sha2.c revision 170222
1/* 2 * Copyright (C) 2005, 2006 Internet Systems Consortium, Inc. ("ISC") 3 * 4 * Permission to use, copy, modify, and distribute this software for any 5 * purpose with or without fee is hereby granted, provided that the above 6 * copyright notice and this permission notice appear in all copies. 7 * 8 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH 9 * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 10 * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, 11 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM 12 * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE 13 * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 14 * PERFORMANCE OF THIS SOFTWARE. 15 */ 16 17/* $Id: sha2.c,v 1.2.2.12 2006/08/16 03:18:14 marka Exp $ */ 18 19/* $FreeBSD: vendor/bind9/dist/contrib/bind9/lib/isc/sha2.c 170222 2007-06-02 23:21:47Z dougb $ */ 20/* $KAME: sha2.c,v 1.8 2001/11/08 01:07:52 itojun Exp $ */ 21 22/* 23 * sha2.c 24 * 25 * Version 1.0.0beta1 26 * 27 * Written by Aaron D. Gifford <me@aarongifford.com> 28 * 29 * Copyright 2000 Aaron D. Gifford. All rights reserved. 30 * 31 * Redistribution and use in source and binary forms, with or without 32 * modification, are permitted provided that the following conditions 33 * are met: 34 * 1. Redistributions of source code must retain the above copyright 35 * notice, this list of conditions and the following disclaimer. 36 * 2. Redistributions in binary form must reproduce the above copyright 37 * notice, this list of conditions and the following disclaimer in the 38 * documentation and/or other materials provided with the distribution. 39 * 3. Neither the name of the copyright holder nor the names of contributors 40 * may be used to endorse or promote products derived from this software 41 * without specific prior written permission. 42 * 43 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) AND CONTRIBUTOR(S) ``AS IS'' AND 44 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 45 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 46 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR(S) OR CONTRIBUTOR(S) BE LIABLE 47 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 48 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 49 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 50 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 51 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 52 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 53 * SUCH DAMAGE. 54 * 55 */ 56 57 58#include <config.h> 59 60#include <isc/assertions.h> 61#include <isc/sha2.h> 62#include <isc/string.h> 63#include <isc/util.h> 64 65/* 66 * UNROLLED TRANSFORM LOOP NOTE: 67 * You can define SHA2_UNROLL_TRANSFORM to use the unrolled transform 68 * loop version for the hash transform rounds (defined using macros 69 * later in this file). Either define on the command line, for example: 70 * 71 * cc -DISC_SHA2_UNROLL_TRANSFORM -o sha2 sha2.c sha2prog.c 72 * 73 * or define below: 74 * 75 * #define ISC_SHA2_UNROLL_TRANSFORM 76 * 77 */ 78 79/*** SHA-256/384/512 Machine Architecture Definitions *****************/ 80/* 81 * BYTE_ORDER NOTE: 82 * 83 * Please make sure that your system defines BYTE_ORDER. If your 84 * architecture is little-endian, make sure it also defines 85 * LITTLE_ENDIAN and that the two (BYTE_ORDER and LITTLE_ENDIAN) are 86 * equivilent. 87 * 88 * If your system does not define the above, then you can do so by 89 * hand like this: 90 * 91 * #define LITTLE_ENDIAN 1234 92 * #define BIG_ENDIAN 4321 93 * 94 * And for little-endian machines, add: 95 * 96 * #define BYTE_ORDER LITTLE_ENDIAN 97 * 98 * Or for big-endian machines: 99 * 100 * #define BYTE_ORDER BIG_ENDIAN 101 * 102 * The FreeBSD machine this was written on defines BYTE_ORDER 103 * appropriately by including <sys/types.h> (which in turn includes 104 * <machine/endian.h> where the appropriate definitions are actually 105 * made). 106 */ 107#if !defined(BYTE_ORDER) || (BYTE_ORDER != LITTLE_ENDIAN && BYTE_ORDER != BIG_ENDIAN) 108#ifndef BYTE_ORDER 109#ifndef BIG_ENDIAN 110#define BIG_ENDIAN 4321 111#endif 112#ifndef LITTLE_ENDIAN 113#define LITTLE_ENDIAN 1234 114#endif 115#ifdef WORDS_BIGENDIAN 116#define BYTE_ORDER BIG_ENDIAN 117#else 118#define BYTE_ORDER LITTLE_ENDIAN 119#endif 120#else 121#error Define BYTE_ORDER to be equal to either LITTLE_ENDIAN or BIG_ENDIAN 122#endif 123#endif 124 125/*** SHA-256/384/512 Various Length Definitions ***********************/ 126/* NOTE: Most of these are in sha2.h */ 127#define ISC_SHA256_SHORT_BLOCK_LENGTH (ISC_SHA256_BLOCK_LENGTH - 8) 128#define ISC_SHA384_SHORT_BLOCK_LENGTH (ISC_SHA384_BLOCK_LENGTH - 16) 129#define ISC_SHA512_SHORT_BLOCK_LENGTH (ISC_SHA512_BLOCK_LENGTH - 16) 130 131 132/*** ENDIAN REVERSAL MACROS *******************************************/ 133#if BYTE_ORDER == LITTLE_ENDIAN 134#define REVERSE32(w,x) { \ 135 isc_uint32_t tmp = (w); \ 136 tmp = (tmp >> 16) | (tmp << 16); \ 137 (x) = ((tmp & 0xff00ff00UL) >> 8) | ((tmp & 0x00ff00ffUL) << 8); \ 138} 139#ifdef WIN32 140#define REVERSE64(w,x) { \ 141 isc_uint64_t tmp = (w); \ 142 tmp = (tmp >> 32) | (tmp << 32); \ 143 tmp = ((tmp & 0xff00ff00ff00ff00UL) >> 8) | \ 144 ((tmp & 0x00ff00ff00ff00ffUL) << 8); \ 145 (x) = ((tmp & 0xffff0000ffff0000UL) >> 16) | \ 146 ((tmp & 0x0000ffff0000ffffUL) << 16); \ 147} 148#else 149#define REVERSE64(w,x) { \ 150 isc_uint64_t tmp = (w); \ 151 tmp = (tmp >> 32) | (tmp << 32); \ 152 tmp = ((tmp & 0xff00ff00ff00ff00ULL) >> 8) | \ 153 ((tmp & 0x00ff00ff00ff00ffULL) << 8); \ 154 (x) = ((tmp & 0xffff0000ffff0000ULL) >> 16) | \ 155 ((tmp & 0x0000ffff0000ffffULL) << 16); \ 156} 157#endif 158#endif /* BYTE_ORDER == LITTLE_ENDIAN */ 159 160/* 161 * Macro for incrementally adding the unsigned 64-bit integer n to the 162 * unsigned 128-bit integer (represented using a two-element array of 163 * 64-bit words): 164 */ 165#define ADDINC128(w,n) { \ 166 (w)[0] += (isc_uint64_t)(n); \ 167 if ((w)[0] < (n)) { \ 168 (w)[1]++; \ 169 } \ 170} 171 172/*** THE SIX LOGICAL FUNCTIONS ****************************************/ 173/* 174 * Bit shifting and rotation (used by the six SHA-XYZ logical functions: 175 * 176 * NOTE: The naming of R and S appears backwards here (R is a SHIFT and 177 * S is a ROTATION) because the SHA-256/384/512 description document 178 * (see http://csrc.nist.gov/cryptval/shs/sha256-384-512.pdf) uses this 179 * same "backwards" definition. 180 */ 181/* Shift-right (used in SHA-256, SHA-384, and SHA-512): */ 182#define R(b,x) ((x) >> (b)) 183/* 32-bit Rotate-right (used in SHA-256): */ 184#define S32(b,x) (((x) >> (b)) | ((x) << (32 - (b)))) 185/* 64-bit Rotate-right (used in SHA-384 and SHA-512): */ 186#define S64(b,x) (((x) >> (b)) | ((x) << (64 - (b)))) 187 188/* Two of six logical functions used in SHA-256, SHA-384, and SHA-512: */ 189#define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z))) 190#define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) 191 192/* Four of six logical functions used in SHA-256: */ 193#define Sigma0_256(x) (S32(2, (x)) ^ S32(13, (x)) ^ S32(22, (x))) 194#define Sigma1_256(x) (S32(6, (x)) ^ S32(11, (x)) ^ S32(25, (x))) 195#define sigma0_256(x) (S32(7, (x)) ^ S32(18, (x)) ^ R(3 , (x))) 196#define sigma1_256(x) (S32(17, (x)) ^ S32(19, (x)) ^ R(10, (x))) 197 198/* Four of six logical functions used in SHA-384 and SHA-512: */ 199#define Sigma0_512(x) (S64(28, (x)) ^ S64(34, (x)) ^ S64(39, (x))) 200#define Sigma1_512(x) (S64(14, (x)) ^ S64(18, (x)) ^ S64(41, (x))) 201#define sigma0_512(x) (S64( 1, (x)) ^ S64( 8, (x)) ^ R( 7, (x))) 202#define sigma1_512(x) (S64(19, (x)) ^ S64(61, (x)) ^ R( 6, (x))) 203 204/*** INTERNAL FUNCTION PROTOTYPES *************************************/ 205/* NOTE: These should not be accessed directly from outside this 206 * library -- they are intended for private internal visibility/use 207 * only. 208 */ 209void isc_sha512_last(isc_sha512_t *); 210void isc_sha256_transform(isc_sha256_t *, const isc_uint32_t*); 211void isc_sha512_transform(isc_sha512_t *, const isc_uint64_t*); 212 213 214/*** SHA-XYZ INITIAL HASH VALUES AND CONSTANTS ************************/ 215/* Hash constant words K for SHA-224 and SHA-256: */ 216static const isc_uint32_t K256[64] = { 217 0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL, 218 0x3956c25bUL, 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL, 219 0xd807aa98UL, 0x12835b01UL, 0x243185beUL, 0x550c7dc3UL, 220 0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL, 0xc19bf174UL, 221 0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL, 222 0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL, 223 0x983e5152UL, 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL, 224 0xc6e00bf3UL, 0xd5a79147UL, 0x06ca6351UL, 0x14292967UL, 225 0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL, 0x53380d13UL, 226 0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL, 227 0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL, 228 0xd192e819UL, 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL, 229 0x19a4c116UL, 0x1e376c08UL, 0x2748774cUL, 0x34b0bcb5UL, 230 0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL, 0x682e6ff3UL, 231 0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL, 232 0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL 233}; 234 235/* Initial hash value H for SHA-224: */ 236static const isc_uint32_t sha224_initial_hash_value[8] = { 237 0xc1059ed8UL, 238 0x367cd507UL, 239 0x3070dd17UL, 240 0xf70e5939UL, 241 0xffc00b31UL, 242 0x68581511UL, 243 0x64f98fa7UL, 244 0xbefa4fa4UL 245}; 246 247/* Initial hash value H for SHA-256: */ 248static const isc_uint32_t sha256_initial_hash_value[8] = { 249 0x6a09e667UL, 250 0xbb67ae85UL, 251 0x3c6ef372UL, 252 0xa54ff53aUL, 253 0x510e527fUL, 254 0x9b05688cUL, 255 0x1f83d9abUL, 256 0x5be0cd19UL 257}; 258 259#ifdef WIN32 260/* Hash constant words K for SHA-384 and SHA-512: */ 261static const isc_uint64_t K512[80] = { 262 0x428a2f98d728ae22UL, 0x7137449123ef65cdUL, 263 0xb5c0fbcfec4d3b2fUL, 0xe9b5dba58189dbbcUL, 264 0x3956c25bf348b538UL, 0x59f111f1b605d019UL, 265 0x923f82a4af194f9bUL, 0xab1c5ed5da6d8118UL, 266 0xd807aa98a3030242UL, 0x12835b0145706fbeUL, 267 0x243185be4ee4b28cUL, 0x550c7dc3d5ffb4e2UL, 268 0x72be5d74f27b896fUL, 0x80deb1fe3b1696b1UL, 269 0x9bdc06a725c71235UL, 0xc19bf174cf692694UL, 270 0xe49b69c19ef14ad2UL, 0xefbe4786384f25e3UL, 271 0x0fc19dc68b8cd5b5UL, 0x240ca1cc77ac9c65UL, 272 0x2de92c6f592b0275UL, 0x4a7484aa6ea6e483UL, 273 0x5cb0a9dcbd41fbd4UL, 0x76f988da831153b5UL, 274 0x983e5152ee66dfabUL, 0xa831c66d2db43210UL, 275 0xb00327c898fb213fUL, 0xbf597fc7beef0ee4UL, 276 0xc6e00bf33da88fc2UL, 0xd5a79147930aa725UL, 277 0x06ca6351e003826fUL, 0x142929670a0e6e70UL, 278 0x27b70a8546d22ffcUL, 0x2e1b21385c26c926UL, 279 0x4d2c6dfc5ac42aedUL, 0x53380d139d95b3dfUL, 280 0x650a73548baf63deUL, 0x766a0abb3c77b2a8UL, 281 0x81c2c92e47edaee6UL, 0x92722c851482353bUL, 282 0xa2bfe8a14cf10364UL, 0xa81a664bbc423001UL, 283 0xc24b8b70d0f89791UL, 0xc76c51a30654be30UL, 284 0xd192e819d6ef5218UL, 0xd69906245565a910UL, 285 0xf40e35855771202aUL, 0x106aa07032bbd1b8UL, 286 0x19a4c116b8d2d0c8UL, 0x1e376c085141ab53UL, 287 0x2748774cdf8eeb99UL, 0x34b0bcb5e19b48a8UL, 288 0x391c0cb3c5c95a63UL, 0x4ed8aa4ae3418acbUL, 289 0x5b9cca4f7763e373UL, 0x682e6ff3d6b2b8a3UL, 290 0x748f82ee5defb2fcUL, 0x78a5636f43172f60UL, 291 0x84c87814a1f0ab72UL, 0x8cc702081a6439ecUL, 292 0x90befffa23631e28UL, 0xa4506cebde82bde9UL, 293 0xbef9a3f7b2c67915UL, 0xc67178f2e372532bUL, 294 0xca273eceea26619cUL, 0xd186b8c721c0c207UL, 295 0xeada7dd6cde0eb1eUL, 0xf57d4f7fee6ed178UL, 296 0x06f067aa72176fbaUL, 0x0a637dc5a2c898a6UL, 297 0x113f9804bef90daeUL, 0x1b710b35131c471bUL, 298 0x28db77f523047d84UL, 0x32caab7b40c72493UL, 299 0x3c9ebe0a15c9bebcUL, 0x431d67c49c100d4cUL, 300 0x4cc5d4becb3e42b6UL, 0x597f299cfc657e2aUL, 301 0x5fcb6fab3ad6faecUL, 0x6c44198c4a475817UL 302}; 303 304/* Initial hash value H for SHA-384: */ 305static const isc_uint64_t sha384_initial_hash_value[8] = { 306 0xcbbb9d5dc1059ed8UL, 307 0x629a292a367cd507UL, 308 0x9159015a3070dd17UL, 309 0x152fecd8f70e5939UL, 310 0x67332667ffc00b31UL, 311 0x8eb44a8768581511UL, 312 0xdb0c2e0d64f98fa7UL, 313 0x47b5481dbefa4fa4UL 314}; 315 316/* Initial hash value H for SHA-512: */ 317static const isc_uint64_t sha512_initial_hash_value[8] = { 318 0x6a09e667f3bcc908U, 319 0xbb67ae8584caa73bUL, 320 0x3c6ef372fe94f82bUL, 321 0xa54ff53a5f1d36f1UL, 322 0x510e527fade682d1UL, 323 0x9b05688c2b3e6c1fUL, 324 0x1f83d9abfb41bd6bUL, 325 0x5be0cd19137e2179UL 326}; 327#else 328/* Hash constant words K for SHA-384 and SHA-512: */ 329static const isc_uint64_t K512[80] = { 330 0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL, 331 0xb5c0fbcfec4d3b2fULL, 0xe9b5dba58189dbbcULL, 332 0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL, 333 0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL, 334 0xd807aa98a3030242ULL, 0x12835b0145706fbeULL, 335 0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL, 336 0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL, 337 0x9bdc06a725c71235ULL, 0xc19bf174cf692694ULL, 338 0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL, 339 0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL, 340 0x2de92c6f592b0275ULL, 0x4a7484aa6ea6e483ULL, 341 0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL, 342 0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL, 343 0xb00327c898fb213fULL, 0xbf597fc7beef0ee4ULL, 344 0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL, 345 0x06ca6351e003826fULL, 0x142929670a0e6e70ULL, 346 0x27b70a8546d22ffcULL, 0x2e1b21385c26c926ULL, 347 0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL, 348 0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL, 349 0x81c2c92e47edaee6ULL, 0x92722c851482353bULL, 350 0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL, 351 0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL, 352 0xd192e819d6ef5218ULL, 0xd69906245565a910ULL, 353 0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL, 354 0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL, 355 0x2748774cdf8eeb99ULL, 0x34b0bcb5e19b48a8ULL, 356 0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL, 357 0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL, 358 0x748f82ee5defb2fcULL, 0x78a5636f43172f60ULL, 359 0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL, 360 0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL, 361 0xbef9a3f7b2c67915ULL, 0xc67178f2e372532bULL, 362 0xca273eceea26619cULL, 0xd186b8c721c0c207ULL, 363 0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL, 364 0x06f067aa72176fbaULL, 0x0a637dc5a2c898a6ULL, 365 0x113f9804bef90daeULL, 0x1b710b35131c471bULL, 366 0x28db77f523047d84ULL, 0x32caab7b40c72493ULL, 367 0x3c9ebe0a15c9bebcULL, 0x431d67c49c100d4cULL, 368 0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL, 369 0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL 370}; 371 372/* Initial hash value H for SHA-384: */ 373static const isc_uint64_t sha384_initial_hash_value[8] = { 374 0xcbbb9d5dc1059ed8ULL, 375 0x629a292a367cd507ULL, 376 0x9159015a3070dd17ULL, 377 0x152fecd8f70e5939ULL, 378 0x67332667ffc00b31ULL, 379 0x8eb44a8768581511ULL, 380 0xdb0c2e0d64f98fa7ULL, 381 0x47b5481dbefa4fa4ULL 382}; 383 384/* Initial hash value H for SHA-512: */ 385static const isc_uint64_t sha512_initial_hash_value[8] = { 386 0x6a09e667f3bcc908ULL, 387 0xbb67ae8584caa73bULL, 388 0x3c6ef372fe94f82bULL, 389 0xa54ff53a5f1d36f1ULL, 390 0x510e527fade682d1ULL, 391 0x9b05688c2b3e6c1fULL, 392 0x1f83d9abfb41bd6bULL, 393 0x5be0cd19137e2179ULL 394}; 395#endif 396 397/* 398 * Constant used by SHA256/384/512_End() functions for converting the 399 * digest to a readable hexadecimal character string: 400 */ 401static const char *sha2_hex_digits = "0123456789abcdef"; 402 403 404 405/*** SHA-224: *********************************************************/ 406void 407isc_sha224_init(isc_sha224_t *context) { 408 if (context == (isc_sha256_t *)0) { 409 return; 410 } 411 memcpy(context->state, sha224_initial_hash_value, 412 ISC_SHA256_DIGESTLENGTH); 413 memset(context->buffer, 0, ISC_SHA256_BLOCK_LENGTH); 414 context->bitcount = 0; 415} 416 417void 418isc_sha224_update(isc_sha224_t *context, const isc_uint8_t* data, size_t len) { 419 isc_sha256_update((isc_sha256_t *)context, data, len); 420} 421 422void 423isc_sha224_final(isc_uint8_t digest[], isc_sha224_t *context) { 424 isc_uint8_t sha256_digest[ISC_SHA256_DIGESTLENGTH]; 425 isc_sha256_final(sha256_digest, (isc_sha256_t *)context); 426 memcpy(digest, sha256_digest, ISC_SHA224_DIGESTLENGTH); 427 memset(sha256_digest, 0, ISC_SHA256_DIGESTLENGTH); 428} 429 430char * 431isc_sha224_end(isc_sha224_t *context, char buffer[]) { 432 isc_uint8_t digest[ISC_SHA224_DIGESTLENGTH], *d = digest; 433 unsigned int i; 434 435 /* Sanity check: */ 436 REQUIRE(context != (isc_sha224_t *)0); 437 438 if (buffer != (char*)0) { 439 isc_sha224_final(digest, context); 440 441 for (i = 0; i < ISC_SHA224_DIGESTLENGTH; i++) { 442 *buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4]; 443 *buffer++ = sha2_hex_digits[*d & 0x0f]; 444 d++; 445 } 446 *buffer = (char)0; 447 } else { 448 memset(context, 0, sizeof(context)); 449 } 450 memset(digest, 0, ISC_SHA224_DIGESTLENGTH); 451 return buffer; 452} 453 454char* 455isc_sha224_data(const isc_uint8_t *data, size_t len, 456 char digest[ISC_SHA224_DIGESTSTRINGLENGTH]) 457{ 458 isc_sha224_t context; 459 460 isc_sha224_init(&context); 461 isc_sha224_update(&context, data, len); 462 return (isc_sha224_end(&context, digest)); 463} 464 465/*** SHA-256: *********************************************************/ 466void 467isc_sha256_init(isc_sha256_t *context) { 468 if (context == (isc_sha256_t *)0) { 469 return; 470 } 471 memcpy(context->state, sha256_initial_hash_value, 472 ISC_SHA256_DIGESTLENGTH); 473 memset(context->buffer, 0, ISC_SHA256_BLOCK_LENGTH); 474 context->bitcount = 0; 475} 476 477#ifdef ISC_SHA2_UNROLL_TRANSFORM 478 479/* Unrolled SHA-256 round macros: */ 480 481#if BYTE_ORDER == LITTLE_ENDIAN 482 483#define ROUND256_0_TO_15(a,b,c,d,e,f,g,h) \ 484 REVERSE32(*data++, W256[j]); \ 485 T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + \ 486 K256[j] + W256[j]; \ 487 (d) += T1; \ 488 (h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \ 489 j++ 490 491 492#else /* BYTE_ORDER == LITTLE_ENDIAN */ 493 494#define ROUND256_0_TO_15(a,b,c,d,e,f,g,h) \ 495 T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + \ 496 K256[j] + (W256[j] = *data++); \ 497 (d) += T1; \ 498 (h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \ 499 j++ 500 501#endif /* BYTE_ORDER == LITTLE_ENDIAN */ 502 503#define ROUND256(a,b,c,d,e,f,g,h) \ 504 s0 = W256[(j+1)&0x0f]; \ 505 s0 = sigma0_256(s0); \ 506 s1 = W256[(j+14)&0x0f]; \ 507 s1 = sigma1_256(s1); \ 508 T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + K256[j] + \ 509 (W256[j&0x0f] += s1 + W256[(j+9)&0x0f] + s0); \ 510 (d) += T1; \ 511 (h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \ 512 j++ 513 514void isc_sha256_transform(isc_sha256_t *context, const isc_uint32_t* data) { 515 isc_uint32_t a, b, c, d, e, f, g, h, s0, s1; 516 isc_uint32_t T1, *W256; 517 int j; 518 519 W256 = (isc_uint32_t*)context->buffer; 520 521 /* Initialize registers with the prev. intermediate value */ 522 a = context->state[0]; 523 b = context->state[1]; 524 c = context->state[2]; 525 d = context->state[3]; 526 e = context->state[4]; 527 f = context->state[5]; 528 g = context->state[6]; 529 h = context->state[7]; 530 531 j = 0; 532 do { 533 /* Rounds 0 to 15 (unrolled): */ 534 ROUND256_0_TO_15(a,b,c,d,e,f,g,h); 535 ROUND256_0_TO_15(h,a,b,c,d,e,f,g); 536 ROUND256_0_TO_15(g,h,a,b,c,d,e,f); 537 ROUND256_0_TO_15(f,g,h,a,b,c,d,e); 538 ROUND256_0_TO_15(e,f,g,h,a,b,c,d); 539 ROUND256_0_TO_15(d,e,f,g,h,a,b,c); 540 ROUND256_0_TO_15(c,d,e,f,g,h,a,b); 541 ROUND256_0_TO_15(b,c,d,e,f,g,h,a); 542 } while (j < 16); 543 544 /* Now for the remaining rounds to 64: */ 545 do { 546 ROUND256(a,b,c,d,e,f,g,h); 547 ROUND256(h,a,b,c,d,e,f,g); 548 ROUND256(g,h,a,b,c,d,e,f); 549 ROUND256(f,g,h,a,b,c,d,e); 550 ROUND256(e,f,g,h,a,b,c,d); 551 ROUND256(d,e,f,g,h,a,b,c); 552 ROUND256(c,d,e,f,g,h,a,b); 553 ROUND256(b,c,d,e,f,g,h,a); 554 } while (j < 64); 555 556 /* Compute the current intermediate hash value */ 557 context->state[0] += a; 558 context->state[1] += b; 559 context->state[2] += c; 560 context->state[3] += d; 561 context->state[4] += e; 562 context->state[5] += f; 563 context->state[6] += g; 564 context->state[7] += h; 565 566 /* Clean up */ 567 a = b = c = d = e = f = g = h = T1 = 0; 568} 569 570#else /* ISC_SHA2_UNROLL_TRANSFORM */ 571 572void 573isc_sha256_transform(isc_sha256_t *context, const isc_uint32_t* data) { 574 isc_uint32_t a, b, c, d, e, f, g, h, s0, s1; 575 isc_uint32_t T1, T2, *W256; 576 int j; 577 578 W256 = (isc_uint32_t*)context->buffer; 579 580 /* Initialize registers with the prev. intermediate value */ 581 a = context->state[0]; 582 b = context->state[1]; 583 c = context->state[2]; 584 d = context->state[3]; 585 e = context->state[4]; 586 f = context->state[5]; 587 g = context->state[6]; 588 h = context->state[7]; 589 590 j = 0; 591 do { 592#if BYTE_ORDER == LITTLE_ENDIAN 593 /* Copy data while converting to host byte order */ 594 REVERSE32(*data++,W256[j]); 595 /* Apply the SHA-256 compression function to update a..h */ 596 T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + W256[j]; 597#else /* BYTE_ORDER == LITTLE_ENDIAN */ 598 /* Apply the SHA-256 compression function to update a..h with copy */ 599 T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + (W256[j] = *data++); 600#endif /* BYTE_ORDER == LITTLE_ENDIAN */ 601 T2 = Sigma0_256(a) + Maj(a, b, c); 602 h = g; 603 g = f; 604 f = e; 605 e = d + T1; 606 d = c; 607 c = b; 608 b = a; 609 a = T1 + T2; 610 611 j++; 612 } while (j < 16); 613 614 do { 615 /* Part of the message block expansion: */ 616 s0 = W256[(j+1)&0x0f]; 617 s0 = sigma0_256(s0); 618 s1 = W256[(j+14)&0x0f]; 619 s1 = sigma1_256(s1); 620 621 /* Apply the SHA-256 compression function to update a..h */ 622 T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + 623 (W256[j&0x0f] += s1 + W256[(j+9)&0x0f] + s0); 624 T2 = Sigma0_256(a) + Maj(a, b, c); 625 h = g; 626 g = f; 627 f = e; 628 e = d + T1; 629 d = c; 630 c = b; 631 b = a; 632 a = T1 + T2; 633 634 j++; 635 } while (j < 64); 636 637 /* Compute the current intermediate hash value */ 638 context->state[0] += a; 639 context->state[1] += b; 640 context->state[2] += c; 641 context->state[3] += d; 642 context->state[4] += e; 643 context->state[5] += f; 644 context->state[6] += g; 645 context->state[7] += h; 646 647 /* Clean up */ 648 a = b = c = d = e = f = g = h = T1 = T2 = 0; 649} 650 651#endif /* ISC_SHA2_UNROLL_TRANSFORM */ 652 653void 654isc_sha256_update(isc_sha256_t *context, const isc_uint8_t *data, size_t len) { 655 unsigned int freespace, usedspace; 656 657 if (len == 0U) { 658 /* Calling with no data is valid - we do nothing */ 659 return; 660 } 661 662 /* Sanity check: */ 663 REQUIRE(context != (isc_sha256_t *)0 && data != (isc_uint8_t*)0); 664 665 usedspace = (unsigned int)((context->bitcount >> 3) % 666 ISC_SHA256_BLOCK_LENGTH); 667 if (usedspace > 0) { 668 /* Calculate how much free space is available in the buffer */ 669 freespace = ISC_SHA256_BLOCK_LENGTH - usedspace; 670 671 if (len >= freespace) { 672 /* Fill the buffer completely and process it */ 673 memcpy(&context->buffer[usedspace], data, freespace); 674 context->bitcount += freespace << 3; 675 len -= freespace; 676 data += freespace; 677 isc_sha256_transform(context, 678 (isc_uint32_t*)context->buffer); 679 } else { 680 /* The buffer is not yet full */ 681 memcpy(&context->buffer[usedspace], data, len); 682 context->bitcount += len << 3; 683 /* Clean up: */ 684 usedspace = freespace = 0; 685 return; 686 } 687 } 688 while (len >= ISC_SHA256_BLOCK_LENGTH) { 689 /* Process as many complete blocks as we can */ 690 memcpy(context->buffer, data, ISC_SHA256_BLOCK_LENGTH); 691 isc_sha256_transform(context, (isc_uint32_t*)context->buffer); 692 context->bitcount += ISC_SHA256_BLOCK_LENGTH << 3; 693 len -= ISC_SHA256_BLOCK_LENGTH; 694 data += ISC_SHA256_BLOCK_LENGTH; 695 } 696 if (len > 0U) { 697 /* There's left-overs, so save 'em */ 698 memcpy(context->buffer, data, len); 699 context->bitcount += len << 3; 700 } 701 /* Clean up: */ 702 usedspace = freespace = 0; 703} 704 705void 706isc_sha256_final(isc_uint8_t digest[], isc_sha256_t *context) { 707 isc_uint32_t *d = (isc_uint32_t*)digest; 708 unsigned int usedspace; 709 710 /* Sanity check: */ 711 REQUIRE(context != (isc_sha256_t *)0); 712 713 /* If no digest buffer is passed, we don't bother doing this: */ 714 if (digest != (isc_uint8_t*)0) { 715 usedspace = (unsigned int)((context->bitcount >> 3) % 716 ISC_SHA256_BLOCK_LENGTH); 717#if BYTE_ORDER == LITTLE_ENDIAN 718 /* Convert FROM host byte order */ 719 REVERSE64(context->bitcount,context->bitcount); 720#endif 721 if (usedspace > 0) { 722 /* Begin padding with a 1 bit: */ 723 context->buffer[usedspace++] = 0x80; 724 725 if (usedspace <= ISC_SHA256_SHORT_BLOCK_LENGTH) { 726 /* Set-up for the last transform: */ 727 memset(&context->buffer[usedspace], 0, 728 ISC_SHA256_SHORT_BLOCK_LENGTH - usedspace); 729 } else { 730 if (usedspace < ISC_SHA256_BLOCK_LENGTH) { 731 memset(&context->buffer[usedspace], 0, 732 ISC_SHA256_BLOCK_LENGTH - 733 usedspace); 734 } 735 /* Do second-to-last transform: */ 736 isc_sha256_transform(context, 737 (isc_uint32_t*)context->buffer); 738 739 /* And set-up for the last transform: */ 740 memset(context->buffer, 0, 741 ISC_SHA256_SHORT_BLOCK_LENGTH); 742 } 743 } else { 744 /* Set-up for the last transform: */ 745 memset(context->buffer, 0, ISC_SHA256_SHORT_BLOCK_LENGTH); 746 747 /* Begin padding with a 1 bit: */ 748 *context->buffer = 0x80; 749 } 750 /* Set the bit count: */ 751 *(isc_uint64_t*)&context->buffer[ISC_SHA256_SHORT_BLOCK_LENGTH] = context->bitcount; 752 753 /* Final transform: */ 754 isc_sha256_transform(context, (isc_uint32_t*)context->buffer); 755 756#if BYTE_ORDER == LITTLE_ENDIAN 757 { 758 /* Convert TO host byte order */ 759 int j; 760 for (j = 0; j < 8; j++) { 761 REVERSE32(context->state[j],context->state[j]); 762 *d++ = context->state[j]; 763 } 764 } 765#else 766 memcpy(d, context->state, ISC_SHA256_DIGESTLENGTH); 767#endif 768 } 769 770 /* Clean up state data: */ 771 memset(context, 0, sizeof(context)); 772 usedspace = 0; 773} 774 775char * 776isc_sha256_end(isc_sha256_t *context, char buffer[]) { 777 isc_uint8_t digest[ISC_SHA256_DIGESTLENGTH], *d = digest; 778 unsigned int i; 779 780 /* Sanity check: */ 781 REQUIRE(context != (isc_sha256_t *)0); 782 783 if (buffer != (char*)0) { 784 isc_sha256_final(digest, context); 785 786 for (i = 0; i < ISC_SHA256_DIGESTLENGTH; i++) { 787 *buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4]; 788 *buffer++ = sha2_hex_digits[*d & 0x0f]; 789 d++; 790 } 791 *buffer = (char)0; 792 } else { 793 memset(context, 0, sizeof(context)); 794 } 795 memset(digest, 0, ISC_SHA256_DIGESTLENGTH); 796 return buffer; 797} 798 799char * 800isc_sha256_data(const isc_uint8_t* data, size_t len, 801 char digest[ISC_SHA256_DIGESTSTRINGLENGTH]) 802{ 803 isc_sha256_t context; 804 805 isc_sha256_init(&context); 806 isc_sha256_update(&context, data, len); 807 return (isc_sha256_end(&context, digest)); 808} 809 810 811/*** SHA-512: *********************************************************/ 812void 813isc_sha512_init(isc_sha512_t *context) { 814 if (context == (isc_sha512_t *)0) { 815 return; 816 } 817 memcpy(context->state, sha512_initial_hash_value, 818 ISC_SHA512_DIGESTLENGTH); 819 memset(context->buffer, 0, ISC_SHA512_BLOCK_LENGTH); 820 context->bitcount[0] = context->bitcount[1] = 0; 821} 822 823#ifdef ISC_SHA2_UNROLL_TRANSFORM 824 825/* Unrolled SHA-512 round macros: */ 826#if BYTE_ORDER == LITTLE_ENDIAN 827 828#define ROUND512_0_TO_15(a,b,c,d,e,f,g,h) \ 829 REVERSE64(*data++, W512[j]); \ 830 T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + \ 831 K512[j] + W512[j]; \ 832 (d) += T1, \ 833 (h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)), \ 834 j++ 835 836 837#else /* BYTE_ORDER == LITTLE_ENDIAN */ 838 839#define ROUND512_0_TO_15(a,b,c,d,e,f,g,h) \ 840 T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + \ 841 K512[j] + (W512[j] = *data++); \ 842 (d) += T1; \ 843 (h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)); \ 844 j++ 845 846#endif /* BYTE_ORDER == LITTLE_ENDIAN */ 847 848#define ROUND512(a,b,c,d,e,f,g,h) \ 849 s0 = W512[(j+1)&0x0f]; \ 850 s0 = sigma0_512(s0); \ 851 s1 = W512[(j+14)&0x0f]; \ 852 s1 = sigma1_512(s1); \ 853 T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + K512[j] + \ 854 (W512[j&0x0f] += s1 + W512[(j+9)&0x0f] + s0); \ 855 (d) += T1; \ 856 (h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)); \ 857 j++ 858 859void isc_sha512_transform(isc_sha512_t *context, const isc_uint64_t* data) { 860 isc_uint64_t a, b, c, d, e, f, g, h, s0, s1; 861 isc_uint64_t T1, *W512 = (isc_uint64_t*)context->buffer; 862 int j; 863 864 /* Initialize registers with the prev. intermediate value */ 865 a = context->state[0]; 866 b = context->state[1]; 867 c = context->state[2]; 868 d = context->state[3]; 869 e = context->state[4]; 870 f = context->state[5]; 871 g = context->state[6]; 872 h = context->state[7]; 873 874 j = 0; 875 do { 876 ROUND512_0_TO_15(a,b,c,d,e,f,g,h); 877 ROUND512_0_TO_15(h,a,b,c,d,e,f,g); 878 ROUND512_0_TO_15(g,h,a,b,c,d,e,f); 879 ROUND512_0_TO_15(f,g,h,a,b,c,d,e); 880 ROUND512_0_TO_15(e,f,g,h,a,b,c,d); 881 ROUND512_0_TO_15(d,e,f,g,h,a,b,c); 882 ROUND512_0_TO_15(c,d,e,f,g,h,a,b); 883 ROUND512_0_TO_15(b,c,d,e,f,g,h,a); 884 } while (j < 16); 885 886 /* Now for the remaining rounds up to 79: */ 887 do { 888 ROUND512(a,b,c,d,e,f,g,h); 889 ROUND512(h,a,b,c,d,e,f,g); 890 ROUND512(g,h,a,b,c,d,e,f); 891 ROUND512(f,g,h,a,b,c,d,e); 892 ROUND512(e,f,g,h,a,b,c,d); 893 ROUND512(d,e,f,g,h,a,b,c); 894 ROUND512(c,d,e,f,g,h,a,b); 895 ROUND512(b,c,d,e,f,g,h,a); 896 } while (j < 80); 897 898 /* Compute the current intermediate hash value */ 899 context->state[0] += a; 900 context->state[1] += b; 901 context->state[2] += c; 902 context->state[3] += d; 903 context->state[4] += e; 904 context->state[5] += f; 905 context->state[6] += g; 906 context->state[7] += h; 907 908 /* Clean up */ 909 a = b = c = d = e = f = g = h = T1 = 0; 910} 911 912#else /* ISC_SHA2_UNROLL_TRANSFORM */ 913 914void 915isc_sha512_transform(isc_sha512_t *context, const isc_uint64_t* data) { 916 isc_uint64_t a, b, c, d, e, f, g, h, s0, s1; 917 isc_uint64_t T1, T2, *W512 = (isc_uint64_t*)context->buffer; 918 int j; 919 920 /* Initialize registers with the prev. intermediate value */ 921 a = context->state[0]; 922 b = context->state[1]; 923 c = context->state[2]; 924 d = context->state[3]; 925 e = context->state[4]; 926 f = context->state[5]; 927 g = context->state[6]; 928 h = context->state[7]; 929 930 j = 0; 931 do { 932#if BYTE_ORDER == LITTLE_ENDIAN 933 /* Convert TO host byte order */ 934 REVERSE64(*data++, W512[j]); 935 /* Apply the SHA-512 compression function to update a..h */ 936 T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + W512[j]; 937#else /* BYTE_ORDER == LITTLE_ENDIAN */ 938 /* Apply the SHA-512 compression function to update a..h with copy */ 939 T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + (W512[j] = *data++); 940#endif /* BYTE_ORDER == LITTLE_ENDIAN */ 941 T2 = Sigma0_512(a) + Maj(a, b, c); 942 h = g; 943 g = f; 944 f = e; 945 e = d + T1; 946 d = c; 947 c = b; 948 b = a; 949 a = T1 + T2; 950 951 j++; 952 } while (j < 16); 953 954 do { 955 /* Part of the message block expansion: */ 956 s0 = W512[(j+1)&0x0f]; 957 s0 = sigma0_512(s0); 958 s1 = W512[(j+14)&0x0f]; 959 s1 = sigma1_512(s1); 960 961 /* Apply the SHA-512 compression function to update a..h */ 962 T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + 963 (W512[j&0x0f] += s1 + W512[(j+9)&0x0f] + s0); 964 T2 = Sigma0_512(a) + Maj(a, b, c); 965 h = g; 966 g = f; 967 f = e; 968 e = d + T1; 969 d = c; 970 c = b; 971 b = a; 972 a = T1 + T2; 973 974 j++; 975 } while (j < 80); 976 977 /* Compute the current intermediate hash value */ 978 context->state[0] += a; 979 context->state[1] += b; 980 context->state[2] += c; 981 context->state[3] += d; 982 context->state[4] += e; 983 context->state[5] += f; 984 context->state[6] += g; 985 context->state[7] += h; 986 987 /* Clean up */ 988 a = b = c = d = e = f = g = h = T1 = T2 = 0; 989} 990 991#endif /* ISC_SHA2_UNROLL_TRANSFORM */ 992 993void isc_sha512_update(isc_sha512_t *context, const isc_uint8_t *data, size_t len) { 994 unsigned int freespace, usedspace; 995 996 if (len == 0U) { 997 /* Calling with no data is valid - we do nothing */ 998 return; 999 } 1000 1001 /* Sanity check: */ 1002 REQUIRE(context != (isc_sha512_t *)0 && data != (isc_uint8_t*)0); 1003 1004 usedspace = (unsigned int)((context->bitcount[0] >> 3) % 1005 ISC_SHA512_BLOCK_LENGTH); 1006 if (usedspace > 0) { 1007 /* Calculate how much free space is available in the buffer */ 1008 freespace = ISC_SHA512_BLOCK_LENGTH - usedspace; 1009 1010 if (len >= freespace) { 1011 /* Fill the buffer completely and process it */ 1012 memcpy(&context->buffer[usedspace], data, freespace); 1013 ADDINC128(context->bitcount, freespace << 3); 1014 len -= freespace; 1015 data += freespace; 1016 isc_sha512_transform(context, 1017 (isc_uint64_t*)context->buffer); 1018 } else { 1019 /* The buffer is not yet full */ 1020 memcpy(&context->buffer[usedspace], data, len); 1021 ADDINC128(context->bitcount, len << 3); 1022 /* Clean up: */ 1023 usedspace = freespace = 0; 1024 return; 1025 } 1026 } 1027 while (len >= ISC_SHA512_BLOCK_LENGTH) { 1028 /* Process as many complete blocks as we can */ 1029 memcpy(context->buffer, data, ISC_SHA512_BLOCK_LENGTH); 1030 isc_sha512_transform(context, (isc_uint64_t*)context->buffer); 1031 ADDINC128(context->bitcount, ISC_SHA512_BLOCK_LENGTH << 3); 1032 len -= ISC_SHA512_BLOCK_LENGTH; 1033 data += ISC_SHA512_BLOCK_LENGTH; 1034 } 1035 if (len > 0U) { 1036 /* There's left-overs, so save 'em */ 1037 memcpy(context->buffer, data, len); 1038 ADDINC128(context->bitcount, len << 3); 1039 } 1040 /* Clean up: */ 1041 usedspace = freespace = 0; 1042} 1043 1044void isc_sha512_last(isc_sha512_t *context) { 1045 unsigned int usedspace; 1046 1047 usedspace = (unsigned int)((context->bitcount[0] >> 3) % 1048 ISC_SHA512_BLOCK_LENGTH); 1049#if BYTE_ORDER == LITTLE_ENDIAN 1050 /* Convert FROM host byte order */ 1051 REVERSE64(context->bitcount[0],context->bitcount[0]); 1052 REVERSE64(context->bitcount[1],context->bitcount[1]); 1053#endif 1054 if (usedspace > 0) { 1055 /* Begin padding with a 1 bit: */ 1056 context->buffer[usedspace++] = 0x80; 1057 1058 if (usedspace <= ISC_SHA512_SHORT_BLOCK_LENGTH) { 1059 /* Set-up for the last transform: */ 1060 memset(&context->buffer[usedspace], 0, 1061 ISC_SHA512_SHORT_BLOCK_LENGTH - usedspace); 1062 } else { 1063 if (usedspace < ISC_SHA512_BLOCK_LENGTH) { 1064 memset(&context->buffer[usedspace], 0, 1065 ISC_SHA512_BLOCK_LENGTH - usedspace); 1066 } 1067 /* Do second-to-last transform: */ 1068 isc_sha512_transform(context, 1069 (isc_uint64_t*)context->buffer); 1070 1071 /* And set-up for the last transform: */ 1072 memset(context->buffer, 0, ISC_SHA512_BLOCK_LENGTH - 2); 1073 } 1074 } else { 1075 /* Prepare for final transform: */ 1076 memset(context->buffer, 0, ISC_SHA512_SHORT_BLOCK_LENGTH); 1077 1078 /* Begin padding with a 1 bit: */ 1079 *context->buffer = 0x80; 1080 } 1081 /* Store the length of input data (in bits): */ 1082 *(isc_uint64_t*)&context->buffer[ISC_SHA512_SHORT_BLOCK_LENGTH] = context->bitcount[1]; 1083 *(isc_uint64_t*)&context->buffer[ISC_SHA512_SHORT_BLOCK_LENGTH+8] = context->bitcount[0]; 1084 1085 /* Final transform: */ 1086 isc_sha512_transform(context, (isc_uint64_t*)context->buffer); 1087} 1088 1089void isc_sha512_final(isc_uint8_t digest[], isc_sha512_t *context) { 1090 isc_uint64_t *d = (isc_uint64_t*)digest; 1091 1092 /* Sanity check: */ 1093 REQUIRE(context != (isc_sha512_t *)0); 1094 1095 /* If no digest buffer is passed, we don't bother doing this: */ 1096 if (digest != (isc_uint8_t*)0) { 1097 isc_sha512_last(context); 1098 1099 /* Save the hash data for output: */ 1100#if BYTE_ORDER == LITTLE_ENDIAN 1101 { 1102 /* Convert TO host byte order */ 1103 int j; 1104 for (j = 0; j < 8; j++) { 1105 REVERSE64(context->state[j],context->state[j]); 1106 *d++ = context->state[j]; 1107 } 1108 } 1109#else 1110 memcpy(d, context->state, ISC_SHA512_DIGESTLENGTH); 1111#endif 1112 } 1113 1114 /* Zero out state data */ 1115 memset(context, 0, sizeof(context)); 1116} 1117 1118char * 1119isc_sha512_end(isc_sha512_t *context, char buffer[]) { 1120 isc_uint8_t digest[ISC_SHA512_DIGESTLENGTH], *d = digest; 1121 unsigned int i; 1122 1123 /* Sanity check: */ 1124 REQUIRE(context != (isc_sha512_t *)0); 1125 1126 if (buffer != (char*)0) { 1127 isc_sha512_final(digest, context); 1128 1129 for (i = 0; i < ISC_SHA512_DIGESTLENGTH; i++) { 1130 *buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4]; 1131 *buffer++ = sha2_hex_digits[*d & 0x0f]; 1132 d++; 1133 } 1134 *buffer = (char)0; 1135 } else { 1136 memset(context, 0, sizeof(context)); 1137 } 1138 memset(digest, 0, ISC_SHA512_DIGESTLENGTH); 1139 return buffer; 1140} 1141 1142char * 1143isc_sha512_data(const isc_uint8_t *data, size_t len, 1144 char digest[ISC_SHA512_DIGESTSTRINGLENGTH]) 1145{ 1146 isc_sha512_t context; 1147 1148 isc_sha512_init(&context); 1149 isc_sha512_update(&context, data, len); 1150 return (isc_sha512_end(&context, digest)); 1151} 1152 1153 1154/*** SHA-384: *********************************************************/ 1155void 1156isc_sha384_init(isc_sha384_t *context) { 1157 if (context == (isc_sha384_t *)0) { 1158 return; 1159 } 1160 memcpy(context->state, sha384_initial_hash_value, 1161 ISC_SHA512_DIGESTLENGTH); 1162 memset(context->buffer, 0, ISC_SHA384_BLOCK_LENGTH); 1163 context->bitcount[0] = context->bitcount[1] = 0; 1164} 1165 1166void 1167isc_sha384_update(isc_sha384_t *context, const isc_uint8_t* data, size_t len) { 1168 isc_sha512_update((isc_sha512_t *)context, data, len); 1169} 1170 1171void 1172isc_sha384_final(isc_uint8_t digest[], isc_sha384_t *context) { 1173 isc_uint64_t *d = (isc_uint64_t*)digest; 1174 1175 /* Sanity check: */ 1176 REQUIRE(context != (isc_sha384_t *)0); 1177 1178 /* If no digest buffer is passed, we don't bother doing this: */ 1179 if (digest != (isc_uint8_t*)0) { 1180 isc_sha512_last((isc_sha512_t *)context); 1181 1182 /* Save the hash data for output: */ 1183#if BYTE_ORDER == LITTLE_ENDIAN 1184 { 1185 /* Convert TO host byte order */ 1186 int j; 1187 for (j = 0; j < 6; j++) { 1188 REVERSE64(context->state[j],context->state[j]); 1189 *d++ = context->state[j]; 1190 } 1191 } 1192#else 1193 memcpy(d, context->state, ISC_SHA384_DIGESTLENGTH); 1194#endif 1195 } 1196 1197 /* Zero out state data */ 1198 memset(context, 0, sizeof(context)); 1199} 1200 1201char * 1202isc_sha384_end(isc_sha384_t *context, char buffer[]) { 1203 isc_uint8_t digest[ISC_SHA384_DIGESTLENGTH], *d = digest; 1204 unsigned int i; 1205 1206 /* Sanity check: */ 1207 REQUIRE(context != (isc_sha384_t *)0); 1208 1209 if (buffer != (char*)0) { 1210 isc_sha384_final(digest, context); 1211 1212 for (i = 0; i < ISC_SHA384_DIGESTLENGTH; i++) { 1213 *buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4]; 1214 *buffer++ = sha2_hex_digits[*d & 0x0f]; 1215 d++; 1216 } 1217 *buffer = (char)0; 1218 } else { 1219 memset(context, 0, sizeof(context)); 1220 } 1221 memset(digest, 0, ISC_SHA384_DIGESTLENGTH); 1222 return buffer; 1223} 1224 1225char* 1226isc_sha384_data(const isc_uint8_t *data, size_t len, 1227 char digest[ISC_SHA384_DIGESTSTRINGLENGTH]) 1228{ 1229 isc_sha384_t context; 1230 1231 isc_sha384_init(&context); 1232 isc_sha384_update(&context, data, len); 1233 return (isc_sha384_end(&context, digest)); 1234} 1235