1 #pragma prototyped 2 3 #if _typ_int64_t 4 5 /* 6 * Aaron D. Gifford's SHA {256,384,512} code transcribed into a -lsum method 7 * with bitcount[] order reversed to allow a single noalias buffer copy 8 */ 9 10 /* 11 * Copyright (c) 2000-2001, Aaron D. Gifford 12 * All rights reserved. 13 * 14 * Redistribution and use in source and binary forms, with or without 15 * modification, are permitted provided that the following conditions 16 * are met: 17 * 1. Redistributions of source code must retain the above copyright 18 * notice, this list of conditions and the following disclaimer. 19 * 2. Redistributions in binary form must reproduce the above copyright 20 * notice, this list of conditions and the following disclaimer in the 21 * documentation and/or other materials provided with the distribution. 22 * 3. Neither the name of the copyright holder nor the names of contributors 23 * may be used to endorse or promote products derived from this software 24 * without specific prior written permission. 25 * 26 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTOR(S) ``AS IS'' AND 27 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 28 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 29 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTOR(S) BE LIABLE 30 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 31 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 32 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 33 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 34 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 35 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 36 * SUCH DAMAGE. 37 */ 38 39 /* 40 * ASSERT NOTE: 41 * Some sanity checking code is included using assert(). On my FreeBSD 42 * system, this additional code can be removed by compiling with NDEBUG 43 * defined. Check your own systems manpage on assert() to see how to 44 * compile WITHOUT the sanity checking code on your system. 45 * 46 * UNROLLED TRANSFORM LOOP NOTE: 47 * You can define SHA2_UNROLL_TRANSFORM to use the unrolled transform 48 * loop version for the hash transform rounds (defined using macros 49 * later in this file). Either define on the command line, for example: 50 * 51 * cc -DSHA2_UNROLL_TRANSFORM -o sha2 sha2.c sha2prog.c 52 * 53 * or define below: 54 * 55 * #define SHA2_UNROLL_TRANSFORM 56 * 57 */ 58 59 /*** SHA-256/384/512 Machine Architecture Definitions *****************/ 60 61 #if _PACKAGE_ast 62 63 #ifndef __USE_BSD 64 #define __undef__USE_BSD 65 #define __USE_BSD 66 #endif 67 #include <endian.h> 68 #ifdef __undef__USE_BSD 69 #undef __undef__USE_BSD 70 #undef __USE_BSD 71 #endif 72 73 typedef uint8_t sha2_byte; /* Exactly 1 byte */ 74 typedef uint32_t sha2_word32; /* Exactly 4 bytes */ 75 typedef uint64_t sha2_word64; /* Exactly 8 bytes */ 76 77 #define assert(x) 78 79 #undef R 80 #undef S32 81 #undef S64 82 83 #else /* _PACKAGE_ast */ 84 85 /* 86 * BYTE_ORDER NOTE: 87 * 88 * Please make sure that your system defines BYTE_ORDER. If your 89 * architecture is little-endian, make sure it also defines 90 * LITTLE_ENDIAN and that the two (BYTE_ORDER and LITTLE_ENDIAN) are 91 * equivilent. 92 * 93 * If your system does not define the above, then you can do so by 94 * hand like this: 95 * 96 * #define LITTLE_ENDIAN 1234 97 * #define BIG_ENDIAN 4321 98 * 99 * And for little-endian machines, add: 100 * 101 * #define BYTE_ORDER LITTLE_ENDIAN 102 * 103 * Or for big-endian machines: 104 * 105 * #define BYTE_ORDER BIG_ENDIAN 106 * 107 * The FreeBSD machine this was written on defines BYTE_ORDER 108 * appropriately by including <sys/types.h> (which in turn includes 109 * <machine/endian.h> where the appropriate definitions are actually 110 * made). 111 */ 112 113 #if !defined(BYTE_ORDER) || (BYTE_ORDER != LITTLE_ENDIAN && BYTE_ORDER != BIG_ENDIAN) 114 #error Define BYTE_ORDER to be equal to either LITTLE_ENDIAN or BIG_ENDIAN 115 #endif 116 117 /* 118 * Define the following sha2_* types to types of the correct length on 119 * the native archtecture. Most BSD systems and Linux define u_intXX_t 120 * types. Machines with very recent ANSI C headers, can use the 121 * uintXX_t definintions from inttypes.h by defining SHA2_USE_INTTYPES_H 122 * during compile or in the sha.h header file. 123 * 124 * Machines that support neither u_intXX_t nor inttypes.h's uintXX_t 125 * will need to define these three typedefs below (and the appropriate 126 * ones in sha.h too) by hand according to their system architecture. 127 * 128 * Thank you, Jun-ichiro itojun Hagino, for suggesting using u_intXX_t 129 * types and pointing out recent ANSI C support for uintXX_t in inttypes.h. 130 */ 131 132 #ifdef SHA2_USE_INTTYPES_H 133 134 typedef uint8_t sha2_byte; /* Exactly 1 byte */ 135 typedef uint32_t sha2_word32; /* Exactly 4 bytes */ 136 typedef uint64_t sha2_word64; /* Exactly 8 bytes */ 137 138 #else /* SHA2_USE_INTTYPES_H */ 139 140 typedef u_int8_t sha2_byte; /* Exactly 1 byte */ 141 typedef u_int32_t sha2_word32; /* Exactly 4 bytes */ 142 typedef u_int64_t sha2_word64; /* Exactly 8 bytes */ 143 144 #endif /* SHA2_USE_INTTYPES_H */ 145 146 #endif /* _PACKAGE_ast */ 147 148 /*** SHA-256/384/512 Various Length Definitions ***********************/ 149 150 #define SHA256_BLOCK_LENGTH 64 151 #define SHA256_DIGEST_LENGTH 32 152 #define SHA384_BLOCK_LENGTH 128 153 #define SHA384_DIGEST_LENGTH 48 154 #define SHA512_BLOCK_LENGTH 128 155 #define SHA512_DIGEST_LENGTH 64 156 157 #define SHA256_SHORT_BLOCK_LENGTH (SHA256_BLOCK_LENGTH - 8) 158 #define SHA384_SHORT_BLOCK_LENGTH (SHA384_BLOCK_LENGTH - 16) 159 #define SHA512_SHORT_BLOCK_LENGTH (SHA512_BLOCK_LENGTH - 16) 160 161 /*** ENDIAN REVERSAL MACROS *******************************************/ 162 #if BYTE_ORDER == LITTLE_ENDIAN 163 #define REVERSE32(w,x) { \ 164 sha2_word32 tmp = (w); \ 165 tmp = (tmp >> 16) | (tmp << 16); \ 166 (x) = ((tmp & 0xff00ff00UL) >> 8) | ((tmp & 0x00ff00ffUL) << 8); \ 167 } 168 #if _ast_LL 169 #define REVERSE64(w,x) { \ 170 sha2_word64 tmp = (w); \ 171 tmp = (tmp >> 32) | (tmp << 32); \ 172 tmp = ((tmp & 0xff00ff00ff00ff00ULL) >> 8) | \ 173 ((tmp & 0x00ff00ff00ff00ffULL) << 8); \ 174 (x) = ((tmp & 0xffff0000ffff0000ULL) >> 16) | \ 175 ((tmp & 0x0000ffff0000ffffULL) << 16); \ 176 } 177 #else 178 #define REVERSE64(w,x) { \ 179 sha2_word64 tmp = (w); \ 180 tmp = (tmp >> 32) | (tmp << 32); \ 181 tmp = ((tmp & ((sha2_word64)0xff00ff00ff00ff00)) >> 8) | \ 182 ((tmp & ((sha2_word64)0x00ff00ff00ff00ff)) << 8); \ 183 (x) = ((tmp & ((sha2_word64)0xffff0000ffff0000)) >> 16) | \ 184 ((tmp & ((sha2_word64)0x0000ffff0000ffff)) << 16); \ 185 } 186 #endif 187 #endif /* BYTE_ORDER == LITTLE_ENDIAN */ 188 189 /* 190 * Macro for incrementally adding the unsigned 64-bit integer n to the 191 * unsigned 128-bit integer (represented using a two-element array of 192 * 64-bit words): 193 */ 194 195 #define ADDINC128(w,n) { \ 196 (w)[1] += (sha2_word64)(n); \ 197 if ((w)[1] < (n)) { \ 198 (w)[0]++; \ 199 } \ 200 } 201 202 /* 203 * Macros for copying blocks of memory and for zeroing out ranges 204 * of memory. Using these macros makes it easy to switch from 205 * using memset()/memcpy() and using bzero()/bcopy(). 206 * 207 * Please define either SHA2_USE_MEMSET_MEMCPY or define 208 * SHA2_USE_BZERO_BCOPY depending on which function set you 209 * choose to use: 210 */ 211 212 #if !defined(SHA2_USE_MEMSET_MEMCPY) && !defined(SHA2_USE_BZERO_BCOPY) 213 /* Default to memset()/memcpy() if no option is specified */ 214 #define SHA2_USE_MEMSET_MEMCPY 1 215 #endif 216 #if defined(SHA2_USE_MEMSET_MEMCPY) && defined(SHA2_USE_BZERO_BCOPY) 217 /* Abort with an error if BOTH options are defined */ 218 #error Define either SHA2_USE_MEMSET_MEMCPY or SHA2_USE_BZERO_BCOPY, not both! 219 #endif 220 221 #ifdef SHA2_USE_MEMSET_MEMCPY 222 #define MEMSET_BZERO(p,l) memset((p), 0, (l)) 223 #define MEMCPY_BCOPY(d,s,l) memcpy((d), (s), (l)) 224 #endif 225 #ifdef SHA2_USE_BZERO_BCOPY 226 #define MEMSET_BZERO(p,l) bzero((p), (l)) 227 #define MEMCPY_BCOPY(d,s,l) bcopy((s), (d), (l)) 228 #endif 229 230 231 /*** THE SIX LOGICAL FUNCTIONS ****************************************/ 232 /* 233 * Bit shifting and rotation (used by the six SHA-XYZ logical functions: 234 * 235 * NOTE: The naming of R and S appears backwards here (R is a SHIFT and 236 * S is a ROTATION) because the SHA-256/384/512 description document 237 * (see http://csrc.nist.gov/cryptval/shs/sha256-384-512.pdf) uses this 238 * same "backwards" definition. 239 */ 240 241 /* Shift-right (used in SHA-256, SHA-384, and SHA-512): */ 242 #define R(b,x) ((x) >> (b)) 243 /* 32-bit Rotate-right (used in SHA-256): */ 244 #define S32(b,x) (((x) >> (b)) | ((x) << (32 - (b)))) 245 /* 64-bit Rotate-right (used in SHA-384 and SHA-512): */ 246 #define S64(b,x) (((x) >> (b)) | ((x) << (64 - (b)))) 247 248 /* Two of six logical functions used in SHA-256, SHA-384, and SHA-512: */ 249 #define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z))) 250 #define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) 251 252 /* Four of six logical functions used in SHA-256: */ 253 #define Sigma0_256(x) (S32(2, (x)) ^ S32(13, (x)) ^ S32(22, (x))) 254 #define Sigma1_256(x) (S32(6, (x)) ^ S32(11, (x)) ^ S32(25, (x))) 255 #define sigma0_256(x) (S32(7, (x)) ^ S32(18, (x)) ^ R(3 , (x))) 256 #define sigma1_256(x) (S32(17, (x)) ^ S32(19, (x)) ^ R(10, (x))) 257 258 /* Four of six logical functions used in SHA-384 and SHA-512: */ 259 #define Sigma0_512(x) (S64(28, (x)) ^ S64(34, (x)) ^ S64(39, (x))) 260 #define Sigma1_512(x) (S64(14, (x)) ^ S64(18, (x)) ^ S64(41, (x))) 261 #define sigma0_512(x) (S64( 1, (x)) ^ S64( 8, (x)) ^ R( 7, (x))) 262 #define sigma1_512(x) (S64(19, (x)) ^ S64(61, (x)) ^ R( 6, (x))) 263 264 /*** SHA-XYZ INITIAL HASH VALUES AND CONSTANTS ************************/ 265 /* Hash constant words K for SHA-256: */ 266 static const sha2_word32 K256[64] = { 267 0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL, 268 0x3956c25bUL, 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL, 269 0xd807aa98UL, 0x12835b01UL, 0x243185beUL, 0x550c7dc3UL, 270 0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL, 0xc19bf174UL, 271 0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL, 272 0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL, 273 0x983e5152UL, 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL, 274 0xc6e00bf3UL, 0xd5a79147UL, 0x06ca6351UL, 0x14292967UL, 275 0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL, 0x53380d13UL, 276 0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL, 277 0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL, 278 0xd192e819UL, 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL, 279 0x19a4c116UL, 0x1e376c08UL, 0x2748774cUL, 0x34b0bcb5UL, 280 0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL, 0x682e6ff3UL, 281 0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL, 282 0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL 283 }; 284 285 /* Initial hash value H for SHA-256: */ 286 static const sha2_word32 sha256_initial_hash_value[8] = { 287 0x6a09e667UL, 288 0xbb67ae85UL, 289 0x3c6ef372UL, 290 0xa54ff53aUL, 291 0x510e527fUL, 292 0x9b05688cUL, 293 0x1f83d9abUL, 294 0x5be0cd19UL 295 }; 296 297 /* Hash constant words K for SHA-384 and SHA-512: */ 298 static const sha2_word64 K512[80] = { 299 #if _ast_LL 300 0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL, 301 0xb5c0fbcfec4d3b2fULL, 0xe9b5dba58189dbbcULL, 302 0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL, 303 0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL, 304 0xd807aa98a3030242ULL, 0x12835b0145706fbeULL, 305 0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL, 306 0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL, 307 0x9bdc06a725c71235ULL, 0xc19bf174cf692694ULL, 308 0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL, 309 0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL, 310 0x2de92c6f592b0275ULL, 0x4a7484aa6ea6e483ULL, 311 0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL, 312 0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL, 313 0xb00327c898fb213fULL, 0xbf597fc7beef0ee4ULL, 314 0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL, 315 0x06ca6351e003826fULL, 0x142929670a0e6e70ULL, 316 0x27b70a8546d22ffcULL, 0x2e1b21385c26c926ULL, 317 0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL, 318 0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL, 319 0x81c2c92e47edaee6ULL, 0x92722c851482353bULL, 320 0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL, 321 0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL, 322 0xd192e819d6ef5218ULL, 0xd69906245565a910ULL, 323 0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL, 324 0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL, 325 0x2748774cdf8eeb99ULL, 0x34b0bcb5e19b48a8ULL, 326 0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL, 327 0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL, 328 0x748f82ee5defb2fcULL, 0x78a5636f43172f60ULL, 329 0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL, 330 0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL, 331 0xbef9a3f7b2c67915ULL, 0xc67178f2e372532bULL, 332 0xca273eceea26619cULL, 0xd186b8c721c0c207ULL, 333 0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL, 334 0x06f067aa72176fbaULL, 0x0a637dc5a2c898a6ULL, 335 0x113f9804bef90daeULL, 0x1b710b35131c471bULL, 336 0x28db77f523047d84ULL, 0x32caab7b40c72493ULL, 337 0x3c9ebe0a15c9bebcULL, 0x431d67c49c100d4cULL, 338 0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL, 339 0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL 340 #else 341 ((sha2_word64)0x428a2f98d728ae22), ((sha2_word64)0x7137449123ef65cd), 342 ((sha2_word64)0xb5c0fbcfec4d3b2f), ((sha2_word64)0xe9b5dba58189dbbc), 343 ((sha2_word64)0x3956c25bf348b538), ((sha2_word64)0x59f111f1b605d019), 344 ((sha2_word64)0x923f82a4af194f9b), ((sha2_word64)0xab1c5ed5da6d8118), 345 ((sha2_word64)0xd807aa98a3030242), ((sha2_word64)0x12835b0145706fbe), 346 ((sha2_word64)0x243185be4ee4b28c), ((sha2_word64)0x550c7dc3d5ffb4e2), 347 ((sha2_word64)0x72be5d74f27b896f), ((sha2_word64)0x80deb1fe3b1696b1), 348 ((sha2_word64)0x9bdc06a725c71235), ((sha2_word64)0xc19bf174cf692694), 349 ((sha2_word64)0xe49b69c19ef14ad2), ((sha2_word64)0xefbe4786384f25e3), 350 ((sha2_word64)0x0fc19dc68b8cd5b5), ((sha2_word64)0x240ca1cc77ac9c65), 351 ((sha2_word64)0x2de92c6f592b0275), ((sha2_word64)0x4a7484aa6ea6e483), 352 ((sha2_word64)0x5cb0a9dcbd41fbd4), ((sha2_word64)0x76f988da831153b5), 353 ((sha2_word64)0x983e5152ee66dfab), ((sha2_word64)0xa831c66d2db43210), 354 ((sha2_word64)0xb00327c898fb213f), ((sha2_word64)0xbf597fc7beef0ee4), 355 ((sha2_word64)0xc6e00bf33da88fc2), ((sha2_word64)0xd5a79147930aa725), 356 ((sha2_word64)0x06ca6351e003826f), ((sha2_word64)0x142929670a0e6e70), 357 ((sha2_word64)0x27b70a8546d22ffc), ((sha2_word64)0x2e1b21385c26c926), 358 ((sha2_word64)0x4d2c6dfc5ac42aed), ((sha2_word64)0x53380d139d95b3df), 359 ((sha2_word64)0x650a73548baf63de), ((sha2_word64)0x766a0abb3c77b2a8), 360 ((sha2_word64)0x81c2c92e47edaee6), ((sha2_word64)0x92722c851482353b), 361 ((sha2_word64)0xa2bfe8a14cf10364), ((sha2_word64)0xa81a664bbc423001), 362 ((sha2_word64)0xc24b8b70d0f89791), ((sha2_word64)0xc76c51a30654be30), 363 ((sha2_word64)0xd192e819d6ef5218), ((sha2_word64)0xd69906245565a910), 364 ((sha2_word64)0xf40e35855771202a), ((sha2_word64)0x106aa07032bbd1b8), 365 ((sha2_word64)0x19a4c116b8d2d0c8), ((sha2_word64)0x1e376c085141ab53), 366 ((sha2_word64)0x2748774cdf8eeb99), ((sha2_word64)0x34b0bcb5e19b48a8), 367 ((sha2_word64)0x391c0cb3c5c95a63), ((sha2_word64)0x4ed8aa4ae3418acb), 368 ((sha2_word64)0x5b9cca4f7763e373), ((sha2_word64)0x682e6ff3d6b2b8a3), 369 ((sha2_word64)0x748f82ee5defb2fc), ((sha2_word64)0x78a5636f43172f60), 370 ((sha2_word64)0x84c87814a1f0ab72), ((sha2_word64)0x8cc702081a6439ec), 371 ((sha2_word64)0x90befffa23631e28), ((sha2_word64)0xa4506cebde82bde9), 372 ((sha2_word64)0xbef9a3f7b2c67915), ((sha2_word64)0xc67178f2e372532b), 373 ((sha2_word64)0xca273eceea26619c), ((sha2_word64)0xd186b8c721c0c207), 374 ((sha2_word64)0xeada7dd6cde0eb1e), ((sha2_word64)0xf57d4f7fee6ed178), 375 ((sha2_word64)0x06f067aa72176fba), ((sha2_word64)0x0a637dc5a2c898a6), 376 ((sha2_word64)0x113f9804bef90dae), ((sha2_word64)0x1b710b35131c471b), 377 ((sha2_word64)0x28db77f523047d84), ((sha2_word64)0x32caab7b40c72493), 378 ((sha2_word64)0x3c9ebe0a15c9bebc), ((sha2_word64)0x431d67c49c100d4c), 379 ((sha2_word64)0x4cc5d4becb3e42b6), ((sha2_word64)0x597f299cfc657e2a), 380 ((sha2_word64)0x5fcb6fab3ad6faec), ((sha2_word64)0x6c44198c4a475817) 381 #endif 382 }; 383 384 /* Initial hash value H for SHA-384 */ 385 static const sha2_word64 sha384_initial_hash_value[8] = { 386 #if _ast_LL 387 0xcbbb9d5dc1059ed8ULL, 388 0x629a292a367cd507ULL, 389 0x9159015a3070dd17ULL, 390 0x152fecd8f70e5939ULL, 391 0x67332667ffc00b31ULL, 392 0x8eb44a8768581511ULL, 393 0xdb0c2e0d64f98fa7ULL, 394 0x47b5481dbefa4fa4ULL 395 #else 396 ((sha2_word64)0xcbbb9d5dc1059ed8), 397 ((sha2_word64)0x629a292a367cd507), 398 ((sha2_word64)0x9159015a3070dd17), 399 ((sha2_word64)0x152fecd8f70e5939), 400 ((sha2_word64)0x67332667ffc00b31), 401 ((sha2_word64)0x8eb44a8768581511), 402 ((sha2_word64)0xdb0c2e0d64f98fa7), 403 ((sha2_word64)0x47b5481dbefa4fa4) 404 #endif 405 }; 406 407 /* Initial hash value H for SHA-512 */ 408 static const sha2_word64 sha512_initial_hash_value[8] = { 409 #if _ast_LL 410 0x6a09e667f3bcc908ULL, 411 0xbb67ae8584caa73bULL, 412 0x3c6ef372fe94f82bULL, 413 0xa54ff53a5f1d36f1ULL, 414 0x510e527fade682d1ULL, 415 0x9b05688c2b3e6c1fULL, 416 0x1f83d9abfb41bd6bULL, 417 0x5be0cd19137e2179ULL 418 #else 419 ((sha2_word64)0x6a09e667f3bcc908), 420 ((sha2_word64)0xbb67ae8584caa73b), 421 ((sha2_word64)0x3c6ef372fe94f82b), 422 ((sha2_word64)0xa54ff53a5f1d36f1), 423 ((sha2_word64)0x510e527fade682d1), 424 ((sha2_word64)0x9b05688c2b3e6c1f), 425 ((sha2_word64)0x1f83d9abfb41bd6b), 426 ((sha2_word64)0x5be0cd19137e2179) 427 #endif 428 }; 429 430 /*** SHA-256: *********************************************************/ 431 432 #define sha256_description "FIPS SHA-256 secure hash algorithm." 433 #define sha256_options "\ 434 [+(version)?sha-256 (FIPS) 2000-01-01]\ 435 [+(author)?Aaron D. Gifford]\ 436 " 437 #define sha256_match "sha256|sha-256|SHA256|SHA-256" 438 #define sha256_scale 0 439 440 #define sha256_padding md5_pad 441 442 #define SHA256_CTX Sha256_t 443 444 typedef struct Sha256_s 445 { 446 _SUM_PUBLIC_ 447 _SUM_PRIVATE_ 448 sha2_byte digest[SHA256_DIGEST_LENGTH]; 449 sha2_byte digest_sum[SHA256_DIGEST_LENGTH]; 450 sha2_word32 state[8]; 451 sha2_word64 bitcount; 452 sha2_byte buffer[SHA256_BLOCK_LENGTH]; 453 } Sha256_t; 454 455 #ifdef SHA2_UNROLL_TRANSFORM 456 457 /* Unrolled SHA-256 round macros: */ 458 459 #if BYTE_ORDER == LITTLE_ENDIAN 460 461 #define ROUND256_0_TO_15(a,b,c,d,e,f,g,h) \ 462 REVERSE32(*data++, W256[j]); \ 463 T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + \ 464 K256[j] + W256[j]; \ 465 (d) += T1; \ 466 (h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \ 467 j++ 468 469 470 #else /* BYTE_ORDER == LITTLE_ENDIAN */ 471 472 #define ROUND256_0_TO_15(a,b,c,d,e,f,g,h) \ 473 T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + \ 474 K256[j] + (W256[j] = *data++); \ 475 (d) += T1; \ 476 (h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \ 477 j++ 478 479 #endif /* BYTE_ORDER == LITTLE_ENDIAN */ 480 481 #define ROUND256(a,b,c,d,e,f,g,h) \ 482 s0 = W256[(j+1)&0x0f]; \ 483 s0 = sigma0_256(s0); \ 484 s1 = W256[(j+14)&0x0f]; \ 485 s1 = sigma1_256(s1); \ 486 T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + K256[j] + \ 487 (W256[j&0x0f] += s1 + W256[(j+9)&0x0f] + s0); \ 488 (d) += T1; \ 489 (h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \ 490 j++ 491 492 static void SHA256_Transform(SHA256_CTX* sha, const sha2_word32* data) { 493 sha2_word32 a, b, c, d, e, f, g, h, s0, s1; 494 sha2_word32 T1, *W256; 495 int j; 496 497 W256 = (sha2_word32*)sha->buffer; 498 499 /* Initialize registers with the prev. intermediate value */ 500 a = sha->state[0]; 501 b = sha->state[1]; 502 c = sha->state[2]; 503 d = sha->state[3]; 504 e = sha->state[4]; 505 f = sha->state[5]; 506 g = sha->state[6]; 507 h = sha->state[7]; 508 509 j = 0; 510 do { 511 /* Rounds 0 to 15 (unrolled): */ 512 ROUND256_0_TO_15(a,b,c,d,e,f,g,h); 513 ROUND256_0_TO_15(h,a,b,c,d,e,f,g); 514 ROUND256_0_TO_15(g,h,a,b,c,d,e,f); 515 ROUND256_0_TO_15(f,g,h,a,b,c,d,e); 516 ROUND256_0_TO_15(e,f,g,h,a,b,c,d); 517 ROUND256_0_TO_15(d,e,f,g,h,a,b,c); 518 ROUND256_0_TO_15(c,d,e,f,g,h,a,b); 519 ROUND256_0_TO_15(b,c,d,e,f,g,h,a); 520 } while (j < 16); 521 522 /* Now for the remaining rounds to 64: */ 523 do { 524 ROUND256(a,b,c,d,e,f,g,h); 525 ROUND256(h,a,b,c,d,e,f,g); 526 ROUND256(g,h,a,b,c,d,e,f); 527 ROUND256(f,g,h,a,b,c,d,e); 528 ROUND256(e,f,g,h,a,b,c,d); 529 ROUND256(d,e,f,g,h,a,b,c); 530 ROUND256(c,d,e,f,g,h,a,b); 531 ROUND256(b,c,d,e,f,g,h,a); 532 } while (j < 64); 533 534 /* Compute the current intermediate hash value */ 535 sha->state[0] += a; 536 sha->state[1] += b; 537 sha->state[2] += c; 538 sha->state[3] += d; 539 sha->state[4] += e; 540 sha->state[5] += f; 541 sha->state[6] += g; 542 sha->state[7] += h; 543 544 /* Clean up */ 545 a = b = c = d = e = f = g = h = T1 = 0; 546 } 547 548 #else /* SHA2_UNROLL_TRANSFORM */ 549 550 static void SHA256_Transform(SHA256_CTX* sha, const sha2_word32* data) { 551 sha2_word32 a, b, c, d, e, f, g, h, s0, s1; 552 sha2_word32 T1, T2, *W256; 553 int j; 554 555 W256 = (sha2_word32*)sha->buffer; 556 557 /* Initialize registers with the prev. intermediate value */ 558 a = sha->state[0]; 559 b = sha->state[1]; 560 c = sha->state[2]; 561 d = sha->state[3]; 562 e = sha->state[4]; 563 f = sha->state[5]; 564 g = sha->state[6]; 565 h = sha->state[7]; 566 567 j = 0; 568 do { 569 #if BYTE_ORDER == LITTLE_ENDIAN 570 /* Copy data while converting to host byte order */ 571 REVERSE32(*data++,W256[j]); 572 /* Apply the SHA-256 compression function to update a..h */ 573 T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + W256[j]; 574 #else /* BYTE_ORDER == LITTLE_ENDIAN */ 575 /* Apply the SHA-256 compression function to update a..h with copy */ 576 T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + (W256[j] = *data++); 577 #endif /* BYTE_ORDER == LITTLE_ENDIAN */ 578 T2 = Sigma0_256(a) + Maj(a, b, c); 579 h = g; 580 g = f; 581 f = e; 582 e = d + T1; 583 d = c; 584 c = b; 585 b = a; 586 a = T1 + T2; 587 588 j++; 589 } while (j < 16); 590 591 do { 592 /* Part of the message block expansion: */ 593 s0 = W256[(j+1)&0x0f]; 594 s0 = sigma0_256(s0); 595 s1 = W256[(j+14)&0x0f]; 596 s1 = sigma1_256(s1); 597 598 /* Apply the SHA-256 compression function to update a..h */ 599 T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + 600 (W256[j&0x0f] += s1 + W256[(j+9)&0x0f] + s0); 601 T2 = Sigma0_256(a) + Maj(a, b, c); 602 h = g; 603 g = f; 604 f = e; 605 e = d + T1; 606 d = c; 607 c = b; 608 b = a; 609 a = T1 + T2; 610 611 j++; 612 } while (j < 64); 613 614 /* Compute the current intermediate hash value */ 615 sha->state[0] += a; 616 sha->state[1] += b; 617 sha->state[2] += c; 618 sha->state[3] += d; 619 sha->state[4] += e; 620 sha->state[5] += f; 621 sha->state[6] += g; 622 sha->state[7] += h; 623 624 /* Clean up */ 625 a = b = c = d = e = f = g = h = T1 = T2 = 0; 626 } 627 628 #endif /* SHA2_UNROLL_TRANSFORM */ 629 630 static int 631 sha256_block(register Sum_t* p, const void* s, size_t len) 632 { 633 Sha256_t* sha = (Sha256_t*)p; 634 sha2_byte* data = (sha2_byte*)s; 635 unsigned int freespace, usedspace; 636 637 if (!len) 638 return 0; 639 usedspace = (sha->bitcount >> 3) % SHA256_BLOCK_LENGTH; 640 if (usedspace > 0) { 641 /* Calculate how much free space is available in the buffer */ 642 freespace = SHA256_BLOCK_LENGTH - usedspace; 643 644 if (len >= freespace) { 645 /* Fill the buffer completely and process it */ 646 MEMCPY_BCOPY(&sha->buffer[usedspace], data, freespace); 647 sha->bitcount += freespace << 3; 648 len -= freespace; 649 data += freespace; 650 SHA256_Transform(sha, (sha2_word32*)sha->buffer); 651 } else { 652 /* The buffer is not yet full */ 653 MEMCPY_BCOPY(&sha->buffer[usedspace], data, len); 654 sha->bitcount += len << 3; 655 /* Clean up: */ 656 usedspace = freespace = 0; 657 return 0; 658 } 659 } 660 while (len >= SHA256_BLOCK_LENGTH) { 661 /* Process as many complete blocks as we can */ 662 SHA256_Transform(sha, (sha2_word32*)data); 663 sha->bitcount += SHA256_BLOCK_LENGTH << 3; 664 len -= SHA256_BLOCK_LENGTH; 665 data += SHA256_BLOCK_LENGTH; 666 } 667 if (len > 0) { 668 /* There's left-overs, so save 'em */ 669 MEMCPY_BCOPY(sha->buffer, data, len); 670 sha->bitcount += len << 3; 671 } 672 /* Clean up: */ 673 usedspace = freespace = 0; 674 675 return 0; 676 } 677 678 static int 679 sha256_init(Sum_t* p) 680 { 681 register Sha256_t* sha = (Sha256_t*)p; 682 683 MEMCPY_BCOPY(sha->state, sha256_initial_hash_value, SHA256_DIGEST_LENGTH); 684 MEMSET_BZERO(sha->buffer, SHA256_BLOCK_LENGTH); 685 sha->bitcount = 0; 686 687 return 0; 688 } 689 690 static Sum_t* 691 sha256_open(const Method_t* method, const char* name) 692 { 693 Sha256_t* sha; 694 695 if (sha = newof(0, Sha256_t, 1, 0)) 696 { 697 sha->method = (Method_t*)method; 698 sha->name = name; 699 sha256_init((Sum_t*)sha); 700 } 701 return (Sum_t*)sha; 702 } 703 704 static int 705 sha256_done(Sum_t* p) 706 { 707 Sha256_t* sha = (Sha256_t*)p; 708 unsigned int usedspace; 709 register int i; 710 711 /* Sanity check: */ 712 assert(sha != (SHA256_CTX*)0); 713 714 usedspace = (sha->bitcount >> 3) % SHA256_BLOCK_LENGTH; 715 #if BYTE_ORDER == LITTLE_ENDIAN 716 /* Convert FROM host byte order */ 717 REVERSE64(sha->bitcount,sha->bitcount); 718 #endif 719 if (usedspace > 0) { 720 /* Begin padding with a 1 bit: */ 721 sha->buffer[usedspace++] = 0x80; 722 723 if (usedspace <= SHA256_SHORT_BLOCK_LENGTH) { 724 /* Set-up for the last transform: */ 725 MEMSET_BZERO(&sha->buffer[usedspace], SHA256_SHORT_BLOCK_LENGTH - usedspace); 726 } else { 727 if (usedspace < SHA256_BLOCK_LENGTH) { 728 MEMSET_BZERO(&sha->buffer[usedspace], SHA256_BLOCK_LENGTH - usedspace); 729 } 730 /* Do second-to-last transform: */ 731 SHA256_Transform(sha, (sha2_word32*)sha->buffer); 732 733 /* And set-up for the last transform: */ 734 MEMSET_BZERO(sha->buffer, SHA256_SHORT_BLOCK_LENGTH); 735 } 736 } else { 737 /* Set-up for the last transform: */ 738 MEMSET_BZERO(sha->buffer, SHA256_SHORT_BLOCK_LENGTH); 739 740 /* Begin padding with a 1 bit: */ 741 *sha->buffer = 0x80; 742 } 743 /* Store the length of input data (in bits): */ 744 MEMCPY_BCOPY(&sha->buffer[SHA256_SHORT_BLOCK_LENGTH], &sha->bitcount, 8); 745 746 /* Final transform: */ 747 SHA256_Transform(sha, (sha2_word32*)sha->buffer); 748 749 #if BYTE_ORDER == LITTLE_ENDIAN 750 { 751 /* Convert TO host byte order */ 752 int j; 753 sha2_word32* d = (sha2_word32*)sha->digest; 754 for (j = 0; j < 8; j++) { 755 REVERSE32(sha->state[j],sha->state[j]); 756 *d++ = sha->state[j]; 757 } 758 } 759 #else 760 MEMCPY_BCOPY(sha->digest, sha->state, SHA256_DIGEST_LENGTH); 761 #endif 762 763 /* accumulate the digests */ 764 for (i = 0; i < SHA256_DIGEST_LENGTH; i++) 765 sha->digest_sum[i] ^= sha->digest[i]; 766 767 /* Clean up state data: */ 768 MEMSET_BZERO(&sha->state, sizeof(*sha) - offsetof(Sha256_t, state)); 769 usedspace = 0; 770 771 return 0; 772 } 773 774 static int 775 sha256_print(Sum_t* p, Sfio_t* sp, register int flags, size_t scale) 776 { 777 register Sha256_t* sha = (Sha256_t*)p; 778 register sha2_byte* d; 779 register sha2_byte* e; 780 781 d = (flags & SUM_TOTAL) ? sha->digest_sum : sha->digest; 782 e = d + SHA256_DIGEST_LENGTH; 783 while (d < e) 784 sfprintf(sp, "%02x", *d++); 785 return 0; 786 } 787 788 static int 789 sha256_data(Sum_t* p, Sumdata_t* data) 790 { 791 register Sha256_t* sha = (Sha256_t*)p; 792 793 data->size = SHA256_DIGEST_LENGTH; 794 data->num = 0; 795 data->buf = sha->digest; 796 return 0; 797 } 798 799 /*** SHA-512: *********************************************************/ 800 801 #define sha512_description "FIPS SHA-512 secure hash algorithm." 802 #define sha512_options "\ 803 [+(version)?sha-512 (FIPS) 2000-01-01]\ 804 [+(author)?Aaron D. Gifford]\ 805 " 806 #define sha512_match "sha512|sha-512|SHA512|SHA-512" 807 #define sha512_scale 0 808 809 #define sha512_padding md5_pad 810 811 #define SHA512_CTX Sha512_t 812 813 typedef struct Sha512_s 814 { 815 _SUM_PUBLIC_ 816 _SUM_PRIVATE_ 817 sha2_byte digest[SHA512_DIGEST_LENGTH]; 818 sha2_byte digest_sum[SHA512_DIGEST_LENGTH]; 819 sha2_word64 state[8]; 820 sha2_word64 bitcount[2]; 821 sha2_byte buffer[SHA512_BLOCK_LENGTH]; 822 } Sha512_t; 823 824 #ifdef SHA2_UNROLL_TRANSFORM 825 826 /* Unrolled SHA-512 round macros: */ 827 #if BYTE_ORDER == LITTLE_ENDIAN 828 829 #define ROUND512_0_TO_15(a,b,c,d,e,f,g,h) \ 830 REVERSE64(*data++, W512[j]); \ 831 T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + \ 832 K512[j] + W512[j]; \ 833 (d) += T1, \ 834 (h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)), \ 835 j++ 836 837 838 #else /* BYTE_ORDER == LITTLE_ENDIAN */ 839 840 #define ROUND512_0_TO_15(a,b,c,d,e,f,g,h) \ 841 T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + \ 842 K512[j] + (W512[j] = *data++); \ 843 (d) += T1; \ 844 (h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)); \ 845 j++ 846 847 #endif /* BYTE_ORDER == LITTLE_ENDIAN */ 848 849 #define ROUND512(a,b,c,d,e,f,g,h) \ 850 s0 = W512[(j+1)&0x0f]; \ 851 s0 = sigma0_512(s0); \ 852 s1 = W512[(j+14)&0x0f]; \ 853 s1 = sigma1_512(s1); \ 854 T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + K512[j] + \ 855 (W512[j&0x0f] += s1 + W512[(j+9)&0x0f] + s0); \ 856 (d) += T1; \ 857 (h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)); \ 858 j++ 859 860 static void SHA512_Transform(SHA512_CTX* sha, const sha2_word64* data) { 861 sha2_word64 a, b, c, d, e, f, g, h, s0, s1; 862 sha2_word64 T1, *W512 = (sha2_word64*)sha->buffer; 863 int j; 864 865 /* Initialize registers with the prev. intermediate value */ 866 a = sha->state[0]; 867 b = sha->state[1]; 868 c = sha->state[2]; 869 d = sha->state[3]; 870 e = sha->state[4]; 871 f = sha->state[5]; 872 g = sha->state[6]; 873 h = sha->state[7]; 874 875 j = 0; 876 do { 877 ROUND512_0_TO_15(a,b,c,d,e,f,g,h); 878 ROUND512_0_TO_15(h,a,b,c,d,e,f,g); 879 ROUND512_0_TO_15(g,h,a,b,c,d,e,f); 880 ROUND512_0_TO_15(f,g,h,a,b,c,d,e); 881 ROUND512_0_TO_15(e,f,g,h,a,b,c,d); 882 ROUND512_0_TO_15(d,e,f,g,h,a,b,c); 883 ROUND512_0_TO_15(c,d,e,f,g,h,a,b); 884 ROUND512_0_TO_15(b,c,d,e,f,g,h,a); 885 } while (j < 16); 886 887 /* Now for the remaining rounds up to 79: */ 888 do { 889 ROUND512(a,b,c,d,e,f,g,h); 890 ROUND512(h,a,b,c,d,e,f,g); 891 ROUND512(g,h,a,b,c,d,e,f); 892 ROUND512(f,g,h,a,b,c,d,e); 893 ROUND512(e,f,g,h,a,b,c,d); 894 ROUND512(d,e,f,g,h,a,b,c); 895 ROUND512(c,d,e,f,g,h,a,b); 896 ROUND512(b,c,d,e,f,g,h,a); 897 } while (j < 80); 898 899 /* Compute the current intermediate hash value */ 900 sha->state[0] += a; 901 sha->state[1] += b; 902 sha->state[2] += c; 903 sha->state[3] += d; 904 sha->state[4] += e; 905 sha->state[5] += f; 906 sha->state[6] += g; 907 sha->state[7] += h; 908 909 /* Clean up */ 910 a = b = c = d = e = f = g = h = T1 = 0; 911 } 912 913 #else /* SHA2_UNROLL_TRANSFORM */ 914 915 static void SHA512_Transform(SHA512_CTX* sha, const sha2_word64* data) { 916 sha2_word64 a, b, c, d, e, f, g, h, s0, s1; 917 sha2_word64 T1, T2, *W512 = (sha2_word64*)sha->buffer; 918 int j; 919 920 /* Initialize registers with the prev. intermediate value */ 921 a = sha->state[0]; 922 b = sha->state[1]; 923 c = sha->state[2]; 924 d = sha->state[3]; 925 e = sha->state[4]; 926 f = sha->state[5]; 927 g = sha->state[6]; 928 h = sha->state[7]; 929 930 j = 0; 931 do { 932 #if BYTE_ORDER == LITTLE_ENDIAN 933 /* Convert TO host byte order */ 934 REVERSE64(*data++, W512[j]); 935 /* Apply the SHA-512 compression function to update a..h */ 936 T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + W512[j]; 937 #else /* BYTE_ORDER == LITTLE_ENDIAN */ 938 /* Apply the SHA-512 compression function to update a..h with copy */ 939 T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + (W512[j] = *data++); 940 #endif /* BYTE_ORDER == LITTLE_ENDIAN */ 941 T2 = Sigma0_512(a) + Maj(a, b, c); 942 h = g; 943 g = f; 944 f = e; 945 e = d + T1; 946 d = c; 947 c = b; 948 b = a; 949 a = T1 + T2; 950 951 j++; 952 } while (j < 16); 953 954 do { 955 /* Part of the message block expansion: */ 956 s0 = W512[(j+1)&0x0f]; 957 s0 = sigma0_512(s0); 958 s1 = W512[(j+14)&0x0f]; 959 s1 = sigma1_512(s1); 960 961 /* Apply the SHA-512 compression function to update a..h */ 962 T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + 963 (W512[j&0x0f] += s1 + W512[(j+9)&0x0f] + s0); 964 T2 = Sigma0_512(a) + Maj(a, b, c); 965 h = g; 966 g = f; 967 f = e; 968 e = d + T1; 969 d = c; 970 c = b; 971 b = a; 972 a = T1 + T2; 973 974 j++; 975 } while (j < 80); 976 977 /* Compute the current intermediate hash value */ 978 sha->state[0] += a; 979 sha->state[1] += b; 980 sha->state[2] += c; 981 sha->state[3] += d; 982 sha->state[4] += e; 983 sha->state[5] += f; 984 sha->state[6] += g; 985 sha->state[7] += h; 986 987 /* Clean up */ 988 a = b = c = d = e = f = g = h = T1 = T2 = 0; 989 } 990 991 #endif /* SHA2_UNROLL_TRANSFORM */ 992 993 static int 994 sha512_block(register Sum_t* p, const void* s, size_t len) 995 { 996 Sha512_t* sha = (Sha512_t*)p; 997 sha2_byte* data = (sha2_byte*)s; 998 unsigned int freespace, usedspace; 999 1000 if (!len) 1001 return 0; 1002 usedspace = (sha->bitcount[1] >> 3) % SHA512_BLOCK_LENGTH; 1003 if (usedspace > 0) { 1004 /* Calculate how much free space is available in the buffer */ 1005 freespace = SHA512_BLOCK_LENGTH - usedspace; 1006 1007 if (len >= freespace) { 1008 /* Fill the buffer completely and process it */ 1009 MEMCPY_BCOPY(&sha->buffer[usedspace], data, freespace); 1010 ADDINC128(sha->bitcount, freespace << 3); 1011 len -= freespace; 1012 data += freespace; 1013 SHA512_Transform(sha, (sha2_word64*)sha->buffer); 1014 } else { 1015 /* The buffer is not yet full */ 1016 MEMCPY_BCOPY(&sha->buffer[usedspace], data, len); 1017 ADDINC128(sha->bitcount, len << 3); 1018 /* Clean up: */ 1019 usedspace = freespace = 0; 1020 return 0; 1021 } 1022 } 1023 while (len >= SHA512_BLOCK_LENGTH) { 1024 /* Process as many complete blocks as we can */ 1025 SHA512_Transform(sha, (sha2_word64*)data); 1026 ADDINC128(sha->bitcount, SHA512_BLOCK_LENGTH << 3); 1027 len -= SHA512_BLOCK_LENGTH; 1028 data += SHA512_BLOCK_LENGTH; 1029 } 1030 if (len > 0) { 1031 /* There's left-overs, so save 'em */ 1032 MEMCPY_BCOPY(sha->buffer, data, len); 1033 ADDINC128(sha->bitcount, len << 3); 1034 } 1035 /* Clean up: */ 1036 usedspace = freespace = 0; 1037 1038 return 0; 1039 } 1040 1041 static int 1042 sha512_init(Sum_t* p) 1043 { 1044 register Sha512_t* sha = (Sha512_t*)p; 1045 1046 MEMCPY_BCOPY(sha->state, sha512_initial_hash_value, SHA512_DIGEST_LENGTH); 1047 MEMSET_BZERO(sha->buffer, SHA512_BLOCK_LENGTH); 1048 sha->bitcount[0] = sha->bitcount[1] = 0; 1049 1050 return 0; 1051 } 1052 1053 static Sum_t* 1054 sha512_open(const Method_t* method, const char* name) 1055 { 1056 Sha512_t* sha; 1057 1058 if (sha = newof(0, Sha512_t, 1, 0)) 1059 { 1060 sha->method = (Method_t*)method; 1061 sha->name = name; 1062 sha512_init((Sum_t*)sha); 1063 } 1064 return (Sum_t*)sha; 1065 } 1066 1067 static int 1068 sha512_done(Sum_t* p) 1069 { 1070 Sha512_t* sha = (Sha512_t*)p; 1071 unsigned int usedspace; 1072 register int i; 1073 1074 usedspace = (sha->bitcount[1] >> 3) % SHA512_BLOCK_LENGTH; 1075 #if BYTE_ORDER == LITTLE_ENDIAN 1076 /* Convert FROM host byte order */ 1077 REVERSE64(sha->bitcount[0],sha->bitcount[0]); 1078 REVERSE64(sha->bitcount[1],sha->bitcount[1]); 1079 #endif 1080 if (usedspace > 0) { 1081 /* Begin padding with a 1 bit: */ 1082 sha->buffer[usedspace++] = 0x80; 1083 1084 if (usedspace <= SHA512_SHORT_BLOCK_LENGTH) { 1085 /* Set-up for the last transform: */ 1086 MEMSET_BZERO(&sha->buffer[usedspace], SHA512_SHORT_BLOCK_LENGTH - usedspace); 1087 } else { 1088 if (usedspace < SHA512_BLOCK_LENGTH) { 1089 MEMSET_BZERO(&sha->buffer[usedspace], SHA512_BLOCK_LENGTH - usedspace); 1090 } 1091 /* Do second-to-last transform: */ 1092 SHA512_Transform(sha, (sha2_word64*)sha->buffer); 1093 1094 /* And set-up for the last transform: */ 1095 MEMSET_BZERO(sha->buffer, SHA512_BLOCK_LENGTH - 2); 1096 } 1097 } else { 1098 /* Prepare for final transform: */ 1099 MEMSET_BZERO(sha->buffer, SHA512_SHORT_BLOCK_LENGTH); 1100 1101 /* Begin padding with a 1 bit: */ 1102 *sha->buffer = 0x80; 1103 } 1104 /* Store the length of input data (in bits): */ 1105 MEMCPY_BCOPY(&sha->buffer[SHA512_SHORT_BLOCK_LENGTH], &sha->bitcount[0], 16); 1106 1107 /* Final transform: */ 1108 SHA512_Transform(sha, (sha2_word64*)sha->buffer); 1109 1110 #if BYTE_ORDER == LITTLE_ENDIAN 1111 { 1112 /* Convert TO host byte order */ 1113 sha2_word64* d = (sha2_word64*)sha->digest; 1114 int j; 1115 for (j = 0; j < 8; j++) { 1116 REVERSE64(sha->state[j],sha->state[j]); 1117 *d++ = sha->state[j]; 1118 } 1119 } 1120 #else 1121 MEMCPY_BCOPY(sha->digest, sha->state, SHA512_DIGEST_LENGTH); 1122 #endif 1123 1124 /* accumulate the digests */ 1125 for (i = 0; i < SHA512_DIGEST_LENGTH; i++) 1126 sha->digest_sum[i] ^= sha->digest[i]; 1127 1128 /* Clean up state data: */ 1129 MEMSET_BZERO(&sha->state, sizeof(*sha) - offsetof(Sha512_t, state)); 1130 usedspace = 0; 1131 1132 return 0; 1133 } 1134 1135 static int 1136 sha512_print(Sum_t* p, Sfio_t* sp, register int flags, size_t scale) 1137 { 1138 register Sha512_t* sha = (Sha512_t*)p; 1139 register sha2_byte* d; 1140 register sha2_byte* e; 1141 1142 d = (flags & SUM_TOTAL) ? sha->digest_sum : sha->digest; 1143 e = d + SHA512_DIGEST_LENGTH; 1144 while (d < e) 1145 sfprintf(sp, "%02x", *d++); 1146 return 0; 1147 } 1148 1149 static int 1150 sha512_data(Sum_t* p, Sumdata_t* data) 1151 { 1152 register Sha512_t* sha = (Sha512_t*)p; 1153 1154 data->size = SHA512_DIGEST_LENGTH; 1155 data->num = 0; 1156 data->buf = sha->digest; 1157 return 0; 1158 } 1159 1160 /*** SHA-384: *********************************************************/ 1161 1162 #define sha384_description "FIPS SHA-384 secure hash algorithm." 1163 #define sha384_options "\ 1164 [+(version)?sha-384 (FIPS) 2000-01-01]\ 1165 [+(author)?Aaron D. Gifford]\ 1166 " 1167 #define sha384_match "sha384|sha-384|SHA384|SHA-384" 1168 #define sha384_scale 0 1169 #define sha384_block sha512_block 1170 #define sha384_done sha512_done 1171 1172 #define sha384_padding md5_pad 1173 1174 #define Sha384_t Sha512_t 1175 #define SHA384_CTX Sha384_t 1176 #define SHA384_DIGEST_LENGTH 48 1177 1178 static int 1179 sha384_init(Sum_t* p) 1180 { 1181 register Sha384_t* sha = (Sha384_t*)p; 1182 1183 MEMCPY_BCOPY(sha->state, sha384_initial_hash_value, SHA512_DIGEST_LENGTH); 1184 MEMSET_BZERO(sha->buffer, SHA384_BLOCK_LENGTH); 1185 sha->bitcount[0] = sha->bitcount[1] = 0; 1186 1187 return 0; 1188 } 1189 1190 static Sum_t* 1191 sha384_open(const Method_t* method, const char* name) 1192 { 1193 Sha384_t* sha; 1194 1195 if (sha = newof(0, Sha384_t, 1, 0)) 1196 { 1197 sha->method = (Method_t*)method; 1198 sha->name = name; 1199 sha384_init((Sum_t*)sha); 1200 } 1201 return (Sum_t*)sha; 1202 } 1203 1204 static int 1205 sha384_print(Sum_t* p, Sfio_t* sp, register int flags, size_t scale) 1206 { 1207 register Sha384_t* sha = (Sha384_t*)p; 1208 register sha2_byte* d; 1209 register sha2_byte* e; 1210 1211 d = (flags & SUM_TOTAL) ? sha->digest_sum : sha->digest; 1212 e = d + SHA384_DIGEST_LENGTH; 1213 while (d < e) 1214 sfprintf(sp, "%02x", *d++); 1215 return 0; 1216 } 1217 1218 static int 1219 sha384_data(Sum_t* p, Sumdata_t* data) 1220 { 1221 register Sha384_t* sha = (Sha384_t*)p; 1222 1223 data->size = SHA384_DIGEST_LENGTH; 1224 data->num = 0; 1225 data->buf = sha->digest; 1226 return 0; 1227 } 1228 1229 #endif /* _typ_int64_t */ 1230