()); 152} 153 154void 155isc_sha512_invalidate(isc_sha512_t *context) { 156 EVP_MD_CTX_cleanup(context); 157} 158 159void isc_sha512_update(isc_sha512_t *context, const isc_uint8_t *data, size_t len) { 160 if (len == 0U) { 161 /* Calling with no data is valid - we do nothing */ 162 return; 163 } 164 165 /* Sanity check: */ 166 REQUIRE(context != (isc_sha512_t *)0 && data != (isc_uint8_t*)0); 167 168 EVP_DigestUpdate(context, (const void *) data, len); 169} 170 171void isc_sha512_final(isc_uint8_t digest[], isc_sha512_t *context) { 172 /* Sanity check: */ 173 REQUIRE(context != (isc_sha512_t *)0); 174 175 /* If no digest buffer is passed, we don't bother doing this: */ 176 if (digest != (isc_uint8_t*)0) { 177 EVP_DigestFinal(context, digest, NULL); 178 } else { 179 EVP_MD_CTX_cleanup(context); 180 } 181} 182 183void 184isc_sha384_init(isc_sha384_t *context) { 185 if (context == (isc_sha384_t *)0) { 186 return; 187 } 188 EVP_DigestInit(context, EVP_sha384()); 189} 190 191void 192isc_sha384_invalidate(isc_sha384_t *context) { 193 EVP_MD_CTX_cleanup(context); 194} 195 196void 197isc_sha384_update(isc_sha384_t *context, const isc_uint8_t* data, size_t len) { 198 if (len == 0U) { 199 /* Calling with no data is valid - we do nothing */ 200 return; 201 } 202 203 /* Sanity check: */ 204 REQUIRE(context != (isc_sha512_t *)0 && data != (isc_uint8_t*)0); 205 206 EVP_DigestUpdate(context, (const void *) data, len); 207} 208 209void 210isc_sha384_final(isc_uint8_t digest[], isc_sha384_t *context) { 211 /* Sanity check: */ 212 REQUIRE(context != (isc_sha384_t *)0); 213 214 /* If no digest buffer is passed, we don't bother doing this: */ 215 if (digest != (isc_uint8_t*)0) { 216 EVP_DigestFinal(context, digest, NULL); 217 } else { 218 EVP_MD_CTX_cleanup(context); 219 } 220} 221 222#else 223 224/* 225 * UNROLLED TRANSFORM LOOP NOTE: 226 * You can define SHA2_UNROLL_TRANSFORM to use the unrolled transform 227 * loop version for the hash transform rounds (defined using macros 228 * later in this file). Either define on the command line, for example: 229 * 230 * cc -DISC_SHA2_UNROLL_TRANSFORM -o sha2 sha2.c sha2prog.c 231 * 232 * or define below: 233 * 234 * \#define ISC_SHA2_UNROLL_TRANSFORM 235 * 236 */ 237 238/*** SHA-256/384/512 Machine Architecture Definitions *****************/ 239/* 240 * BYTE_ORDER NOTE: 241 * 242 * Please make sure that your system defines BYTE_ORDER. If your 243 * architecture is little-endian, make sure it also defines 244 * LITTLE_ENDIAN and that the two (BYTE_ORDER and LITTLE_ENDIAN) are 245 * equivalent. 246 * 247 * If your system does not define the above, then you can do so by 248 * hand like this: 249 * 250 * \#define LITTLE_ENDIAN 1234 251 * \#define BIG_ENDIAN 4321 252 * 253 * And for little-endian machines, add: 254 * 255 * \#define BYTE_ORDER LITTLE_ENDIAN 256 * 257 * Or for big-endian machines: 258 * 259 * \#define BYTE_ORDER BIG_ENDIAN 260 * 261 * The FreeBSD machine this was written on defines BYTE_ORDER 262 * appropriately by including <sys/types.h> (which in turn includes 263 * <machine/endian.h> where the appropriate definitions are actually 264 * made). 265 */ 266#if !defined(BYTE_ORDER) || (BYTE_ORDER != LITTLE_ENDIAN && BYTE_ORDER != BIG_ENDIAN) 267#ifndef BYTE_ORDER 268#ifndef BIG_ENDIAN 269#define BIG_ENDIAN 4321 270#endif 271#ifndef LITTLE_ENDIAN 272#define LITTLE_ENDIAN 1234 273#endif 274#ifdef WORDS_BIGENDIAN 275#define BYTE_ORDER BIG_ENDIAN 276#else 277#define BYTE_ORDER LITTLE_ENDIAN 278#endif 279#else 280#error Define BYTE_ORDER to be equal to either LITTLE_ENDIAN or BIG_ENDIAN 281#endif 282#endif 283 284/*** SHA-256/384/512 Various Length Definitions ***********************/ 285/* NOTE: Most of these are in sha2.h */ 286#define ISC_SHA256_SHORT_BLOCK_LENGTH (ISC_SHA256_BLOCK_LENGTH - 8) 287#define ISC_SHA384_SHORT_BLOCK_LENGTH (ISC_SHA384_BLOCK_LENGTH - 16) 288#define ISC_SHA512_SHORT_BLOCK_LENGTH (ISC_SHA512_BLOCK_LENGTH - 16) 289 290 291/*** ENDIAN REVERSAL MACROS *******************************************/ 292#if BYTE_ORDER == LITTLE_ENDIAN 293#define REVERSE32(w,x) { \ 294 isc_uint32_t tmp = (w); \ 295 tmp = (tmp >> 16) | (tmp << 16); \ 296 (x) = ((tmp & 0xff00ff00UL) >> 8) | ((tmp & 0x00ff00ffUL) << 8); \ 297} 298#ifdef WIN32 299#define REVERSE64(w,x) { \ 300 isc_uint64_t tmp = (w); \ 301 tmp = (tmp >> 32) | (tmp << 32); \ 302 tmp = ((tmp & 0xff00ff00ff00ff00UL) >> 8) | \ 303 ((tmp & 0x00ff00ff00ff00ffUL) << 8); \ 304 (x) = ((tmp & 0xffff0000ffff0000UL) >> 16) | \ 305 ((tmp & 0x0000ffff0000ffffUL) << 16); \ 306} 307#else 308#define REVERSE64(w,x) { \ 309 isc_uint64_t tmp = (w); \ 310 tmp = (tmp >> 32) | (tmp << 32); \ 311 tmp = ((tmp & 0xff00ff00ff00ff00ULL) >> 8) | \ 312 ((tmp & 0x00ff00ff00ff00ffULL) << 8); \ 313 (x) = ((tmp & 0xffff0000ffff0000ULL) >> 16) | \ 314 ((tmp & 0x0000ffff0000ffffULL) << 16); \ 315} 316#endif 317#endif /* BYTE_ORDER == LITTLE_ENDIAN */ 318 319/* 320 * Macro for incrementally adding the unsigned 64-bit integer n to the 321 * unsigned 128-bit integer (represented using a two-element array of 322 * 64-bit words): 323 */ 324#define ADDINC128(w,n) { \ 325 (w)[0] += (isc_uint64_t)(n); \ 326 if ((w)[0] < (n)) { \ 327 (w)[1]++; \ 328 } \ 329} 330 331/*** THE SIX LOGICAL FUNCTIONS ****************************************/ 332/* 333 * Bit shifting and rotation (used by the six SHA-XYZ logical functions: 334 * 335 * NOTE: The naming of R and S appears backwards here (R is a SHIFT and 336 * S is a ROTATION) because the SHA-256/384/512 description document 337 * (see http://csrc.nist.gov/cryptval/shs/sha256-384-512.pdf) uses this 338 * same "backwards" definition. 339 */ 340/* Shift-right (used in SHA-256, SHA-384, and SHA-512): */ 341#define R(b,x) ((x) >> (b)) 342/* 32-bit Rotate-right (used in SHA-256): */ 343#define S32(b,x) (((x) >> (b)) | ((x) << (32 - (b)))) 344/* 64-bit Rotate-right (used in SHA-384 and SHA-512): */ 345#define S64(b,x) (((x) >> (b)) | ((x) << (64 - (b)))) 346 347/* Two of six logical functions used in SHA-256, SHA-384, and SHA-512: */ 348#define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z))) 349#define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) 350 351/* Four of six logical functions used in SHA-256: */ 352#define Sigma0_256(x) (S32(2, (x)) ^ S32(13, (x)) ^ S32(22, (x))) 353#define Sigma1_256(x) (S32(6, (x)) ^ S32(11, (x)) ^ S32(25, (x))) 354#define sigma0_256(x) (S32(7, (x)) ^ S32(18, (x)) ^ R(3 , (x))) 355#define sigma1_256(x) (S32(17, (x)) ^ S32(19, (x)) ^ R(10, (x))) 356 357/* Four of six logical functions used in SHA-384 and SHA-512: */ 358#define Sigma0_512(x) (S64(28, (x)) ^ S64(34, (x)) ^ S64(39, (x))) 359#define Sigma1_512(x) (S64(14, (x)) ^ S64(18, (x)) ^ S64(41, (x))) 360#define sigma0_512(x) (S64( 1, (x)) ^ S64( 8, (x)) ^ R( 7, (x))) 361#define sigma1_512(x) (S64(19, (x)) ^ S64(61, (x)) ^ R( 6, (x))) 362 363/*** INTERNAL FUNCTION PROTOTYPES *************************************/ 364/* NOTE: These should not be accessed directly from outside this 365 * library -- they are intended for private internal visibility/use 366 * only. 367 */ 368void isc_sha512_last(isc_sha512_t *); 369void isc_sha256_transform(isc_sha256_t *, const isc_uint32_t*); 370void isc_sha512_transform(isc_sha512_t *, const isc_uint64_t*); 371 372 373/*** SHA-XYZ INITIAL HASH VALUES AND CONSTANTS ************************/ 374/* Hash constant words K for SHA-224 and SHA-256: */ 375static const isc_uint32_t K256[64] = { 376 0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL, 377 0x3956c25bUL, 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL, 378 0xd807aa98UL, 0x12835b01UL, 0x243185beUL, 0x550c7dc3UL, 379 0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL, 0xc19bf174UL, 380 0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL, 381 0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL, 382 0x983e5152UL, 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL, 383 0xc6e00bf3UL, 0xd5a79147UL, 0x06ca6351UL, 0x14292967UL, 384 0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL, 0x53380d13UL, 385 0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL, 386 0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL, 387 0xd192e819UL, 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL, 388 0x19a4c116UL, 0x1e376c08UL, 0x2748774cUL, 0x34b0bcb5UL, 389 0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL, 0x682e6ff3UL, 390 0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL, 391 0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL 392}; 393 394/* Initial hash value H for SHA-224: */ 395static const isc_uint32_t sha224_initial_hash_value[8] = { 396 0xc1059ed8UL, 397 0x367cd507UL, 398 0x3070dd17UL, 399 0xf70e5939UL, 400 0xffc00b31UL, 401 0x68581511UL, 402 0x64f98fa7UL, 403 0xbefa4fa4UL 404}; 405 406/* Initial hash value H for SHA-256: */ 407static const isc_uint32_t sha256_initial_hash_value[8] = { 408 0x6a09e667UL, 409 0xbb67ae85UL, 410 0x3c6ef372UL, 411 0xa54ff53aUL, 412 0x510e527fUL, 413 0x9b05688cUL, 414 0x1f83d9abUL, 415 0x5be0cd19UL 416}; 417 418#ifdef WIN32 419/* Hash constant words K for SHA-384 and SHA-512: */ 420static const isc_uint64_t K512[80] = { 421 0x428a2f98d728ae22UL, 0x7137449123ef65cdUL, 422 0xb5c0fbcfec4d3b2fUL, 0xe9b5dba58189dbbcUL, 423 0x3956c25bf348b538UL, 0x59f111f1b605d019UL, 424 0x923f82a4af194f9bUL, 0xab1c5ed5da6d8118UL, 425 0xd807aa98a3030242UL, 0x12835b0145706fbeUL, 426 0x243185be4ee4b28cUL, 0x550c7dc3d5ffb4e2UL, 427 0x72be5d74f27b896fUL, 0x80deb1fe3b1696b1UL, 428 0x9bdc06a725c71235UL, 0xc19bf174cf692694UL, 429 0xe49b69c19ef14ad2UL, 0xefbe4786384f25e3UL, 430 0x0fc19dc68b8cd5b5UL, 0x240ca1cc77ac9c65UL, 431 0x2de92c6f592b0275UL, 0x4a7484aa6ea6e483UL, 432 0x5cb0a9dcbd41fbd4UL, 0x76f988da831153b5UL, 433 0x983e5152ee66dfabUL, 0xa831c66d2db43210UL, 434 0xb00327c898fb213fUL, 0xbf597fc7beef0ee4UL, 435 0xc6e00bf33da88fc2UL, 0xd5a79147930aa725UL, 436 0x06ca6351e003826fUL, 0x142929670a0e6e70UL, 437 0x27b70a8546d22ffcUL, 0x2e1b21385c26c926UL, 438 0x4d2c6dfc5ac42aedUL, 0x53380d139d95b3dfUL, 439 0x650a73548baf63deUL, 0x766a0abb3c77b2a8UL, 440 0x81c2c92e47edaee6UL, 0x92722c851482353bUL, 441 0xa2bfe8a14cf10364UL, 0xa81a664bbc423001UL, 442 0xc24b8b70d0f89791UL, 0xc76c51a30654be30UL, 443 0xd192e819d6ef5218UL, 0xd69906245565a910UL, 444 0xf40e35855771202aUL, 0x106aa07032bbd1b8UL, 445 0x19a4c116b8d2d0c8UL, 0x1e376c085141ab53UL, 446 0x2748774cdf8eeb99UL, 0x34b0bcb5e19b48a8UL, 447 0x391c0cb3c5c95a63UL, 0x4ed8aa4ae3418acbUL, 448 0x5b9cca4f7763e373UL, 0x682e6ff3d6b2b8a3UL, 449 0x748f82ee5defb2fcUL, 0x78a5636f43172f60UL, 450 0x84c87814a1f0ab72UL, 0x8cc702081a6439ecUL, 451 0x90befffa23631e28UL, 0xa4506cebde82bde9UL, 452 0xbef9a3f7b2c67915UL, 0xc67178f2e372532bUL, 453 0xca273eceea26619cUL, 0xd186b8c721c0c207UL, 454 0xeada7dd6cde0eb1eUL, 0xf57d4f7fee6ed178UL, 455 0x06f067aa72176fbaUL, 0x0a637dc5a2c898a6UL, 456 0x113f9804bef90daeUL, 0x1b710b35131c471bUL, 457 0x28db77f523047d84UL, 0x32caab7b40c72493UL, 458 0x3c9ebe0a15c9bebcUL, 0x431d67c49c100d4cUL, 459 0x4cc5d4becb3e42b6UL, 0x597f299cfc657e2aUL, 460 0x5fcb6fab3ad6faecUL, 0x6c44198c4a475817UL 461}; 462 463/* Initial hash value H for SHA-384: */ 464static const isc_uint64_t sha384_initial_hash_value[8] = { 465 0xcbbb9d5dc1059ed8UL, 466 0x629a292a367cd507UL, 467 0x9159015a3070dd17UL, 468 0x152fecd8f70e5939UL, 469 0x67332667ffc00b31UL, 470 0x8eb44a8768581511UL, 471 0xdb0c2e0d64f98fa7UL, 472 0x47b5481dbefa4fa4UL 473}; 474 475/* Initial hash value H for SHA-512: */ 476static const isc_uint64_t sha512_initial_hash_value[8] = { 477 0x6a09e667f3bcc908U, 478 0xbb67ae8584caa73bUL, 479 0x3c6ef372fe94f82bUL, 480 0xa54ff53a5f1d36f1UL, 481 0x510e527fade682d1UL, 482 0x9b05688c2b3e6c1fUL, 483 0x1f83d9abfb41bd6bUL, 484 0x5be0cd19137e2179UL 485}; 486#else 487/* Hash constant words K for SHA-384 and SHA-512: */ 488static const isc_uint64_t K512[80] = { 489 0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL, 490 0xb5c0fbcfec4d3b2fULL, 0xe9b5dba58189dbbcULL, 491 0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL, 492 0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL, 493 0xd807aa98a3030242ULL, 0x12835b0145706fbeULL, 494 0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL, 495 0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL, 496 0x9bdc06a725c71235ULL, 0xc19bf174cf692694ULL, 497 0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL, 498 0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL, 499 0x2de92c6f592b0275ULL, 0x4a7484aa6ea6e483ULL, 500 0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL, 501 0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL, 502 0xb00327c898fb213fULL, 0xbf597fc7beef0ee4ULL, 503 0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL, 504 0x06ca6351e003826fULL, 0x142929670a0e6e70ULL, 505 0x27b70a8546d22ffcULL, 0x2e1b21385c26c926ULL, 506 0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL, 507 0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL, 508 0x81c2c92e47edaee6ULL, 0x92722c851482353bULL, 509 0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL, 510 0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL, 511 0xd192e819d6ef5218ULL, 0xd69906245565a910ULL, 512 0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL, 513 0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL, 514 0x2748774cdf8eeb99ULL, 0x34b0bcb5e19b48a8ULL, 515 0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL, 516 0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL, 517 0x748f82ee5defb2fcULL, 0x78a5636f43172f60ULL, 518 0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL, 519 0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL, 520 0xbef9a3f7b2c67915ULL, 0xc67178f2e372532bULL, 521 0xca273eceea26619cULL, 0xd186b8c721c0c207ULL, 522 0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL, 523 0x06f067aa72176fbaULL, 0x0a637dc5a2c898a6ULL, 524 0x113f9804bef90daeULL, 0x1b710b35131c471bULL, 525 0x28db77f523047d84ULL, 0x32caab7b40c72493ULL, 526 0x3c9ebe0a15c9bebcULL, 0x431d67c49c100d4cULL, 527 0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL, 528 0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL 529}; 530 531/* Initial hash value H for SHA-384: */ 532static const isc_uint64_t sha384_initial_hash_value[8] = { 533 0xcbbb9d5dc1059ed8ULL, 534 0x629a292a367cd507ULL, 535 0x9159015a3070dd17ULL, 536 0x152fecd8f70e5939ULL, 537 0x67332667ffc00b31ULL, 538 0x8eb44a8768581511ULL, 539 0xdb0c2e0d64f98fa7ULL, 540 0x47b5481dbefa4fa4ULL 541}; 542 543/* Initial hash value H for SHA-512: */ 544static const isc_uint64_t sha512_initial_hash_value[8] = { 545 0x6a09e667f3bcc908ULL, 546 0xbb67ae8584caa73bULL, 547 0x3c6ef372fe94f82bULL, 548 0xa54ff53a5f1d36f1ULL, 549 0x510e527fade682d1ULL, 550 0x9b05688c2b3e6c1fULL, 551 0x1f83d9abfb41bd6bULL, 552 0x5be0cd19137e2179ULL 553}; 554#endif 555 556 557/*** SHA-224: *********************************************************/ 558void 559isc_sha224_init(isc_sha224_t *context) { 560 if (context == (isc_sha256_t *)0) { 561 return; 562 } 563 memcpy(context->state, sha224_initial_hash_value, 564 ISC_SHA256_DIGESTLENGTH); 565 memset(context->buffer, 0, ISC_SHA256_BLOCK_LENGTH); 566 context->bitcount = 0; 567} 568 569void 570isc_sha224_invalidate(isc_sha224_t *context) { 571 memset(context, 0, sizeof(isc_sha224_t)); 572} 573 574void 575isc_sha224_update(isc_sha224_t *context, const isc_uint8_t* data, size_t len) { 576 isc_sha256_update((isc_sha256_t *)context, data, len); 577} 578 579void 580isc_sha224_final(isc_uint8_t digest[], isc_sha224_t *context) { 581 isc_uint8_t sha256_digest[ISC_SHA256_DIGESTLENGTH]; 582 isc_sha256_final(sha256_digest, (isc_sha256_t *)context); 583 memcpy(digest, sha256_digest, ISC_SHA224_DIGESTLENGTH); 584 memset(sha256_digest, 0, ISC_SHA256_DIGESTLENGTH); 585} 586 587/*** SHA-256: *********************************************************/ 588void 589isc_sha256_init(isc_sha256_t *context) { 590 if (context == (isc_sha256_t *)0) { 591 return; 592 } 593 memcpy(context->state, sha256_initial_hash_value, 594 ISC_SHA256_DIGESTLENGTH); 595 memset(context->buffer, 0, ISC_SHA256_BLOCK_LENGTH); 596 context->bitcount = 0; 597} 598 599void 600isc_sha256_invalidate(isc_sha256_t *context) { 601 memset(context, 0, sizeof(isc_sha256_t)); 602} 603 604#ifdef ISC_SHA2_UNROLL_TRANSFORM 605 606/* Unrolled SHA-256 round macros: */ 607 608#if BYTE_ORDER == LITTLE_ENDIAN 609 610#define ROUND256_0_TO_15(a,b,c,d,e,f,g,h) \ 611 REVERSE32(*data++, W256[j]); \ 612 T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + \ 613 K256[j] + W256[j]; \ 614 (d) += T1; \ 615 (h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \ 616 j++ 617 618 619#else /* BYTE_ORDER == LITTLE_ENDIAN */ 620 621#define ROUND256_0_TO_15(a,b,c,d,e,f,g,h) \ 622 T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + \ 623 K256[j] + (W256[j] = *data++); \ 624 (d) += T1; \ 625 (h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \ 626 j++ 627 628#endif /* BYTE_ORDER == LITTLE_ENDIAN */ 629 630#define ROUND256(a,b,c,d,e,f,g,h) \ 631 s0 = W256[(j+1)&0x0f]; \ 632 s0 = sigma0_256(s0); \ 633 s1 = W256[(j+14)&0x0f]; \ 634 s1 = sigma1_256(s1); \ 635 T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + K256[j] + \ 636 (W256[j&0x0f] += s1 + W256[(j+9)&0x0f] + s0); \ 637 (d) += T1; \ 638 (h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \ 639 j++ 640 641void isc_sha256_transform(isc_sha256_t *context, const isc_uint32_t* data) { 642 isc_uint32_t a, b, c, d, e, f, g, h, s0, s1; 643 isc_uint32_t T1, *W256; 644 int j; 645 646 W256 = (isc_uint32_t*)context->buffer; 647 648 /* Initialize registers with the prev. intermediate value */ 649 a = context->state[0]; 650 b = context->state[1]; 651 c = context->state[2]; 652 d = context->state[3]; 653 e = context->state[4]; 654 f = context->state[5]; 655 g = context->state[6]; 656 h = context->state[7]; 657 658 j = 0; 659 do { 660 /* Rounds 0 to 15 (unrolled): */ 661 ROUND256_0_TO_15(a,b,c,d,e,f,g,h); 662 ROUND256_0_TO_15(h,a,b,c,d,e,f,g); 663 ROUND256_0_TO_15(g,h,a,b,c,d,e,f); 664 ROUND256_0_TO_15(f,g,h,a,b,c,d,e); 665 ROUND256_0_TO_15(e,f,g,h,a,b,c,d); 666 ROUND256_0_TO_15(d,e,f,g,h,a,b,c); 667 ROUND256_0_TO_15(c,d,e,f,g,h,a,b); 668 ROUND256_0_TO_15(b,c,d,e,f,g,h,a); 669 } while (j < 16); 670 671 /* Now for the remaining rounds to 64: */ 672 do { 673 ROUND256(a,b,c,d,e,f,g,h); 674 ROUND256(h,a,b,c,d,e,f,g); 675 ROUND256(g,h,a,b,c,d,e,f); 676 ROUND256(f,g,h,a,b,c,d,e); 677 ROUND256(e,f,g,h,a,b,c,d); 678 ROUND256(d,e,f,g,h,a,b,c); 679 ROUND256(c,d,e,f,g,h,a,b); 680 ROUND256(b,c,d,e,f,g,h,a); 681 } while (j < 64); 682 683 /* Compute the current intermediate hash value */ 684 context->state[0] += a; 685 context->state[1] += b; 686 context->state[2] += c; 687 context->state[3] += d; 688 context->state[4] += e; 689 context->state[5] += f; 690 context->state[6] += g; 691 context->state[7] += h; 692 693 /* Clean up */ 694 a = b = c = d = e = f = g = h = T1 = 0; 695} 696 697#else /* ISC_SHA2_UNROLL_TRANSFORM */ 698 699void 700isc_sha256_transform(isc_sha256_t *context, const isc_uint32_t* data) { 701 isc_uint32_t a, b, c, d, e, f, g, h, s0, s1; 702 isc_uint32_t T1, T2, *W256; 703 int j; 704 705 W256 = (isc_uint32_t*)context->buffer; 706 707 /* Initialize registers with the prev. intermediate value */ 708 a = context->state[0]; 709 b = context->state[1]; 710 c = context->state[2]; 711 d = context->state[3]; 712 e = context->state[4]; 713 f = context->state[5]; 714 g = context->state[6]; 715 h = context->state[7]; 716 717 j = 0; 718 do { 719#if BYTE_ORDER == LITTLE_ENDIAN 720 /* Copy data while converting to host byte order */ 721 REVERSE32(*data++,W256[j]); 722 /* Apply the SHA-256 compression function to update a..h */ 723 T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + W256[j]; 724#else /* BYTE_ORDER == LITTLE_ENDIAN */ 725 /* Apply the SHA-256 compression function to update a..h with copy */ 726 T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + (W256[j] = *data++); 727#endif /* BYTE_ORDER == LITTLE_ENDIAN */ 728 T2 = Sigma0_256(a) + Maj(a, b, c); 729 h = g; 730 g = f; 731 f = e; 732 e = d + T1; 733 d = c; 734 c = b; 735 b = a; 736 a = T1 + T2; 737 738 j++; 739 } while (j < 16); 740 741 do { 742 /* Part of the message block expansion: */ 743 s0 = W256[(j+1)&0x0f]; 744 s0 = sigma0_256(s0); 745 s1 = W256[(j+14)&0x0f]; 746 s1 = sigma1_256(s1); 747 748 /* Apply the SHA-256 compression function to update a..h */ 749 T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + 750 (W256[j&0x0f] += s1 + W256[(j+9)&0x0f] + s0); 751 T2 = Sigma0_256(a) + Maj(a, b, c); 752 h = g; 753 g = f; 754 f = e; 755 e = d + T1; 756 d = c; 757 c = b; 758 b = a; 759 a = T1 + T2; 760 761 j++; 762 } while (j < 64); 763 764 /* Compute the current intermediate hash value */ 765 context->state[0] += a; 766 context->state[1] += b; 767 context->state[2] += c; 768 context->state[3] += d; 769 context->state[4] += e; 770 context->state[5] += f; 771 context->state[6] += g; 772 context->state[7] += h; 773 774 /* Clean up */ 775 a = b = c = d = e = f = g = h = T1 = T2 = 0; 776} 777 778#endif /* ISC_SHA2_UNROLL_TRANSFORM */ 779 780void 781isc_sha256_update(isc_sha256_t *context, const isc_uint8_t *data, size_t len) { 782 unsigned int freespace, usedspace; 783 784 if (len == 0U) { 785 /* Calling with no data is valid - we do nothing */ 786 return; 787 } 788 789 /* Sanity check: */ 790 REQUIRE(context != (isc_sha256_t *)0 && data != (isc_uint8_t*)0); 791 792 usedspace = (unsigned int)((context->bitcount >> 3) % 793 ISC_SHA256_BLOCK_LENGTH); 794 if (usedspace > 0) { 795 /* Calculate how much free space is available in the buffer */ 796 freespace = ISC_SHA256_BLOCK_LENGTH - usedspace; 797 798 if (len >= freespace) { 799 /* Fill the buffer completely and process it */ 800 memcpy(&context->buffer[usedspace], data, freespace); 801 context->bitcount += freespace << 3; 802 len -= freespace; 803 data += freespace; 804 isc_sha256_transform(context, 805 (isc_uint32_t*)context->buffer); 806 } else { 807 /* The buffer is not yet full */ 808 memcpy(&context->buffer[usedspace], data, len); 809 context->bitcount += len << 3; 810 /* Clean up: */ 811 usedspace = freespace = 0; 812 return; 813 } 814 } 815 while (len >= ISC_SHA256_BLOCK_LENGTH) { 816 /* Process as many complete blocks as we can */ 817 memcpy(context->buffer, data, ISC_SHA256_BLOCK_LENGTH); 818 isc_sha256_transform(context, (isc_uint32_t*)context->buffer); 819 context->bitcount += ISC_SHA256_BLOCK_LENGTH << 3; 820 len -= ISC_SHA256_BLOCK_LENGTH; 821 data += ISC_SHA256_BLOCK_LENGTH; 822 } 823 if (len > 0U) { 824 /* There's left-overs, so save 'em */ 825 memcpy(context->buffer, data, len); 826 context->bitcount += len << 3; 827 } 828 /* Clean up: */ 829 usedspace = freespace = 0; 830} 831 832void 833isc_sha256_final(isc_uint8_t digest[], isc_sha256_t *context) { 834 isc_uint32_t *d = (isc_uint32_t*)digest; 835 unsigned int usedspace; 836 837 /* Sanity check: */ 838 REQUIRE(context != (isc_sha256_t *)0); 839 840 /* If no digest buffer is passed, we don't bother doing this: */ 841 if (digest != (isc_uint8_t*)0) { 842 usedspace = (unsigned int)((context->bitcount >> 3) % 843 ISC_SHA256_BLOCK_LENGTH); 844#if BYTE_ORDER == LITTLE_ENDIAN 845 /* Convert FROM host byte order */ 846 REVERSE64(context->bitcount,context->bitcount); 847#endif 848 if (usedspace > 0) { 849 /* Begin padding with a 1 bit: */ 850 context->buffer[usedspace++] = 0x80; 851 852 if (usedspace <= ISC_SHA256_SHORT_BLOCK_LENGTH) { 853 /* Set-up for the last transform: */ 854 memset(&context->buffer[usedspace], 0, 855 ISC_SHA256_SHORT_BLOCK_LENGTH - usedspace); 856 } else { 857 if (usedspace < ISC_SHA256_BLOCK_LENGTH) { 858 memset(&context->buffer[usedspace], 0, 859 ISC_SHA256_BLOCK_LENGTH - 860 usedspace); 861 } 862 /* Do second-to-last transform: */ 863 isc_sha256_transform(context, 864 (isc_uint32_t*)context->buffer); 865 866 /* And set-up for the last transform: */ 867 memset(context->buffer, 0, 868 ISC_SHA256_SHORT_BLOCK_LENGTH); 869 } 870 } else { 871 /* Set-up for the last transform: */ 872 memset(context->buffer, 0, ISC_SHA256_SHORT_BLOCK_LENGTH); 873 874 /* Begin padding with a 1 bit: */ 875 *context->buffer = 0x80; 876 } 877 /* Set the bit count: */ 878 *(isc_uint64_t*)&context->buffer[ISC_SHA256_SHORT_BLOCK_LENGTH] = context->bitcount; 879 880 /* Final transform: */ 881 isc_sha256_transform(context, (isc_uint32_t*)context->buffer); 882 883#if BYTE_ORDER == LITTLE_ENDIAN 884 { 885 /* Convert TO host byte order */ 886 int j; 887 for (j = 0; j < 8; j++) { 888 REVERSE32(context->state[j],context->state[j]); 889 *d++ = context->state[j]; 890 } 891 } 892#else 893 memcpy(d, context->state, ISC_SHA256_DIGESTLENGTH); 894#endif 895 } 896 897 /* Clean up state data: */ 898 memset(context, 0, sizeof(context)); 899 usedspace = 0; 900} 901 902/*** SHA-512: *********************************************************/ 903void 904isc_sha512_init(isc_sha512_t *context) { 905 if (context == (isc_sha512_t *)0) { 906 return; 907 } 908 memcpy(context->state, sha512_initial_hash_value, 909 ISC_SHA512_DIGESTLENGTH); 910 memset(context->buffer, 0, ISC_SHA512_BLOCK_LENGTH); 911 context->bitcount[0] = context->bitcount[1] = 0; 912} 913 914void 915isc_sha512_invalidate(isc_sha512_t *context) { 916 memset(context, 0, sizeof(isc_sha512_t)); 917} 918 919#ifdef ISC_SHA2_UNROLL_TRANSFORM 920 921/* Unrolled SHA-512 round macros: */ 922#if BYTE_ORDER == LITTLE_ENDIAN 923 924#define ROUND512_0_TO_15(a,b,c,d,e,f,g,h) \ 925 REVERSE64(*data++, W512[j]); \ 926 T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + \ 927 K512[j] + W512[j]; \ 928 (d) += T1, \ 929 (h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)), \ 930 j++ 931 932 933#else /* BYTE_ORDER == LITTLE_ENDIAN */ 934 935#define ROUND512_0_TO_15(a,b,c,d,e,f,g,h) \ 936 T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + \ 937 K512[j] + (W512[j] = *data++); \ 938 (d) += T1; \ 939 (h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)); \ 940 j++ 941 942#endif /* BYTE_ORDER == LITTLE_ENDIAN */ 943 944#define ROUND512(a,b,c,d,e,f,g,h) \ 945 s0 = W512[(j+1)&0x0f]; \ 946 s0 = sigma0_512(s0); \ 947 s1 = W512[(j+14)&0x0f]; \ 948 s1 = sigma1_512(s1); \ 949 T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + K512[j] + \ 950 (W512[j&0x0f] += s1 + W512[(j+9)&0x0f] + s0); \ 951 (d) += T1; \ 952 (h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)); \ 953 j++ 954 955void isc_sha512_transform(isc_sha512_t *context, const isc_uint64_t* data) { 956 isc_uint64_t a, b, c, d, e, f, g, h, s0, s1; 957 isc_uint64_t T1, *W512 = (isc_uint64_t*)context->buffer; 958 int j; 959 960 /* Initialize registers with the prev. intermediate value */ 961 a = context->state[0]; 962 b = context->state[1]; 963 c = context->state[2]; 964 d = context->state[3]; 965 e = context->state[4]; 966 f = context->state[5]; 967 g = context->state[6]; 968 h = context->state[7]; 969 970 j = 0; 971 do { 972 ROUND512_0_TO_15(a,b,c,d,e,f,g,h); 973 ROUND512_0_TO_15(h,a,b,c,d,e,f,g); 974 ROUND512_0_TO_15(g,h,a,b,c,d,e,f); 975 ROUND512_0_TO_15(f,g,h,a,b,c,d,e); 976 ROUND512_0_TO_15(e,f,g,h,a,b,c,d); 977 ROUND512_0_TO_15(d,e,f,g,h,a,b,c); 978 ROUND512_0_TO_15(c,d,e,f,g,h,a,b); 979 ROUND512_0_TO_15(b,c,d,e,f,g,h,a); 980 } while (j < 16); 981 982 /* Now for the remaining rounds up to 79: */ 983 do { 984 ROUND512(a,b,c,d,e,f,g,h); 985 ROUND512(h,a,b,c,d,e,f,g); 986 ROUND512(g,h,a,b,c,d,e,f); 987 ROUND512(f,g,h,a,b,c,d,e); 988 ROUND512(e,f,g,h,a,b,c,d); 989 ROUND512(d,e,f,g,h,a,b,c); 990 ROUND512(c,d,e,f,g,h,a,b); 991 ROUND512(b,c,d,e,f,g,h,a); 992 } while (j < 80); 993 994 /* Compute the current intermediate hash value */ 995 context->state[0] += a; 996 context->state[1] += b; 997 context->state[2] += c; 998 context->state[3] += d; 999 context->state[4] += e; 1000 context->state[5] += f; 1001 context->state[6] += g; 1002 context->state[7] += h; 1003 1004 /* Clean up */ 1005 a = b = c = d = e = f = g = h = T1 = 0; 1006} 1007 1008#else /* ISC_SHA2_UNROLL_TRANSFORM */ 1009 1010void 1011isc_sha512_transform(isc_sha512_t *context, const isc_uint64_t* data) { 1012 isc_uint64_t a, b, c, d, e, f, g, h, s0, s1; 1013 isc_uint64_t T1, T2, *W512 = (isc_uint64_t*)context->buffer; 1014 int j; 1015 1016 /* Initialize registers with the prev. intermediate value */ 1017 a = context->state[0]; 1018 b = context->state[1]; 1019 c = context->state[2]; 1020 d = context->state[3]; 1021 e = context->state[4]; 1022 f = context->state[5]; 1023 g = context->state[6]; 1024 h = context->state[7]; 1025 1026 j = 0; 1027 do { 1028#if BYTE_ORDER == LITTLE_ENDIAN 1029 /* Convert TO host byte order */ 1030 REVERSE64(*data++, W512[j]); 1031 /* Apply the SHA-512 compression function to update a..h */ 1032 T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + W512[j]; 1033#else /* BYTE_ORDER == LITTLE_ENDIAN */ 1034 /* Apply the SHA-512 compression function to update a..h with copy */ 1035 T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + (W512[j] = *data++); 1036#endif /* BYTE_ORDER == LITTLE_ENDIAN */ 1037 T2 = Sigma0_512(a) + Maj(a, b, c); 1038 h = g; 1039 g = f; 1040 f = e; 1041 e = d + T1; 1042 d = c; 1043 c = b; 1044 b = a; 1045 a = T1 + T2; 1046 1047 j++; 1048 } while (j < 16); 1049 1050 do { 1051 /* Part of the message block expansion: */ 1052 s0 = W512[(j+1)&0x0f]; 1053 s0 = sigma0_512(s0); 1054 s1 = W512[(j+14)&0x0f]; 1055 s1 = sigma1_512(s1); 1056 1057 /* Apply the SHA-512 compression function to update a..h */ 1058 T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + 1059 (W512[j&0x0f] += s1 + W512[(j+9)&0x0f] + s0); 1060 T2 = Sigma0_512(a) + Maj(a, b, c); 1061 h = g; 1062 g = f; 1063 f = e; 1064 e = d + T1; 1065 d = c; 1066 c = b; 1067 b = a; 1068 a = T1 + T2; 1069 1070 j++; 1071 } while (j < 80); 1072 1073 /* Compute the current intermediate hash value */ 1074 context->state[0] += a; 1075 context->state[1] += b; 1076 context->state[2] += c; 1077 context->state[3] += d; 1078 context->state[4] += e; 1079 context->state[5] += f; 1080 context->state[6] += g; 1081 context->state[7] += h; 1082 1083 /* Clean up */ 1084 a = b = c = d = e = f = g = h = T1 = T2 = 0; 1085} 1086 1087#endif /* ISC_SHA2_UNROLL_TRANSFORM */ 1088 1089void isc_sha512_update(isc_sha512_t *context, const isc_uint8_t *data, size_t len) { 1090 unsigned int freespace, usedspace; 1091 1092 if (len == 0U) { 1093 /* Calling with no data is valid - we do nothing */ 1094 return; 1095 } 1096 1097 /* Sanity check: */ 1098 REQUIRE(context != (isc_sha512_t *)0 && data != (isc_uint8_t*)0); 1099 1100 usedspace = (unsigned int)((context->bitcount[0] >> 3) % 1101 ISC_SHA512_BLOCK_LENGTH); 1102 if (usedspace > 0) { 1103 /* Calculate how much free space is available in the buffer */ 1104 freespace = ISC_SHA512_BLOCK_LENGTH - usedspace; 1105 1106 if (len >= freespace) { 1107 /* Fill the buffer completely and process it */ 1108 memcpy(&context->buffer[usedspace], data, freespace); 1109 ADDINC128(context->bitcount, freespace << 3); 1110 len -= freespace; 1111 data += freespace; 1112 isc_sha512_transform(context, 1113 (isc_uint64_t*)context->buffer); 1114 } else { 1115 /* The buffer is not yet full */ 1116 memcpy(&context->buffer[usedspace], data, len); 1117 ADDINC128(context->bitcount, len << 3); 1118 /* Clean up: */ 1119 usedspace = freespace = 0; 1120 return; 1121 } 1122 } 1123 while (len >= ISC_SHA512_BLOCK_LENGTH) { 1124 /* Process as many complete blocks as we can */ 1125 memcpy(context->buffer, data, ISC_SHA512_BLOCK_LENGTH); 1126 isc_sha512_transform(context, (isc_uint64_t*)context->buffer); 1127 ADDINC128(context->bitcount, ISC_SHA512_BLOCK_LENGTH << 3); 1128 len -= ISC_SHA512_BLOCK_LENGTH; 1129 data += ISC_SHA512_BLOCK_LENGTH; 1130 } 1131 if (len > 0U) { 1132 /* There's left-overs, so save 'em */ 1133 memcpy(context->buffer, data, len); 1134 ADDINC128(context->bitcount, len << 3); 1135 } 1136 /* Clean up: */ 1137 usedspace = freespace = 0; 1138} 1139 1140void isc_sha512_last(isc_sha512_t *context) { 1141 unsigned int usedspace; 1142 1143 usedspace = (unsigned int)((context->bitcount[0] >> 3) % 1144 ISC_SHA512_BLOCK_LENGTH); 1145#if BYTE_ORDER == LITTLE_ENDIAN 1146 /* Convert FROM host byte order */ 1147 REVERSE64(context->bitcount[0],context->bitcount[0]); 1148 REVERSE64(context->bitcount[1],context->bitcount[1]); 1149#endif 1150 if (usedspace > 0) { 1151 /* Begin padding with a 1 bit: */ 1152 context->buffer[usedspace++] = 0x80; 1153 1154 if (usedspace <= ISC_SHA512_SHORT_BLOCK_LENGTH) { 1155 /* Set-up for the last transform: */ 1156 memset(&context->buffer[usedspace], 0, 1157 ISC_SHA512_SHORT_BLOCK_LENGTH - usedspace); 1158 } else { 1159 if (usedspace < ISC_SHA512_BLOCK_LENGTH) { 1160 memset(&context->buffer[usedspace], 0, 1161 ISC_SHA512_BLOCK_LENGTH - usedspace); 1162 } 1163 /* Do second-to-last transform: */ 1164 isc_sha512_transform(context, 1165 (isc_uint64_t*)context->buffer); 1166 1167 /* And set-up for the last transform: */ 1168 memset(context->buffer, 0, ISC_SHA512_BLOCK_LENGTH - 2); 1169 } 1170 } else { 1171 /* Prepare for final transform: */ 1172 memset(context->buffer, 0, ISC_SHA512_SHORT_BLOCK_LENGTH); 1173 1174 /* Begin padding with a 1 bit: */ 1175 *context->buffer = 0x80; 1176 } 1177 /* Store the length of input data (in bits): */ 1178 *(isc_uint64_t*)&context->buffer[ISC_SHA512_SHORT_BLOCK_LENGTH] = context->bitcount[1]; 1179 *(isc_uint64_t*)&context->buffer[ISC_SHA512_SHORT_BLOCK_LENGTH+8] = context->bitcount[0]; 1180 1181 /* Final transform: */ 1182 isc_sha512_transform(context, (isc_uint64_t*)context->buffer); 1183} 1184 1185void isc_sha512_final(isc_uint8_t digest[], isc_sha512_t *context) { 1186 isc_uint64_t *d = (isc_uint64_t*)digest; 1187 1188 /* Sanity check: */ 1189 REQUIRE(context != (isc_sha512_t *)0); 1190 1191 /* If no digest buffer is passed, we don't bother doing this: */ 1192 if (digest != (isc_uint8_t*)0) { 1193 isc_sha512_last(context); 1194 1195 /* Save the hash data for output: */ 1196#if BYTE_ORDER == LITTLE_ENDIAN 1197 { 1198 /* Convert TO host byte order */ 1199 int j; 1200 for (j = 0; j < 8; j++) { 1201 REVERSE64(context->state[j],context->state[j]); 1202 *d++ = context->state[j]; 1203 } 1204 } 1205#else 1206 memcpy(d, context->state, ISC_SHA512_DIGESTLENGTH); 1207#endif 1208 } 1209 1210 /* Zero out state data */ 1211 memset(context, 0, sizeof(context)); 1212} 1213 1214 1215/*** SHA-384: *********************************************************/ 1216void 1217isc_sha384_init(isc_sha384_t *context) { 1218 if (context == (isc_sha384_t *)0) { 1219 return; 1220 } 1221 memcpy(context->state, sha384_initial_hash_value, 1222 ISC_SHA512_DIGESTLENGTH); 1223 memset(context->buffer, 0, ISC_SHA384_BLOCK_LENGTH); 1224 context->bitcount[0] = context->bitcount[1] = 0; 1225} 1226 1227void 1228isc_sha384_invalidate(isc_sha384_t *context) { 1229 memset(context, 0, sizeof(isc_sha384_t)); 1230} 1231 1232void 1233isc_sha384_update(isc_sha384_t *context, const isc_uint8_t* data, size_t len) { 1234 isc_sha512_update((isc_sha512_t *)context, data, len); 1235} 1236 1237void 1238isc_sha384_final(isc_uint8_t digest[], isc_sha384_t *context) { 1239 isc_uint64_t *d = (isc_uint64_t*)digest; 1240 1241 /* Sanity check: */ 1242 REQUIRE(context != (isc_sha384_t *)0); 1243 1244 /* If no digest buffer is passed, we don't bother doing this: */ 1245 if (digest != (isc_uint8_t*)0) { 1246 isc_sha512_last((isc_sha512_t *)context); 1247 1248 /* Save the hash data for output: */ 1249#if BYTE_ORDER == LITTLE_ENDIAN 1250 { 1251 /* Convert TO host byte order */ 1252 int j; 1253 for (j = 0; j < 6; j++) { 1254 REVERSE64(context->state[j],context->state[j]); 1255 *d++ = context->state[j]; 1256 } 1257 } 1258#else 1259 memcpy(d, context->state, ISC_SHA384_DIGESTLENGTH); 1260#endif 1261 } 1262 1263 /* Zero out state data */ 1264 memset(context, 0, sizeof(context)); 1265} 1266#endif /* !ISC_PLATFORM_OPENSSLHASH */ 1267 1268/* 1269 * Constant used by SHA256/384/512_End() functions for converting the 1270 * digest to a readable hexadecimal character string: 1271 */ 1272static const char *sha2_hex_digits = "0123456789abcdef"; 1273 1274char * 1275isc_sha224_end(isc_sha224_t *context, char buffer[]) { 1276 isc_uint8_t digest[ISC_SHA224_DIGESTLENGTH], *d = digest; 1277 unsigned int i; 1278 1279 /* Sanity check: */ 1280 REQUIRE(context != (isc_sha224_t *)0); 1281 1282 if (buffer != (char*)0) { 1283 isc_sha224_final(digest, context); 1284 1285 for (i = 0; i < ISC_SHA224_DIGESTLENGTH; i++) { 1286 *buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4]; 1287 *buffer++ = sha2_hex_digits[*d & 0x0f]; 1288 d++; 1289 } 1290 *buffer = (char)0; 1291 } else { 1292#ifdef ISC_PLATFORM_OPENSSLHASH 1293 EVP_MD_CTX_cleanup(context); 1294#else 1295 memset(context, 0, sizeof(context)); 1296#endif 1297 } 1298 memset(digest, 0, ISC_SHA224_DIGESTLENGTH); 1299 return buffer; 1300} 1301 1302char * 1303isc_sha224_data(const isc_uint8_t *data, size_t len, 1304 char digest[ISC_SHA224_DIGESTSTRINGLENGTH]) 1305{ 1306 isc_sha224_t context; 1307 1308 isc_sha224_init(&context); 1309 isc_sha224_update(&context, data, len); 1310 return (isc_sha224_end(&context, digest)); 1311} 1312 1313char * 1314isc_sha256_end(isc_sha256_t *context, char buffer[]) { 1315 isc_uint8_t digest[ISC_SHA256_DIGESTLENGTH], *d = digest; 1316 unsigned int i; 1317 1318 /* Sanity check: */ 1319 REQUIRE(context != (isc_sha256_t *)0); 1320 1321 if (buffer != (char*)0) { 1322 isc_sha256_final(digest, context); 1323 1324 for (i = 0; i < ISC_SHA256_DIGESTLENGTH; i++) { 1325 *buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4]; 1326 *buffer++ = sha2_hex_digits[*d & 0x0f]; 1327 d++; 1328 } 1329 *buffer = (char)0; 1330 } else { 1331#ifdef ISC_PLATFORM_OPENSSLHASH 1332 EVP_MD_CTX_cleanup(context); 1333#else 1334 memset(context, 0, sizeof(context)); 1335#endif 1336 } 1337 memset(digest, 0, ISC_SHA256_DIGESTLENGTH); 1338 return buffer; 1339} 1340 1341char * 1342isc_sha256_data(const isc_uint8_t* data, size_t len, 1343 char digest[ISC_SHA256_DIGESTSTRINGLENGTH]) 1344{ 1345 isc_sha256_t context; 1346 1347 isc_sha256_init(&context); 1348 isc_sha256_update(&context, data, len); 1349 return (isc_sha256_end(&context, digest)); 1350} 1351 1352char * 1353isc_sha512_end(isc_sha512_t *context, char buffer[]) { 1354 isc_uint8_t digest[ISC_SHA512_DIGESTLENGTH], *d = digest; 1355 unsigned int i; 1356 1357 /* Sanity check: */ 1358 REQUIRE(context != (isc_sha512_t *)0); 1359 1360 if (buffer != (char*)0) { 1361 isc_sha512_final(digest, context); 1362 1363 for (i = 0; i < ISC_SHA512_DIGESTLENGTH; i++) { 1364 *buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4]; 1365 *buffer++ = sha2_hex_digits[*d & 0x0f]; 1366 d++; 1367 } 1368 *buffer = (char)0; 1369 } else { 1370#ifdef ISC_PLATFORM_OPENSSLHASH 1371 EVP_MD_CTX_cleanup(context); 1372#else 1373 memset(context, 0, sizeof(context)); 1374#endif 1375 } 1376 memset(digest, 0, ISC_SHA512_DIGESTLENGTH); 1377 return buffer; 1378} 1379 1380char * 1381isc_sha512_data(const isc_uint8_t *data, size_t len, 1382 char digest[ISC_SHA512_DIGESTSTRINGLENGTH]) 1383{ 1384 isc_sha512_t context; 1385 1386 isc_sha512_init(&context); 1387 isc_sha512_update(&context, data, len); 1388 return (isc_sha512_end(&context, digest)); 1389} 1390 1391char * 1392isc_sha384_end(isc_sha384_t *context, char buffer[]) { 1393 isc_uint8_t digest[ISC_SHA384_DIGESTLENGTH], *d = digest; 1394 unsigned int i; 1395 1396 /* Sanity check: */ 1397 REQUIRE(context != (isc_sha384_t *)0); 1398 1399 if (buffer != (char*)0) { 1400 isc_sha384_final(digest, context); 1401 1402 for (i = 0; i < ISC_SHA384_DIGESTLENGTH; i++) { 1403 *buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4]; 1404 *buffer++ = sha2_hex_digits[*d & 0x0f]; 1405 d++; 1406 } 1407 *buffer = (char)0; 1408 } else { 1409#ifdef ISC_PLATFORM_OPENSSLHASH 1410 EVP_MD_CTX_cleanup(context); 1411#else 1412 memset(context, 0, sizeof(context)); 1413#endif 1414 } 1415 memset(digest, 0, ISC_SHA384_DIGESTLENGTH); 1416 return buffer; 1417} 1418 1419char * 1420isc_sha384_data(const isc_uint8_t *data, size_t len, 1421 char digest[ISC_SHA384_DIGESTSTRINGLENGTH]) 1422{ 1423 isc_sha384_t context; 1424 1425 isc_sha384_init(&context); 1426 isc_sha384_update(&context, data, len); 1427 return (isc_sha384_end(&context, digest)); 1428} 1429