sha2.c revision 204619
1/* 2 * Copyright (C) 2005-2007, 2009, 2010 Internet Systems Consortium, Inc. ("ISC") 3 * 4 * Permission to use, copy, modify, and/or distribute this software for any 5 * purpose with or without fee is hereby granted, provided that the above 6 * copyright notice and this permission notice appear in all copies. 7 * 8 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH 9 * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 10 * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, 11 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM 12 * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE 13 * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 14 * PERFORMANCE OF THIS SOFTWARE. 15 */ 16 17/* $Id: sha2.c,v 1.13.332.4 2010/01/15 23:47:34 tbox Exp $ */ 18 19/* $FreeBSD: head/contrib/bind9/lib/isc/sha2.c 204619 2010-03-03 05:45:24Z dougb $ */ 20/* $KAME: sha2.c,v 1.8 2001/11/08 01:07:52 itojun Exp $ */ 21 22/* 23 * sha2.c 24 * 25 * Version 1.0.0beta1 26 * 27 * Written by Aaron D. Gifford <me@aarongifford.com> 28 * 29 * Copyright 2000 Aaron D. Gifford. All rights reserved. 30 * 31 * Redistribution and use in source and binary forms, with or without 32 * modification, are permitted provided that the following conditions 33 * are met: 34 * 1. Redistributions of source code must retain the above copyright 35 * notice, this list of conditions and the following disclaimer. 36 * 2. Redistributions in binary form must reproduce the above copyright 37 * notice, this list of conditions and the following disclaimer in the 38 * documentation and/or other materials provided with the distribution. 39 * 3. Neither the name of the copyright holder nor the names of contributors 40 * may be used to endorse or promote products derived from this software 41 * without specific prior written permission. 42 * 43 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) AND CONTRIBUTOR(S) ``AS IS'' AND 44 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 45 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 46 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR(S) OR CONTRIBUTOR(S) BE LIABLE 47 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 48 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 49 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 50 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 51 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 52 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 53 * SUCH DAMAGE. 54 * 55 */ 56 57 58#include <config.h> 59 60#include <isc/assertions.h> 61#include <isc/sha2.h> 62#include <isc/string.h> 63#include <isc/util.h> 64 65/* 66 * UNROLLED TRANSFORM LOOP NOTE: 67 * You can define SHA2_UNROLL_TRANSFORM to use the unrolled transform 68 * loop version for the hash transform rounds (defined using macros 69 * later in this file). Either define on the command line, for example: 70 * 71 * cc -DISC_SHA2_UNROLL_TRANSFORM -o sha2 sha2.c sha2prog.c 72 * 73 * or define below: 74 * 75 * \#define ISC_SHA2_UNROLL_TRANSFORM 76 * 77 */ 78 79/*** SHA-256/384/512 Machine Architecture Definitions *****************/ 80/* 81 * BYTE_ORDER NOTE: 82 * 83 * Please make sure that your system defines BYTE_ORDER. If your 84 * architecture is little-endian, make sure it also defines 85 * LITTLE_ENDIAN and that the two (BYTE_ORDER and LITTLE_ENDIAN) are 86 * equivalent. 87 * 88 * If your system does not define the above, then you can do so by 89 * hand like this: 90 * 91 * \#define LITTLE_ENDIAN 1234 92 * \#define BIG_ENDIAN 4321 93 * 94 * And for little-endian machines, add: 95 * 96 * \#define BYTE_ORDER LITTLE_ENDIAN 97 * 98 * Or for big-endian machines: 99 * 100 * \#define BYTE_ORDER BIG_ENDIAN 101 * 102 * The FreeBSD machine this was written on defines BYTE_ORDER 103 * appropriately by including <sys/types.h> (which in turn includes 104 * <machine/endian.h> where the appropriate definitions are actually 105 * made). 106 */ 107#if !defined(BYTE_ORDER) || (BYTE_ORDER != LITTLE_ENDIAN && BYTE_ORDER != BIG_ENDIAN) 108#ifndef BYTE_ORDER 109#ifndef BIG_ENDIAN 110#define BIG_ENDIAN 4321 111#endif 112#ifndef LITTLE_ENDIAN 113#define LITTLE_ENDIAN 1234 114#endif 115#ifdef WORDS_BIGENDIAN 116#define BYTE_ORDER BIG_ENDIAN 117#else 118#define BYTE_ORDER LITTLE_ENDIAN 119#endif 120#else 121#error Define BYTE_ORDER to be equal to either LITTLE_ENDIAN or BIG_ENDIAN 122#endif 123#endif 124 125/*** SHA-256/384/512 Various Length Definitions ***********************/ 126/* NOTE: Most of these are in sha2.h */ 127#define ISC_SHA256_SHORT_BLOCK_LENGTH (ISC_SHA256_BLOCK_LENGTH - 8) 128#define ISC_SHA384_SHORT_BLOCK_LENGTH (ISC_SHA384_BLOCK_LENGTH - 16) 129#define ISC_SHA512_SHORT_BLOCK_LENGTH (ISC_SHA512_BLOCK_LENGTH - 16) 130 131 132/*** ENDIAN REVERSAL MACROS *******************************************/ 133#if BYTE_ORDER == LITTLE_ENDIAN 134#define REVERSE32(w,x) { \ 135 isc_uint32_t tmp = (w); \ 136 tmp = (tmp >> 16) | (tmp << 16); \ 137 (x) = ((tmp & 0xff00ff00UL) >> 8) | ((tmp & 0x00ff00ffUL) << 8); \ 138} 139#ifdef WIN32 140#define REVERSE64(w,x) { \ 141 isc_uint64_t tmp = (w); \ 142 tmp = (tmp >> 32) | (tmp << 32); \ 143 tmp = ((tmp & 0xff00ff00ff00ff00UL) >> 8) | \ 144 ((tmp & 0x00ff00ff00ff00ffUL) << 8); \ 145 (x) = ((tmp & 0xffff0000ffff0000UL) >> 16) | \ 146 ((tmp & 0x0000ffff0000ffffUL) << 16); \ 147} 148#else 149#define REVERSE64(w,x) { \ 150 isc_uint64_t tmp = (w); \ 151 tmp = (tmp >> 32) | (tmp << 32); \ 152 tmp = ((tmp & 0xff00ff00ff00ff00ULL) >> 8) | \ 153 ((tmp & 0x00ff00ff00ff00ffULL) << 8); \ 154 (x) = ((tmp & 0xffff0000ffff0000ULL) >> 16) | \ 155 ((tmp & 0x0000ffff0000ffffULL) << 16); \ 156} 157#endif 158#endif /* BYTE_ORDER == LITTLE_ENDIAN */ 159 160/* 161 * Macro for incrementally adding the unsigned 64-bit integer n to the 162 * unsigned 128-bit integer (represented using a two-element array of 163 * 64-bit words): 164 */ 165#define ADDINC128(w,n) { \ 166 (w)[0] += (isc_uint64_t)(n); \ 167 if ((w)[0] < (n)) { \ 168 (w)[1]++; \ 169 } \ 170} 171 172/*** THE SIX LOGICAL FUNCTIONS ****************************************/ 173/* 174 * Bit shifting and rotation (used by the six SHA-XYZ logical functions: 175 * 176 * NOTE: The naming of R and S appears backwards here (R is a SHIFT and 177 * S is a ROTATION) because the SHA-256/384/512 description document 178 * (see http://csrc.nist.gov/cryptval/shs/sha256-384-512.pdf) uses this 179 * same "backwards" definition. 180 */ 181/* Shift-right (used in SHA-256, SHA-384, and SHA-512): */ 182#define R(b,x) ((x) >> (b)) 183/* 32-bit Rotate-right (used in SHA-256): */ 184#define S32(b,x) (((x) >> (b)) | ((x) << (32 - (b)))) 185/* 64-bit Rotate-right (used in SHA-384 and SHA-512): */ 186#define S64(b,x) (((x) >> (b)) | ((x) << (64 - (b)))) 187 188/* Two of six logical functions used in SHA-256, SHA-384, and SHA-512: */ 189#define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z))) 190#define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) 191 192/* Four of six logical functions used in SHA-256: */ 193#define Sigma0_256(x) (S32(2, (x)) ^ S32(13, (x)) ^ S32(22, (x))) 194#define Sigma1_256(x) (S32(6, (x)) ^ S32(11, (x)) ^ S32(25, (x))) 195#define sigma0_256(x) (S32(7, (x)) ^ S32(18, (x)) ^ R(3 , (x))) 196#define sigma1_256(x) (S32(17, (x)) ^ S32(19, (x)) ^ R(10, (x))) 197 198/* Four of six logical functions used in SHA-384 and SHA-512: */ 199#define Sigma0_512(x) (S64(28, (x)) ^ S64(34, (x)) ^ S64(39, (x))) 200#define Sigma1_512(x) (S64(14, (x)) ^ S64(18, (x)) ^ S64(41, (x))) 201#define sigma0_512(x) (S64( 1, (x)) ^ S64( 8, (x)) ^ R( 7, (x))) 202#define sigma1_512(x) (S64(19, (x)) ^ S64(61, (x)) ^ R( 6, (x))) 203 204/*** INTERNAL FUNCTION PROTOTYPES *************************************/ 205/* NOTE: These should not be accessed directly from outside this 206 * library -- they are intended for private internal visibility/use 207 * only. 208 */ 209void isc_sha512_last(isc_sha512_t *); 210void isc_sha256_transform(isc_sha256_t *, const isc_uint32_t*); 211void isc_sha512_transform(isc_sha512_t *, const isc_uint64_t*); 212 213 214/*** SHA-XYZ INITIAL HASH VALUES AND CONSTANTS ************************/ 215/* Hash constant words K for SHA-224 and SHA-256: */ 216static const isc_uint32_t K256[64] = { 217 0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL, 218 0x3956c25bUL, 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL, 219 0xd807aa98UL, 0x12835b01UL, 0x243185beUL, 0x550c7dc3UL, 220 0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL, 0xc19bf174UL, 221 0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL, 222 0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL, 223 0x983e5152UL, 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL, 224 0xc6e00bf3UL, 0xd5a79147UL, 0x06ca6351UL, 0x14292967UL, 225 0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL, 0x53380d13UL, 226 0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL, 227 0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL, 228 0xd192e819UL, 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL, 229 0x19a4c116UL, 0x1e376c08UL, 0x2748774cUL, 0x34b0bcb5UL, 230 0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL, 0x682e6ff3UL, 231 0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL, 232 0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL 233}; 234 235/* Initial hash value H for SHA-224: */ 236static const isc_uint32_t sha224_initial_hash_value[8] = { 237 0xc1059ed8UL, 238 0x367cd507UL, 239 0x3070dd17UL, 240 0xf70e5939UL, 241 0xffc00b31UL, 242 0x68581511UL, 243 0x64f98fa7UL, 244 0xbefa4fa4UL 245}; 246 247/* Initial hash value H for SHA-256: */ 248static const isc_uint32_t sha256_initial_hash_value[8] = { 249 0x6a09e667UL, 250 0xbb67ae85UL, 251 0x3c6ef372UL, 252 0xa54ff53aUL, 253 0x510e527fUL, 254 0x9b05688cUL, 255 0x1f83d9abUL, 256 0x5be0cd19UL 257}; 258 259#ifdef WIN32 260/* Hash constant words K for SHA-384 and SHA-512: */ 261static const isc_uint64_t K512[80] = { 262 0x428a2f98d728ae22UL, 0x7137449123ef65cdUL, 263 0xb5c0fbcfec4d3b2fUL, 0xe9b5dba58189dbbcUL, 264 0x3956c25bf348b538UL, 0x59f111f1b605d019UL, 265 0x923f82a4af194f9bUL, 0xab1c5ed5da6d8118UL, 266 0xd807aa98a3030242UL, 0x12835b0145706fbeUL, 267 0x243185be4ee4b28cUL, 0x550c7dc3d5ffb4e2UL, 268 0x72be5d74f27b896fUL, 0x80deb1fe3b1696b1UL, 269 0x9bdc06a725c71235UL, 0xc19bf174cf692694UL, 270 0xe49b69c19ef14ad2UL, 0xefbe4786384f25e3UL, 271 0x0fc19dc68b8cd5b5UL, 0x240ca1cc77ac9c65UL, 272 0x2de92c6f592b0275UL, 0x4a7484aa6ea6e483UL, 273 0x5cb0a9dcbd41fbd4UL, 0x76f988da831153b5UL, 274 0x983e5152ee66dfabUL, 0xa831c66d2db43210UL, 275 0xb00327c898fb213fUL, 0xbf597fc7beef0ee4UL, 276 0xc6e00bf33da88fc2UL, 0xd5a79147930aa725UL, 277 0x06ca6351e003826fUL, 0x142929670a0e6e70UL, 278 0x27b70a8546d22ffcUL, 0x2e1b21385c26c926UL, 279 0x4d2c6dfc5ac42aedUL, 0x53380d139d95b3dfUL, 280 0x650a73548baf63deUL, 0x766a0abb3c77b2a8UL, 281 0x81c2c92e47edaee6UL, 0x92722c851482353bUL, 282 0xa2bfe8a14cf10364UL, 0xa81a664bbc423001UL, 283 0xc24b8b70d0f89791UL, 0xc76c51a30654be30UL, 284 0xd192e819d6ef5218UL, 0xd69906245565a910UL, 285 0xf40e35855771202aUL, 0x106aa07032bbd1b8UL, 286 0x19a4c116b8d2d0c8UL, 0x1e376c085141ab53UL, 287 0x2748774cdf8eeb99UL, 0x34b0bcb5e19b48a8UL, 288 0x391c0cb3c5c95a63UL, 0x4ed8aa4ae3418acbUL, 289 0x5b9cca4f7763e373UL, 0x682e6ff3d6b2b8a3UL, 290 0x748f82ee5defb2fcUL, 0x78a5636f43172f60UL, 291 0x84c87814a1f0ab72UL, 0x8cc702081a6439ecUL, 292 0x90befffa23631e28UL, 0xa4506cebde82bde9UL, 293 0xbef9a3f7b2c67915UL, 0xc67178f2e372532bUL, 294 0xca273eceea26619cUL, 0xd186b8c721c0c207UL, 295 0xeada7dd6cde0eb1eUL, 0xf57d4f7fee6ed178UL, 296 0x06f067aa72176fbaUL, 0x0a637dc5a2c898a6UL, 297 0x113f9804bef90daeUL, 0x1b710b35131c471bUL, 298 0x28db77f523047d84UL, 0x32caab7b40c72493UL, 299 0x3c9ebe0a15c9bebcUL, 0x431d67c49c100d4cUL, 300 0x4cc5d4becb3e42b6UL, 0x597f299cfc657e2aUL, 301 0x5fcb6fab3ad6faecUL, 0x6c44198c4a475817UL 302}; 303 304/* Initial hash value H for SHA-384: */ 305static const isc_uint64_t sha384_initial_hash_value[8] = { 306 0xcbbb9d5dc1059ed8UL, 307 0x629a292a367cd507UL, 308 0x9159015a3070dd17UL, 309 0x152fecd8f70e5939UL, 310 0x67332667ffc00b31UL, 311 0x8eb44a8768581511UL, 312 0xdb0c2e0d64f98fa7UL, 313 0x47b5481dbefa4fa4UL 314}; 315 316/* Initial hash value H for SHA-512: */ 317static const isc_uint64_t sha512_initial_hash_value[8] = { 318 0x6a09e667f3bcc908U, 319 0xbb67ae8584caa73bUL, 320 0x3c6ef372fe94f82bUL, 321 0xa54ff53a5f1d36f1UL, 322 0x510e527fade682d1UL, 323 0x9b05688c2b3e6c1fUL, 324 0x1f83d9abfb41bd6bUL, 325 0x5be0cd19137e2179UL 326}; 327#else 328/* Hash constant words K for SHA-384 and SHA-512: */ 329static const isc_uint64_t K512[80] = { 330 0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL, 331 0xb5c0fbcfec4d3b2fULL, 0xe9b5dba58189dbbcULL, 332 0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL, 333 0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL, 334 0xd807aa98a3030242ULL, 0x12835b0145706fbeULL, 335 0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL, 336 0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL, 337 0x9bdc06a725c71235ULL, 0xc19bf174cf692694ULL, 338 0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL, 339 0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL, 340 0x2de92c6f592b0275ULL, 0x4a7484aa6ea6e483ULL, 341 0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL, 342 0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL, 343 0xb00327c898fb213fULL, 0xbf597fc7beef0ee4ULL, 344 0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL, 345 0x06ca6351e003826fULL, 0x142929670a0e6e70ULL, 346 0x27b70a8546d22ffcULL, 0x2e1b21385c26c926ULL, 347 0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL, 348 0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL, 349 0x81c2c92e47edaee6ULL, 0x92722c851482353bULL, 350 0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL, 351 0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL, 352 0xd192e819d6ef5218ULL, 0xd69906245565a910ULL, 353 0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL, 354 0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL, 355 0x2748774cdf8eeb99ULL, 0x34b0bcb5e19b48a8ULL, 356 0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL, 357 0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL, 358 0x748f82ee5defb2fcULL, 0x78a5636f43172f60ULL, 359 0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL, 360 0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL, 361 0xbef9a3f7b2c67915ULL, 0xc67178f2e372532bULL, 362 0xca273eceea26619cULL, 0xd186b8c721c0c207ULL, 363 0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL, 364 0x06f067aa72176fbaULL, 0x0a637dc5a2c898a6ULL, 365 0x113f9804bef90daeULL, 0x1b710b35131c471bULL, 366 0x28db77f523047d84ULL, 0x32caab7b40c72493ULL, 367 0x3c9ebe0a15c9bebcULL, 0x431d67c49c100d4cULL, 368 0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL, 369 0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL 370}; 371 372/* Initial hash value H for SHA-384: */ 373static const isc_uint64_t sha384_initial_hash_value[8] = { 374 0xcbbb9d5dc1059ed8ULL, 375 0x629a292a367cd507ULL, 376 0x9159015a3070dd17ULL, 377 0x152fecd8f70e5939ULL, 378 0x67332667ffc00b31ULL, 379 0x8eb44a8768581511ULL, 380 0xdb0c2e0d64f98fa7ULL, 381 0x47b5481dbefa4fa4ULL 382}; 383 384/* Initial hash value H for SHA-512: */ 385static const isc_uint64_t sha512_initial_hash_value[8] = { 386 0x6a09e667f3bcc908ULL, 387 0xbb67ae8584caa73bULL, 388 0x3c6ef372fe94f82bULL, 389 0xa54ff53a5f1d36f1ULL, 390 0x510e527fade682d1ULL, 391 0x9b05688c2b3e6c1fULL, 392 0x1f83d9abfb41bd6bULL, 393 0x5be0cd19137e2179ULL 394}; 395#endif 396 397/* 398 * Constant used by SHA256/384/512_End() functions for converting the 399 * digest to a readable hexadecimal character string: 400 */ 401static const char *sha2_hex_digits = "0123456789abcdef"; 402 403 404 405/*** SHA-224: *********************************************************/ 406void 407isc_sha224_init(isc_sha224_t *context) { 408 if (context == (isc_sha256_t *)0) { 409 return; 410 } 411 memcpy(context->state, sha224_initial_hash_value, 412 ISC_SHA256_DIGESTLENGTH); 413 memset(context->buffer, 0, ISC_SHA256_BLOCK_LENGTH); 414 context->bitcount = 0; 415} 416 417void 418isc_sha224_invalidate(isc_sha224_t *context) { 419 memset(context, 0, sizeof(isc_sha224_t)); 420} 421 422void 423isc_sha224_update(isc_sha224_t *context, const isc_uint8_t* data, size_t len) { 424 isc_sha256_update((isc_sha256_t *)context, data, len); 425} 426 427void 428isc_sha224_final(isc_uint8_t digest[], isc_sha224_t *context) { 429 isc_uint8_t sha256_digest[ISC_SHA256_DIGESTLENGTH]; 430 isc_sha256_final(sha256_digest, (isc_sha256_t *)context); 431 memcpy(digest, sha256_digest, ISC_SHA224_DIGESTLENGTH); 432 memset(sha256_digest, 0, ISC_SHA256_DIGESTLENGTH); 433} 434 435char * 436isc_sha224_end(isc_sha224_t *context, char buffer[]) { 437 isc_uint8_t digest[ISC_SHA224_DIGESTLENGTH], *d = digest; 438 unsigned int i; 439 440 /* Sanity check: */ 441 REQUIRE(context != (isc_sha224_t *)0); 442 443 if (buffer != (char*)0) { 444 isc_sha224_final(digest, context); 445 446 for (i = 0; i < ISC_SHA224_DIGESTLENGTH; i++) { 447 *buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4]; 448 *buffer++ = sha2_hex_digits[*d & 0x0f]; 449 d++; 450 } 451 *buffer = (char)0; 452 } else { 453 memset(context, 0, sizeof(context)); 454 } 455 memset(digest, 0, ISC_SHA224_DIGESTLENGTH); 456 return buffer; 457} 458 459char* 460isc_sha224_data(const isc_uint8_t *data, size_t len, 461 char digest[ISC_SHA224_DIGESTSTRINGLENGTH]) 462{ 463 isc_sha224_t context; 464 465 isc_sha224_init(&context); 466 isc_sha224_update(&context, data, len); 467 return (isc_sha224_end(&context, digest)); 468} 469 470/*** SHA-256: *********************************************************/ 471void 472isc_sha256_init(isc_sha256_t *context) { 473 if (context == (isc_sha256_t *)0) { 474 return; 475 } 476 memcpy(context->state, sha256_initial_hash_value, 477 ISC_SHA256_DIGESTLENGTH); 478 memset(context->buffer, 0, ISC_SHA256_BLOCK_LENGTH); 479 context->bitcount = 0; 480} 481 482#ifdef ISC_SHA2_UNROLL_TRANSFORM 483 484/* Unrolled SHA-256 round macros: */ 485 486#if BYTE_ORDER == LITTLE_ENDIAN 487 488#define ROUND256_0_TO_15(a,b,c,d,e,f,g,h) \ 489 REVERSE32(*data++, W256[j]); \ 490 T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + \ 491 K256[j] + W256[j]; \ 492 (d) += T1; \ 493 (h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \ 494 j++ 495 496 497#else /* BYTE_ORDER == LITTLE_ENDIAN */ 498 499#define ROUND256_0_TO_15(a,b,c,d,e,f,g,h) \ 500 T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + \ 501 K256[j] + (W256[j] = *data++); \ 502 (d) += T1; \ 503 (h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \ 504 j++ 505 506#endif /* BYTE_ORDER == LITTLE_ENDIAN */ 507 508#define ROUND256(a,b,c,d,e,f,g,h) \ 509 s0 = W256[(j+1)&0x0f]; \ 510 s0 = sigma0_256(s0); \ 511 s1 = W256[(j+14)&0x0f]; \ 512 s1 = sigma1_256(s1); \ 513 T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + K256[j] + \ 514 (W256[j&0x0f] += s1 + W256[(j+9)&0x0f] + s0); \ 515 (d) += T1; \ 516 (h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \ 517 j++ 518 519void isc_sha256_transform(isc_sha256_t *context, const isc_uint32_t* data) { 520 isc_uint32_t a, b, c, d, e, f, g, h, s0, s1; 521 isc_uint32_t T1, *W256; 522 int j; 523 524 W256 = (isc_uint32_t*)context->buffer; 525 526 /* Initialize registers with the prev. intermediate value */ 527 a = context->state[0]; 528 b = context->state[1]; 529 c = context->state[2]; 530 d = context->state[3]; 531 e = context->state[4]; 532 f = context->state[5]; 533 g = context->state[6]; 534 h = context->state[7]; 535 536 j = 0; 537 do { 538 /* Rounds 0 to 15 (unrolled): */ 539 ROUND256_0_TO_15(a,b,c,d,e,f,g,h); 540 ROUND256_0_TO_15(h,a,b,c,d,e,f,g); 541 ROUND256_0_TO_15(g,h,a,b,c,d,e,f); 542 ROUND256_0_TO_15(f,g,h,a,b,c,d,e); 543 ROUND256_0_TO_15(e,f,g,h,a,b,c,d); 544 ROUND256_0_TO_15(d,e,f,g,h,a,b,c); 545 ROUND256_0_TO_15(c,d,e,f,g,h,a,b); 546 ROUND256_0_TO_15(b,c,d,e,f,g,h,a); 547 } while (j < 16); 548 549 /* Now for the remaining rounds to 64: */ 550 do { 551 ROUND256(a,b,c,d,e,f,g,h); 552 ROUND256(h,a,b,c,d,e,f,g); 553 ROUND256(g,h,a,b,c,d,e,f); 554 ROUND256(f,g,h,a,b,c,d,e); 555 ROUND256(e,f,g,h,a,b,c,d); 556 ROUND256(d,e,f,g,h,a,b,c); 557 ROUND256(c,d,e,f,g,h,a,b); 558 ROUND256(b,c,d,e,f,g,h,a); 559 } while (j < 64); 560 561 /* Compute the current intermediate hash value */ 562 context->state[0] += a; 563 context->state[1] += b; 564 context->state[2] += c; 565 context->state[3] += d; 566 context->state[4] += e; 567 context->state[5] += f; 568 context->state[6] += g; 569 context->state[7] += h; 570 571 /* Clean up */ 572 a = b = c = d = e = f = g = h = T1 = 0; 573} 574 575#else /* ISC_SHA2_UNROLL_TRANSFORM */ 576 577void 578isc_sha256_transform(isc_sha256_t *context, const isc_uint32_t* data) { 579 isc_uint32_t a, b, c, d, e, f, g, h, s0, s1; 580 isc_uint32_t T1, T2, *W256; 581 int j; 582 583 W256 = (isc_uint32_t*)context->buffer; 584 585 /* Initialize registers with the prev. intermediate value */ 586 a = context->state[0]; 587 b = context->state[1]; 588 c = context->state[2]; 589 d = context->state[3]; 590 e = context->state[4]; 591 f = context->state[5]; 592 g = context->state[6]; 593 h = context->state[7]; 594 595 j = 0; 596 do { 597#if BYTE_ORDER == LITTLE_ENDIAN 598 /* Copy data while converting to host byte order */ 599 REVERSE32(*data++,W256[j]); 600 /* Apply the SHA-256 compression function to update a..h */ 601 T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + W256[j]; 602#else /* BYTE_ORDER == LITTLE_ENDIAN */ 603 /* Apply the SHA-256 compression function to update a..h with copy */ 604 T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + (W256[j] = *data++); 605#endif /* BYTE_ORDER == LITTLE_ENDIAN */ 606 T2 = Sigma0_256(a) + Maj(a, b, c); 607 h = g; 608 g = f; 609 f = e; 610 e = d + T1; 611 d = c; 612 c = b; 613 b = a; 614 a = T1 + T2; 615 616 j++; 617 } while (j < 16); 618 619 do { 620 /* Part of the message block expansion: */ 621 s0 = W256[(j+1)&0x0f]; 622 s0 = sigma0_256(s0); 623 s1 = W256[(j+14)&0x0f]; 624 s1 = sigma1_256(s1); 625 626 /* Apply the SHA-256 compression function to update a..h */ 627 T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + 628 (W256[j&0x0f] += s1 + W256[(j+9)&0x0f] + s0); 629 T2 = Sigma0_256(a) + Maj(a, b, c); 630 h = g; 631 g = f; 632 f = e; 633 e = d + T1; 634 d = c; 635 c = b; 636 b = a; 637 a = T1 + T2; 638 639 j++; 640 } while (j < 64); 641 642 /* Compute the current intermediate hash value */ 643 context->state[0] += a; 644 context->state[1] += b; 645 context->state[2] += c; 646 context->state[3] += d; 647 context->state[4] += e; 648 context->state[5] += f; 649 context->state[6] += g; 650 context->state[7] += h; 651 652 /* Clean up */ 653 a = b = c = d = e = f = g = h = T1 = T2 = 0; 654} 655 656#endif /* ISC_SHA2_UNROLL_TRANSFORM */ 657 658void 659isc_sha256_invalidate(isc_sha256_t *context) { 660 memset(context, 0, sizeof(isc_sha256_t)); 661} 662 663void 664isc_sha256_update(isc_sha256_t *context, const isc_uint8_t *data, size_t len) { 665 unsigned int freespace, usedspace; 666 667 if (len == 0U) { 668 /* Calling with no data is valid - we do nothing */ 669 return; 670 } 671 672 /* Sanity check: */ 673 REQUIRE(context != (isc_sha256_t *)0 && data != (isc_uint8_t*)0); 674 675 usedspace = (unsigned int)((context->bitcount >> 3) % 676 ISC_SHA256_BLOCK_LENGTH); 677 if (usedspace > 0) { 678 /* Calculate how much free space is available in the buffer */ 679 freespace = ISC_SHA256_BLOCK_LENGTH - usedspace; 680 681 if (len >= freespace) { 682 /* Fill the buffer completely and process it */ 683 memcpy(&context->buffer[usedspace], data, freespace); 684 context->bitcount += freespace << 3; 685 len -= freespace; 686 data += freespace; 687 isc_sha256_transform(context, 688 (isc_uint32_t*)context->buffer); 689 } else { 690 /* The buffer is not yet full */ 691 memcpy(&context->buffer[usedspace], data, len); 692 context->bitcount += len << 3; 693 /* Clean up: */ 694 usedspace = freespace = 0; 695 return; 696 } 697 } 698 while (len >= ISC_SHA256_BLOCK_LENGTH) { 699 /* Process as many complete blocks as we can */ 700 memcpy(context->buffer, data, ISC_SHA256_BLOCK_LENGTH); 701 isc_sha256_transform(context, (isc_uint32_t*)context->buffer); 702 context->bitcount += ISC_SHA256_BLOCK_LENGTH << 3; 703 len -= ISC_SHA256_BLOCK_LENGTH; 704 data += ISC_SHA256_BLOCK_LENGTH; 705 } 706 if (len > 0U) { 707 /* There's left-overs, so save 'em */ 708 memcpy(context->buffer, data, len); 709 context->bitcount += len << 3; 710 } 711 /* Clean up: */ 712 usedspace = freespace = 0; 713} 714 715void 716isc_sha256_final(isc_uint8_t digest[], isc_sha256_t *context) { 717 isc_uint32_t *d = (isc_uint32_t*)digest; 718 unsigned int usedspace; 719 720 /* Sanity check: */ 721 REQUIRE(context != (isc_sha256_t *)0); 722 723 /* If no digest buffer is passed, we don't bother doing this: */ 724 if (digest != (isc_uint8_t*)0) { 725 usedspace = (unsigned int)((context->bitcount >> 3) % 726 ISC_SHA256_BLOCK_LENGTH); 727#if BYTE_ORDER == LITTLE_ENDIAN 728 /* Convert FROM host byte order */ 729 REVERSE64(context->bitcount,context->bitcount); 730#endif 731 if (usedspace > 0) { 732 /* Begin padding with a 1 bit: */ 733 context->buffer[usedspace++] = 0x80; 734 735 if (usedspace <= ISC_SHA256_SHORT_BLOCK_LENGTH) { 736 /* Set-up for the last transform: */ 737 memset(&context->buffer[usedspace], 0, 738 ISC_SHA256_SHORT_BLOCK_LENGTH - usedspace); 739 } else { 740 if (usedspace < ISC_SHA256_BLOCK_LENGTH) { 741 memset(&context->buffer[usedspace], 0, 742 ISC_SHA256_BLOCK_LENGTH - 743 usedspace); 744 } 745 /* Do second-to-last transform: */ 746 isc_sha256_transform(context, 747 (isc_uint32_t*)context->buffer); 748 749 /* And set-up for the last transform: */ 750 memset(context->buffer, 0, 751 ISC_SHA256_SHORT_BLOCK_LENGTH); 752 } 753 } else { 754 /* Set-up for the last transform: */ 755 memset(context->buffer, 0, ISC_SHA256_SHORT_BLOCK_LENGTH); 756 757 /* Begin padding with a 1 bit: */ 758 *context->buffer = 0x80; 759 } 760 /* Set the bit count: */ 761 *(isc_uint64_t*)&context->buffer[ISC_SHA256_SHORT_BLOCK_LENGTH] = context->bitcount; 762 763 /* Final transform: */ 764 isc_sha256_transform(context, (isc_uint32_t*)context->buffer); 765 766#if BYTE_ORDER == LITTLE_ENDIAN 767 { 768 /* Convert TO host byte order */ 769 int j; 770 for (j = 0; j < 8; j++) { 771 REVERSE32(context->state[j],context->state[j]); 772 *d++ = context->state[j]; 773 } 774 } 775#else 776 memcpy(d, context->state, ISC_SHA256_DIGESTLENGTH); 777#endif 778 } 779 780 /* Clean up state data: */ 781 memset(context, 0, sizeof(context)); 782 usedspace = 0; 783} 784 785char * 786isc_sha256_end(isc_sha256_t *context, char buffer[]) { 787 isc_uint8_t digest[ISC_SHA256_DIGESTLENGTH], *d = digest; 788 unsigned int i; 789 790 /* Sanity check: */ 791 REQUIRE(context != (isc_sha256_t *)0); 792 793 if (buffer != (char*)0) { 794 isc_sha256_final(digest, context); 795 796 for (i = 0; i < ISC_SHA256_DIGESTLENGTH; i++) { 797 *buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4]; 798 *buffer++ = sha2_hex_digits[*d & 0x0f]; 799 d++; 800 } 801 *buffer = (char)0; 802 } else { 803 memset(context, 0, sizeof(context)); 804 } 805 memset(digest, 0, ISC_SHA256_DIGESTLENGTH); 806 return buffer; 807} 808 809char * 810isc_sha256_data(const isc_uint8_t* data, size_t len, 811 char digest[ISC_SHA256_DIGESTSTRINGLENGTH]) 812{ 813 isc_sha256_t context; 814 815 isc_sha256_init(&context); 816 isc_sha256_update(&context, data, len); 817 return (isc_sha256_end(&context, digest)); 818} 819 820 821/*** SHA-512: *********************************************************/ 822void 823isc_sha512_init(isc_sha512_t *context) { 824 if (context == (isc_sha512_t *)0) { 825 return; 826 } 827 memcpy(context->state, sha512_initial_hash_value, 828 ISC_SHA512_DIGESTLENGTH); 829 memset(context->buffer, 0, ISC_SHA512_BLOCK_LENGTH); 830 context->bitcount[0] = context->bitcount[1] = 0; 831} 832 833#ifdef ISC_SHA2_UNROLL_TRANSFORM 834 835/* Unrolled SHA-512 round macros: */ 836#if BYTE_ORDER == LITTLE_ENDIAN 837 838#define ROUND512_0_TO_15(a,b,c,d,e,f,g,h) \ 839 REVERSE64(*data++, W512[j]); \ 840 T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + \ 841 K512[j] + W512[j]; \ 842 (d) += T1, \ 843 (h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)), \ 844 j++ 845 846 847#else /* BYTE_ORDER == LITTLE_ENDIAN */ 848 849#define ROUND512_0_TO_15(a,b,c,d,e,f,g,h) \ 850 T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + \ 851 K512[j] + (W512[j] = *data++); \ 852 (d) += T1; \ 853 (h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)); \ 854 j++ 855 856#endif /* BYTE_ORDER == LITTLE_ENDIAN */ 857 858#define ROUND512(a,b,c,d,e,f,g,h) \ 859 s0 = W512[(j+1)&0x0f]; \ 860 s0 = sigma0_512(s0); \ 861 s1 = W512[(j+14)&0x0f]; \ 862 s1 = sigma1_512(s1); \ 863 T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + K512[j] + \ 864 (W512[j&0x0f] += s1 + W512[(j+9)&0x0f] + s0); \ 865 (d) += T1; \ 866 (h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)); \ 867 j++ 868 869void isc_sha512_transform(isc_sha512_t *context, const isc_uint64_t* data) { 870 isc_uint64_t a, b, c, d, e, f, g, h, s0, s1; 871 isc_uint64_t T1, *W512 = (isc_uint64_t*)context->buffer; 872 int j; 873 874 /* Initialize registers with the prev. intermediate value */ 875 a = context->state[0]; 876 b = context->state[1]; 877 c = context->state[2]; 878 d = context->state[3]; 879 e = context->state[4]; 880 f = context->state[5]; 881 g = context->state[6]; 882 h = context->state[7]; 883 884 j = 0; 885 do { 886 ROUND512_0_TO_15(a,b,c,d,e,f,g,h); 887 ROUND512_0_TO_15(h,a,b,c,d,e,f,g); 888 ROUND512_0_TO_15(g,h,a,b,c,d,e,f); 889 ROUND512_0_TO_15(f,g,h,a,b,c,d,e); 890 ROUND512_0_TO_15(e,f,g,h,a,b,c,d); 891 ROUND512_0_TO_15(d,e,f,g,h,a,b,c); 892 ROUND512_0_TO_15(c,d,e,f,g,h,a,b); 893 ROUND512_0_TO_15(b,c,d,e,f,g,h,a); 894 } while (j < 16); 895 896 /* Now for the remaining rounds up to 79: */ 897 do { 898 ROUND512(a,b,c,d,e,f,g,h); 899 ROUND512(h,a,b,c,d,e,f,g); 900 ROUND512(g,h,a,b,c,d,e,f); 901 ROUND512(f,g,h,a,b,c,d,e); 902 ROUND512(e,f,g,h,a,b,c,d); 903 ROUND512(d,e,f,g,h,a,b,c); 904 ROUND512(c,d,e,f,g,h,a,b); 905 ROUND512(b,c,d,e,f,g,h,a); 906 } while (j < 80); 907 908 /* Compute the current intermediate hash value */ 909 context->state[0] += a; 910 context->state[1] += b; 911 context->state[2] += c; 912 context->state[3] += d; 913 context->state[4] += e; 914 context->state[5] += f; 915 context->state[6] += g; 916 context->state[7] += h; 917 918 /* Clean up */ 919 a = b = c = d = e = f = g = h = T1 = 0; 920} 921 922#else /* ISC_SHA2_UNROLL_TRANSFORM */ 923 924void 925isc_sha512_transform(isc_sha512_t *context, const isc_uint64_t* data) { 926 isc_uint64_t a, b, c, d, e, f, g, h, s0, s1; 927 isc_uint64_t T1, T2, *W512 = (isc_uint64_t*)context->buffer; 928 int j; 929 930 /* Initialize registers with the prev. intermediate value */ 931 a = context->state[0]; 932 b = context->state[1]; 933 c = context->state[2]; 934 d = context->state[3]; 935 e = context->state[4]; 936 f = context->state[5]; 937 g = context->state[6]; 938 h = context->state[7]; 939 940 j = 0; 941 do { 942#if BYTE_ORDER == LITTLE_ENDIAN 943 /* Convert TO host byte order */ 944 REVERSE64(*data++, W512[j]); 945 /* Apply the SHA-512 compression function to update a..h */ 946 T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + W512[j]; 947#else /* BYTE_ORDER == LITTLE_ENDIAN */ 948 /* Apply the SHA-512 compression function to update a..h with copy */ 949 T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + (W512[j] = *data++); 950#endif /* BYTE_ORDER == LITTLE_ENDIAN */ 951 T2 = Sigma0_512(a) + Maj(a, b, c); 952 h = g; 953 g = f; 954 f = e; 955 e = d + T1; 956 d = c; 957 c = b; 958 b = a; 959 a = T1 + T2; 960 961 j++; 962 } while (j < 16); 963 964 do { 965 /* Part of the message block expansion: */ 966 s0 = W512[(j+1)&0x0f]; 967 s0 = sigma0_512(s0); 968 s1 = W512[(j+14)&0x0f]; 969 s1 = sigma1_512(s1); 970 971 /* Apply the SHA-512 compression function to update a..h */ 972 T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + 973 (W512[j&0x0f] += s1 + W512[(j+9)&0x0f] + s0); 974 T2 = Sigma0_512(a) + Maj(a, b, c); 975 h = g; 976 g = f; 977 f = e; 978 e = d + T1; 979 d = c; 980 c = b; 981 b = a; 982 a = T1 + T2; 983 984 j++; 985 } while (j < 80); 986 987 /* Compute the current intermediate hash value */ 988 context->state[0] += a; 989 context->state[1] += b; 990 context->state[2] += c; 991 context->state[3] += d; 992 context->state[4] += e; 993 context->state[5] += f; 994 context->state[6] += g; 995 context->state[7] += h; 996 997 /* Clean up */ 998 a = b = c = d = e = f = g = h = T1 = T2 = 0; 999} 1000 1001#endif /* ISC_SHA2_UNROLL_TRANSFORM */ 1002 1003void 1004isc_sha512_invalidate(isc_sha512_t *context) { 1005 memset(context, 0, sizeof(isc_sha512_t)); 1006} 1007 1008void 1009isc_sha512_update(isc_sha512_t *context, const isc_uint8_t *data, size_t len) { 1010 unsigned int freespace, usedspace; 1011 1012 if (len == 0U) { 1013 /* Calling with no data is valid - we do nothing */ 1014 return; 1015 } 1016 1017 /* Sanity check: */ 1018 REQUIRE(context != (isc_sha512_t *)0 && data != (isc_uint8_t*)0); 1019 1020 usedspace = (unsigned int)((context->bitcount[0] >> 3) % 1021 ISC_SHA512_BLOCK_LENGTH); 1022 if (usedspace > 0) { 1023 /* Calculate how much free space is available in the buffer */ 1024 freespace = ISC_SHA512_BLOCK_LENGTH - usedspace; 1025 1026 if (len >= freespace) { 1027 /* Fill the buffer completely and process it */ 1028 memcpy(&context->buffer[usedspace], data, freespace); 1029 ADDINC128(context->bitcount, freespace << 3); 1030 len -= freespace; 1031 data += freespace; 1032 isc_sha512_transform(context, 1033 (isc_uint64_t*)context->buffer); 1034 } else { 1035 /* The buffer is not yet full */ 1036 memcpy(&context->buffer[usedspace], data, len); 1037 ADDINC128(context->bitcount, len << 3); 1038 /* Clean up: */ 1039 usedspace = freespace = 0; 1040 return; 1041 } 1042 } 1043 while (len >= ISC_SHA512_BLOCK_LENGTH) { 1044 /* Process as many complete blocks as we can */ 1045 memcpy(context->buffer, data, ISC_SHA512_BLOCK_LENGTH); 1046 isc_sha512_transform(context, (isc_uint64_t*)context->buffer); 1047 ADDINC128(context->bitcount, ISC_SHA512_BLOCK_LENGTH << 3); 1048 len -= ISC_SHA512_BLOCK_LENGTH; 1049 data += ISC_SHA512_BLOCK_LENGTH; 1050 } 1051 if (len > 0U) { 1052 /* There's left-overs, so save 'em */ 1053 memcpy(context->buffer, data, len); 1054 ADDINC128(context->bitcount, len << 3); 1055 } 1056 /* Clean up: */ 1057 usedspace = freespace = 0; 1058} 1059 1060void isc_sha512_last(isc_sha512_t *context) { 1061 unsigned int usedspace; 1062 1063 usedspace = (unsigned int)((context->bitcount[0] >> 3) % 1064 ISC_SHA512_BLOCK_LENGTH); 1065#if BYTE_ORDER == LITTLE_ENDIAN 1066 /* Convert FROM host byte order */ 1067 REVERSE64(context->bitcount[0],context->bitcount[0]); 1068 REVERSE64(context->bitcount[1],context->bitcount[1]); 1069#endif 1070 if (usedspace > 0) { 1071 /* Begin padding with a 1 bit: */ 1072 context->buffer[usedspace++] = 0x80; 1073 1074 if (usedspace <= ISC_SHA512_SHORT_BLOCK_LENGTH) { 1075 /* Set-up for the last transform: */ 1076 memset(&context->buffer[usedspace], 0, 1077 ISC_SHA512_SHORT_BLOCK_LENGTH - usedspace); 1078 } else { 1079 if (usedspace < ISC_SHA512_BLOCK_LENGTH) { 1080 memset(&context->buffer[usedspace], 0, 1081 ISC_SHA512_BLOCK_LENGTH - usedspace); 1082 } 1083 /* Do second-to-last transform: */ 1084 isc_sha512_transform(context, 1085 (isc_uint64_t*)context->buffer); 1086 1087 /* And set-up for the last transform: */ 1088 memset(context->buffer, 0, ISC_SHA512_BLOCK_LENGTH - 2); 1089 } 1090 } else { 1091 /* Prepare for final transform: */ 1092 memset(context->buffer, 0, ISC_SHA512_SHORT_BLOCK_LENGTH); 1093 1094 /* Begin padding with a 1 bit: */ 1095 *context->buffer = 0x80; 1096 } 1097 /* Store the length of input data (in bits): */ 1098 *(isc_uint64_t*)&context->buffer[ISC_SHA512_SHORT_BLOCK_LENGTH] = context->bitcount[1]; 1099 *(isc_uint64_t*)&context->buffer[ISC_SHA512_SHORT_BLOCK_LENGTH+8] = context->bitcount[0]; 1100 1101 /* Final transform: */ 1102 isc_sha512_transform(context, (isc_uint64_t*)context->buffer); 1103} 1104 1105void isc_sha512_final(isc_uint8_t digest[], isc_sha512_t *context) { 1106 isc_uint64_t *d = (isc_uint64_t*)digest; 1107 1108 /* Sanity check: */ 1109 REQUIRE(context != (isc_sha512_t *)0); 1110 1111 /* If no digest buffer is passed, we don't bother doing this: */ 1112 if (digest != (isc_uint8_t*)0) { 1113 isc_sha512_last(context); 1114 1115 /* Save the hash data for output: */ 1116#if BYTE_ORDER == LITTLE_ENDIAN 1117 { 1118 /* Convert TO host byte order */ 1119 int j; 1120 for (j = 0; j < 8; j++) { 1121 REVERSE64(context->state[j],context->state[j]); 1122 *d++ = context->state[j]; 1123 } 1124 } 1125#else 1126 memcpy(d, context->state, ISC_SHA512_DIGESTLENGTH); 1127#endif 1128 } 1129 1130 /* Zero out state data */ 1131 memset(context, 0, sizeof(context)); 1132} 1133 1134char * 1135isc_sha512_end(isc_sha512_t *context, char buffer[]) { 1136 isc_uint8_t digest[ISC_SHA512_DIGESTLENGTH], *d = digest; 1137 unsigned int i; 1138 1139 /* Sanity check: */ 1140 REQUIRE(context != (isc_sha512_t *)0); 1141 1142 if (buffer != (char*)0) { 1143 isc_sha512_final(digest, context); 1144 1145 for (i = 0; i < ISC_SHA512_DIGESTLENGTH; i++) { 1146 *buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4]; 1147 *buffer++ = sha2_hex_digits[*d & 0x0f]; 1148 d++; 1149 } 1150 *buffer = (char)0; 1151 } else { 1152 memset(context, 0, sizeof(context)); 1153 } 1154 memset(digest, 0, ISC_SHA512_DIGESTLENGTH); 1155 return buffer; 1156} 1157 1158char * 1159isc_sha512_data(const isc_uint8_t *data, size_t len, 1160 char digest[ISC_SHA512_DIGESTSTRINGLENGTH]) 1161{ 1162 isc_sha512_t context; 1163 1164 isc_sha512_init(&context); 1165 isc_sha512_update(&context, data, len); 1166 return (isc_sha512_end(&context, digest)); 1167} 1168 1169 1170/*** SHA-384: *********************************************************/ 1171void 1172isc_sha384_init(isc_sha384_t *context) { 1173 if (context == (isc_sha384_t *)0) { 1174 return; 1175 } 1176 memcpy(context->state, sha384_initial_hash_value, 1177 ISC_SHA512_DIGESTLENGTH); 1178 memset(context->buffer, 0, ISC_SHA384_BLOCK_LENGTH); 1179 context->bitcount[0] = context->bitcount[1] = 0; 1180} 1181 1182void 1183isc_sha384_invalidate(isc_sha384_t *context) { 1184 memset(context, 0, sizeof(isc_sha384_t)); 1185} 1186 1187void 1188isc_sha384_update(isc_sha384_t *context, const isc_uint8_t* data, size_t len) { 1189 isc_sha512_update((isc_sha512_t *)context, data, len); 1190} 1191 1192void 1193isc_sha384_final(isc_uint8_t digest[], isc_sha384_t *context) { 1194 isc_uint64_t *d = (isc_uint64_t*)digest; 1195 1196 /* Sanity check: */ 1197 REQUIRE(context != (isc_sha384_t *)0); 1198 1199 /* If no digest buffer is passed, we don't bother doing this: */ 1200 if (digest != (isc_uint8_t*)0) { 1201 isc_sha512_last((isc_sha512_t *)context); 1202 1203 /* Save the hash data for output: */ 1204#if BYTE_ORDER == LITTLE_ENDIAN 1205 { 1206 /* Convert TO host byte order */ 1207 int j; 1208 for (j = 0; j < 6; j++) { 1209 REVERSE64(context->state[j],context->state[j]); 1210 *d++ = context->state[j]; 1211 } 1212 } 1213#else 1214 memcpy(d, context->state, ISC_SHA384_DIGESTLENGTH); 1215#endif 1216 } 1217 1218 /* Zero out state data */ 1219 memset(context, 0, sizeof(context)); 1220} 1221 1222char * 1223isc_sha384_end(isc_sha384_t *context, char buffer[]) { 1224 isc_uint8_t digest[ISC_SHA384_DIGESTLENGTH], *d = digest; 1225 unsigned int i; 1226 1227 /* Sanity check: */ 1228 REQUIRE(context != (isc_sha384_t *)0); 1229 1230 if (buffer != (char*)0) { 1231 isc_sha384_final(digest, context); 1232 1233 for (i = 0; i < ISC_SHA384_DIGESTLENGTH; i++) { 1234 *buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4]; 1235 *buffer++ = sha2_hex_digits[*d & 0x0f]; 1236 d++; 1237 } 1238 *buffer = (char)0; 1239 } else { 1240 memset(context, 0, sizeof(context)); 1241 } 1242 memset(digest, 0, ISC_SHA384_DIGESTLENGTH); 1243 return buffer; 1244} 1245 1246char* 1247isc_sha384_data(const isc_uint8_t *data, size_t len, 1248 char digest[ISC_SHA384_DIGESTSTRINGLENGTH]) 1249{ 1250 isc_sha384_t context; 1251 1252 isc_sha384_init(&context); 1253 isc_sha384_update(&context, data, len); 1254 return (isc_sha384_end(&context, digest)); 1255} 1256