search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fix xslt_process() to ensure that it inserts a NULL terminator after the
[PostgreSQL.git] / contrib / pgcrypto / sha2.c
blobc936ab88525432f5b5516cfd048081d13366f08e
1 /* $OpenBSD$ */
2
3 /*
4 * FILE: sha2.c
5 * AUTHOR: Aaron D. Gifford <me@aarongifford.com>
6 *
7 * Copyright (c) 2000-2001, Aaron D. Gifford
8 * All rights reserved.
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
12 * are met:
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 * 3. Neither the name of the copyright holder nor the names of contributors
19 * may be used to endorse or promote products derived from this software
20 * without specific prior written permission.
21 *
22 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTOR(S) ``AS IS'' AND
23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTOR(S) BE LIABLE
26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 * SUCH DAMAGE.
33 *
34 * $From: sha2.c,v 1.1 2001/11/08 00:01:51 adg Exp adg $
35 *
36 * $PostgreSQL$
37 */
38
39 #include "postgres.h"
40
41 #include <sys/param.h>
42
43 #include "sha2.h"
44
45 /*
46 * UNROLLED TRANSFORM LOOP NOTE:
47 * You can define SHA2_UNROLL_TRANSFORM to use the unrolled transform
48 * loop version for the hash transform rounds (defined using macros
49 * later in this file). Either define on the command line, for example:
50 *
51 * cc -DSHA2_UNROLL_TRANSFORM -o sha2 sha2.c sha2prog.c
52 *
53 * or define below:
54 *
55 * #define SHA2_UNROLL_TRANSFORM
56 *
57 */
58
59 /*** SHA-256/384/512 Various Length Definitions ***********************/
60 /* NOTE: Most of these are in sha2.h */
61 #define SHA256_SHORT_BLOCK_LENGTH (SHA256_BLOCK_LENGTH - 8)
62 #define SHA384_SHORT_BLOCK_LENGTH (SHA384_BLOCK_LENGTH - 16)
63 #define SHA512_SHORT_BLOCK_LENGTH (SHA512_BLOCK_LENGTH - 16)
64
65
66 /*** ENDIAN REVERSAL MACROS *******************************************/
67 #ifndef WORDS_BIGENDIAN
68 #define REVERSE32(w,x) { \
69 uint32 tmp = (w); \
70 tmp = (tmp >> 16) | (tmp << 16); \
71 (x) = ((tmp & 0xff00ff00UL) >> 8) | ((tmp & 0x00ff00ffUL) << 8); \
72 }
73 #define REVERSE64(w,x) { \
74 uint64 tmp = (w); \
75 tmp = (tmp >> 32) | (tmp << 32); \
76 tmp = ((tmp & 0xff00ff00ff00ff00ULL) >> 8) | \
77 ((tmp & 0x00ff00ff00ff00ffULL) << 8); \
78 (x) = ((tmp & 0xffff0000ffff0000ULL) >> 16) | \
79 ((tmp & 0x0000ffff0000ffffULL) << 16); \
80 }
81 #endif /* not bigendian */
82
83 /*
84 * Macro for incrementally adding the unsigned 64-bit integer n to the
85 * unsigned 128-bit integer (represented using a two-element array of
86 * 64-bit words):
87 */
88 #define ADDINC128(w,n) { \
89 (w)[0] += (uint64)(n); \
90 if ((w)[0] < (n)) { \
91 (w)[1]++; \
92 } \
93 }
94
95 /*** THE SIX LOGICAL FUNCTIONS ****************************************/
96 /*
97 * Bit shifting and rotation (used by the six SHA-XYZ logical functions:
98 *
99 * NOTE: The naming of R and S appears backwards here (R is a SHIFT and
100 * S is a ROTATION) because the SHA-256/384/512 description document
101 * (see http://csrc.nist.gov/cryptval/shs/sha256-384-512.pdf) uses this
102 * same "backwards" definition.
103 */
104 /* Shift-right (used in SHA-256, SHA-384, and SHA-512): */
105 #define R(b,x) ((x) >> (b))
106 /* 32-bit Rotate-right (used in SHA-256): */
107 #define S32(b,x) (((x) >> (b)) | ((x) << (32 - (b))))
108 /* 64-bit Rotate-right (used in SHA-384 and SHA-512): */
109 #define S64(b,x) (((x) >> (b)) | ((x) << (64 - (b))))
110
111 /* Two of six logical functions used in SHA-256, SHA-384, and SHA-512: */
112 #define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z)))
113 #define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
114
115 /* Four of six logical functions used in SHA-256: */
116 #define Sigma0_256(x) (S32(2, (x)) ^ S32(13, (x)) ^ S32(22, (x)))
117 #define Sigma1_256(x) (S32(6, (x)) ^ S32(11, (x)) ^ S32(25, (x)))
118 #define sigma0_256(x) (S32(7, (x)) ^ S32(18, (x)) ^ R(3 , (x)))
119 #define sigma1_256(x) (S32(17, (x)) ^ S32(19, (x)) ^ R(10, (x)))
120
121 /* Four of six logical functions used in SHA-384 and SHA-512: */
122 #define Sigma0_512(x) (S64(28, (x)) ^ S64(34, (x)) ^ S64(39, (x)))
123 #define Sigma1_512(x) (S64(14, (x)) ^ S64(18, (x)) ^ S64(41, (x)))
124 #define sigma0_512(x) (S64( 1, (x)) ^ S64( 8, (x)) ^ R( 7, (x)))
125 #define sigma1_512(x) (S64(19, (x)) ^ S64(61, (x)) ^ R( 6, (x)))
126
127 /*** INTERNAL FUNCTION PROTOTYPES *************************************/
128 /* NOTE: These should not be accessed directly from outside this
129 * library -- they are intended for private internal visibility/use
130 * only.
131 */
132 static void SHA512_Last(SHA512_CTX *);
133 static void SHA256_Transform(SHA256_CTX *, const uint8 *);
134 static void SHA512_Transform(SHA512_CTX *, const uint8 *);
135
136
137 /*** SHA-XYZ INITIAL HASH VALUES AND CONSTANTS ************************/
138 /* Hash constant words K for SHA-256: */
139 static const uint32 K256[64] = {
140 0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL,
141 0x3956c25bUL, 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL,
142 0xd807aa98UL, 0x12835b01UL, 0x243185beUL, 0x550c7dc3UL,
143 0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL, 0xc19bf174UL,
144 0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL,
145 0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL,
146 0x983e5152UL, 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL,
147 0xc6e00bf3UL, 0xd5a79147UL, 0x06ca6351UL, 0x14292967UL,
148 0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL, 0x53380d13UL,
149 0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL,
150 0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL,
151 0xd192e819UL, 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL,
152 0x19a4c116UL, 0x1e376c08UL, 0x2748774cUL, 0x34b0bcb5UL,
153 0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL, 0x682e6ff3UL,
154 0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL,
155 0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL
156 };
157
158 /* Initial hash value H for SHA-224: */
159 static const uint32 sha224_initial_hash_value[8] = {
160 0xc1059ed8UL,
161 0x367cd507UL,
162 0x3070dd17UL,
163 0xf70e5939UL,
164 0xffc00b31UL,
165 0x68581511UL,
166 0x64f98fa7UL,
167 0xbefa4fa4UL
168 };
169
170 /* Initial hash value H for SHA-256: */
171 static const uint32 sha256_initial_hash_value[8] = {
172 0x6a09e667UL,
173 0xbb67ae85UL,
174 0x3c6ef372UL,
175 0xa54ff53aUL,
176 0x510e527fUL,
177 0x9b05688cUL,
178 0x1f83d9abUL,
179 0x5be0cd19UL
180 };
181
182 /* Hash constant words K for SHA-384 and SHA-512: */
183 static const uint64 K512[80] = {
184 0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL,
185 0xb5c0fbcfec4d3b2fULL, 0xe9b5dba58189dbbcULL,
186 0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL,
187 0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL,
188 0xd807aa98a3030242ULL, 0x12835b0145706fbeULL,
189 0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL,
190 0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL,
191 0x9bdc06a725c71235ULL, 0xc19bf174cf692694ULL,
192 0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL,
193 0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL,
194 0x2de92c6f592b0275ULL, 0x4a7484aa6ea6e483ULL,
195 0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL,
196 0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL,
197 0xb00327c898fb213fULL, 0xbf597fc7beef0ee4ULL,
198 0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL,
199 0x06ca6351e003826fULL, 0x142929670a0e6e70ULL,
200 0x27b70a8546d22ffcULL, 0x2e1b21385c26c926ULL,
201 0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL,
202 0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL,
203 0x81c2c92e47edaee6ULL, 0x92722c851482353bULL,
204 0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL,
205 0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL,
206 0xd192e819d6ef5218ULL, 0xd69906245565a910ULL,
207 0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL,
208 0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL,
209 0x2748774cdf8eeb99ULL, 0x34b0bcb5e19b48a8ULL,
210 0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL,
211 0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL,
212 0x748f82ee5defb2fcULL, 0x78a5636f43172f60ULL,
213 0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL,
214 0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL,
215 0xbef9a3f7b2c67915ULL, 0xc67178f2e372532bULL,
216 0xca273eceea26619cULL, 0xd186b8c721c0c207ULL,
217 0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL,
218 0x06f067aa72176fbaULL, 0x0a637dc5a2c898a6ULL,
219 0x113f9804bef90daeULL, 0x1b710b35131c471bULL,
220 0x28db77f523047d84ULL, 0x32caab7b40c72493ULL,
221 0x3c9ebe0a15c9bebcULL, 0x431d67c49c100d4cULL,
222 0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL,
223 0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL
224 };
225
226 /* Initial hash value H for SHA-384 */
227 static const uint64 sha384_initial_hash_value[8] = {
228 0xcbbb9d5dc1059ed8ULL,
229 0x629a292a367cd507ULL,
230 0x9159015a3070dd17ULL,
231 0x152fecd8f70e5939ULL,
232 0x67332667ffc00b31ULL,
233 0x8eb44a8768581511ULL,
234 0xdb0c2e0d64f98fa7ULL,
235 0x47b5481dbefa4fa4ULL
236 };
237
238 /* Initial hash value H for SHA-512 */
239 static const uint64 sha512_initial_hash_value[8] = {
240 0x6a09e667f3bcc908ULL,
241 0xbb67ae8584caa73bULL,
242 0x3c6ef372fe94f82bULL,
243 0xa54ff53a5f1d36f1ULL,
244 0x510e527fade682d1ULL,
245 0x9b05688c2b3e6c1fULL,
246 0x1f83d9abfb41bd6bULL,
247 0x5be0cd19137e2179ULL
248 };
249
250
251 /*** SHA-256: *********************************************************/
252 void
253 SHA256_Init(SHA256_CTX *context)
254 {
255 if (context == NULL)
256 return;
257 memcpy(context->state, sha256_initial_hash_value, SHA256_DIGEST_LENGTH);
258 memset(context->buffer, 0, SHA256_BLOCK_LENGTH);
259 context->bitcount = 0;
260 }
261
262 #ifdef SHA2_UNROLL_TRANSFORM
263
264 /* Unrolled SHA-256 round macros: */
265
266 #define ROUND256_0_TO_15(a,b,c,d,e,f,g,h) do { \
267 W256[j] = (uint32)data[3] | ((uint32)data[2] << 8) | \
268 ((uint32)data[1] << 16) | ((uint32)data[0] << 24); \
269 data += 4; \
270 T1 = (h) + Sigma1_256((e)) + Ch((e), (f), (g)) + K256[j] + W256[j]; \
271 (d) += T1; \
272 (h) = T1 + Sigma0_256((a)) + Maj((a), (b), (c)); \
273 j++; \
274 } while(0)
275
276 #define ROUND256(a,b,c,d,e,f,g,h) do { \
277 s0 = W256[(j+1)&0x0f]; \
278 s0 = sigma0_256(s0); \
279 s1 = W256[(j+14)&0x0f]; \
280 s1 = sigma1_256(s1); \
281 T1 = (h) + Sigma1_256((e)) + Ch((e), (f), (g)) + K256[j] + \
282 (W256[j&0x0f] += s1 + W256[(j+9)&0x0f] + s0); \
283 (d) += T1; \
284 (h) = T1 + Sigma0_256((a)) + Maj((a), (b), (c)); \
285 j++; \
286 } while(0)
287
288 static void
289 SHA256_Transform(SHA256_CTX *context, const uint8 *data)
290 {
291 uint32 a,
292 b,
293 c,
294 d,
295 e,
296 f,
297 g,
298 h,
299 s0,
300 s1;
301 uint32 T1,
302 *W256;
303 int j;
304
305 W256 = (uint32 *) context->buffer;
306
307 /* Initialize registers with the prev. intermediate value */
308 a = context->state[0];
309 b = context->state[1];
310 c = context->state[2];
311 d = context->state[3];
312 e = context->state[4];
313 f = context->state[5];
314 g = context->state[6];
315 h = context->state[7];
316
317 j = 0;
318 do
319 {
320 /* Rounds 0 to 15 (unrolled): */
321 ROUND256_0_TO_15(a, b, c, d, e, f, g, h);
322 ROUND256_0_TO_15(h, a, b, c, d, e, f, g);
323 ROUND256_0_TO_15(g, h, a, b, c, d, e, f);
324 ROUND256_0_TO_15(f, g, h, a, b, c, d, e);
325 ROUND256_0_TO_15(e, f, g, h, a, b, c, d);
326 ROUND256_0_TO_15(d, e, f, g, h, a, b, c);
327 ROUND256_0_TO_15(c, d, e, f, g, h, a, b);
328 ROUND256_0_TO_15(b, c, d, e, f, g, h, a);
329 } while (j < 16);
330
331 /* Now for the remaining rounds to 64: */
332 do
333 {
334 ROUND256(a, b, c, d, e, f, g, h);
335 ROUND256(h, a, b, c, d, e, f, g);
336 ROUND256(g, h, a, b, c, d, e, f);
337 ROUND256(f, g, h, a, b, c, d, e);
338 ROUND256(e, f, g, h, a, b, c, d);
339 ROUND256(d, e, f, g, h, a, b, c);
340 ROUND256(c, d, e, f, g, h, a, b);
341 ROUND256(b, c, d, e, f, g, h, a);
342 } while (j < 64);
343
344 /* Compute the current intermediate hash value */
345 context->state[0] += a;
346 context->state[1] += b;
347 context->state[2] += c;
348 context->state[3] += d;
349 context->state[4] += e;
350 context->state[5] += f;
351 context->state[6] += g;
352 context->state[7] += h;
353
354 /* Clean up */
355 a = b = c = d = e = f = g = h = T1 = 0;
356 }
357 #else /* SHA2_UNROLL_TRANSFORM */
358
359 static void
360 SHA256_Transform(SHA256_CTX *context, const uint8 *data)
361 {
362 uint32 a,
363 b,
364 c,
365 d,
366 e,
367 f,
368 g,
369 h,
370 s0,
371 s1;
372 uint32 T1,
373 T2,
374 *W256;
375 int j;
376
377 W256 = (uint32 *) context->buffer;
378
379 /* Initialize registers with the prev. intermediate value */
380 a = context->state[0];
381 b = context->state[1];
382 c = context->state[2];
383 d = context->state[3];
384 e = context->state[4];
385 f = context->state[5];
386 g = context->state[6];
387 h = context->state[7];
388
389 j = 0;
390 do
391 {
392 W256[j] = (uint32) data[3] | ((uint32) data[2] << 8) |
393 ((uint32) data[1] << 16) | ((uint32) data[0] << 24);
394 data += 4;
395 /* Apply the SHA-256 compression function to update a..h */
396 T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + W256[j];
397 T2 = Sigma0_256(a) + Maj(a, b, c);
398 h = g;
399 g = f;
400 f = e;
401 e = d + T1;
402 d = c;
403 c = b;
404 b = a;
405 a = T1 + T2;
406
407 j++;
408 } while (j < 16);
409
410 do
411 {
412 /* Part of the message block expansion: */
413 s0 = W256[(j + 1) & 0x0f];
414 s0 = sigma0_256(s0);
415 s1 = W256[(j + 14) & 0x0f];
416 s1 = sigma1_256(s1);
417
418 /* Apply the SHA-256 compression function to update a..h */
419 T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] +
420 (W256[j & 0x0f] += s1 + W256[(j + 9) & 0x0f] + s0);
421 T2 = Sigma0_256(a) + Maj(a, b, c);
422 h = g;
423 g = f;
424 f = e;
425 e = d + T1;
426 d = c;
427 c = b;
428 b = a;
429 a = T1 + T2;
430
431 j++;
432 } while (j < 64);
433
434 /* Compute the current intermediate hash value */
435 context->state[0] += a;
436 context->state[1] += b;
437 context->state[2] += c;
438 context->state[3] += d;
439 context->state[4] += e;
440 context->state[5] += f;
441 context->state[6] += g;
442 context->state[7] += h;
443
444 /* Clean up */
445 a = b = c = d = e = f = g = h = T1 = T2 = 0;
446 }
447 #endif /* SHA2_UNROLL_TRANSFORM */
448
449 void
450 SHA256_Update(SHA256_CTX *context, const uint8 *data, size_t len)
451 {
452 size_t freespace,
453 usedspace;
454
455 /* Calling with no data is valid (we do nothing) */
456 if (len == 0)
457 return;
458
459 usedspace = (context->bitcount >> 3) % SHA256_BLOCK_LENGTH;
460 if (usedspace > 0)
461 {
462 /* Calculate how much free space is available in the buffer */
463 freespace = SHA256_BLOCK_LENGTH - usedspace;
464
465 if (len >= freespace)
466 {
467 /* Fill the buffer completely and process it */
468 memcpy(&context->buffer[usedspace], data, freespace);
469 context->bitcount += freespace << 3;
470 len -= freespace;
471 data += freespace;
472 SHA256_Transform(context, context->buffer);
473 }
474 else
475 {
476 /* The buffer is not yet full */
477 memcpy(&context->buffer[usedspace], data, len);
478 context->bitcount += len << 3;
479 /* Clean up: */
480 usedspace = freespace = 0;
481 return;
482 }
483 }
484 while (len >= SHA256_BLOCK_LENGTH)
485 {
486 /* Process as many complete blocks as we can */
487 SHA256_Transform(context, data);
488 context->bitcount += SHA256_BLOCK_LENGTH << 3;
489 len -= SHA256_BLOCK_LENGTH;
490 data += SHA256_BLOCK_LENGTH;
491 }
492 if (len > 0)
493 {
494 /* There's left-overs, so save 'em */
495 memcpy(context->buffer, data, len);
496 context->bitcount += len << 3;
497 }
498 /* Clean up: */
499 usedspace = freespace = 0;
500 }
501
502 static void
503 SHA256_Last(SHA256_CTX *context)
504 {
505 unsigned int usedspace;
506
507 usedspace = (context->bitcount >> 3) % SHA256_BLOCK_LENGTH;
508 #ifndef WORDS_BIGENDIAN
509 /* Convert FROM host byte order */
510 REVERSE64(context->bitcount, context->bitcount);
511 #endif
512 if (usedspace > 0)
513 {
514 /* Begin padding with a 1 bit: */
515 context->buffer[usedspace++] = 0x80;
516
517 if (usedspace <= SHA256_SHORT_BLOCK_LENGTH)
518 {
519 /* Set-up for the last transform: */
520 memset(&context->buffer[usedspace], 0, SHA256_SHORT_BLOCK_LENGTH - usedspace);
521 }
522 else
523 {
524 if (usedspace < SHA256_BLOCK_LENGTH)
525 {
526 memset(&context->buffer[usedspace], 0, SHA256_BLOCK_LENGTH - usedspace);
527 }
528 /* Do second-to-last transform: */
529 SHA256_Transform(context, context->buffer);
530
531 /* And set-up for the last transform: */
532 memset(context->buffer, 0, SHA256_SHORT_BLOCK_LENGTH);
533 }
534 }
535 else
536 {
537 /* Set-up for the last transform: */
538 memset(context->buffer, 0, SHA256_SHORT_BLOCK_LENGTH);
539
540 /* Begin padding with a 1 bit: */
541 *context->buffer = 0x80;
542 }
543 /* Set the bit count: */
544 *(uint64 *) &context->buffer[SHA256_SHORT_BLOCK_LENGTH] = context->bitcount;
545
546 /* Final transform: */
547 SHA256_Transform(context, context->buffer);
548 }
549
550 void
551 SHA256_Final(uint8 digest[], SHA256_CTX *context)
552 {
553 /* If no digest buffer is passed, we don't bother doing this: */
554 if (digest != NULL)
555 {
556 SHA256_Last(context);
557
558 #ifndef WORDS_BIGENDIAN
559 {
560 /* Convert TO host byte order */
561 int j;
562
563 for (j = 0; j < 8; j++)
564 {
565 REVERSE32(context->state[j], context->state[j]);
566 }
567 }
568 #endif
569 memcpy(digest, context->state, SHA256_DIGEST_LENGTH);
570 }
571
572 /* Clean up state data: */
573 memset(context, 0, sizeof(*context));
574 }
575
576
577 /*** SHA-512: *********************************************************/
578 void
579 SHA512_Init(SHA512_CTX *context)
580 {
581 if (context == NULL)
582 return;
583 memcpy(context->state, sha512_initial_hash_value, SHA512_DIGEST_LENGTH);
584 memset(context->buffer, 0, SHA512_BLOCK_LENGTH);
585 context->bitcount[0] = context->bitcount[1] = 0;
586 }
587
588 #ifdef SHA2_UNROLL_TRANSFORM
589
590 /* Unrolled SHA-512 round macros: */
591
592 #define ROUND512_0_TO_15(a,b,c,d,e,f,g,h) do { \
593 W512[j] = (uint64)data[7] | ((uint64)data[6] << 8) | \
594 ((uint64)data[5] << 16) | ((uint64)data[4] << 24) | \
595 ((uint64)data[3] << 32) | ((uint64)data[2] << 40) | \
596 ((uint64)data[1] << 48) | ((uint64)data[0] << 56); \
597 data += 8; \
598 T1 = (h) + Sigma1_512((e)) + Ch((e), (f), (g)) + K512[j] + W512[j]; \
599 (d) += T1; \
600 (h) = T1 + Sigma0_512((a)) + Maj((a), (b), (c)); \
601 j++; \
602 } while(0)
603
604
605 #define ROUND512(a,b,c,d,e,f,g,h) do { \
606 s0 = W512[(j+1)&0x0f]; \
607 s0 = sigma0_512(s0); \
608 s1 = W512[(j+14)&0x0f]; \
609 s1 = sigma1_512(s1); \
610 T1 = (h) + Sigma1_512((e)) + Ch((e), (f), (g)) + K512[j] + \
611 (W512[j&0x0f] += s1 + W512[(j+9)&0x0f] + s0); \
612 (d) += T1; \
613 (h) = T1 + Sigma0_512((a)) + Maj((a), (b), (c)); \
614 j++; \
615 } while(0)
616
617 static void
618 SHA512_Transform(SHA512_CTX *context, const uint8 *data)
619 {
620 uint64 a,
621 b,
622 c,
623 d,
624 e,
625 f,
626 g,
627 h,
628 s0,
629 s1;
630 uint64 T1,
631 *W512 = (uint64 *) context->buffer;
632 int j;
633
634 /* Initialize registers with the prev. intermediate value */
635 a = context->state[0];
636 b = context->state[1];
637 c = context->state[2];
638 d = context->state[3];
639 e = context->state[4];
640 f = context->state[5];
641 g = context->state[6];
642 h = context->state[7];
643
644 j = 0;
645 do
646 {
647 ROUND512_0_TO_15(a, b, c, d, e, f, g, h);
648 ROUND512_0_TO_15(h, a, b, c, d, e, f, g);
649 ROUND512_0_TO_15(g, h, a, b, c, d, e, f);
650 ROUND512_0_TO_15(f, g, h, a, b, c, d, e);
651 ROUND512_0_TO_15(e, f, g, h, a, b, c, d);
652 ROUND512_0_TO_15(d, e, f, g, h, a, b, c);
653 ROUND512_0_TO_15(c, d, e, f, g, h, a, b);
654 ROUND512_0_TO_15(b, c, d, e, f, g, h, a);
655 } while (j < 16);
656
657 /* Now for the remaining rounds up to 79: */
658 do
659 {
660 ROUND512(a, b, c, d, e, f, g, h);
661 ROUND512(h, a, b, c, d, e, f, g);
662 ROUND512(g, h, a, b, c, d, e, f);
663 ROUND512(f, g, h, a, b, c, d, e);
664 ROUND512(e, f, g, h, a, b, c, d);
665 ROUND512(d, e, f, g, h, a, b, c);
666 ROUND512(c, d, e, f, g, h, a, b);
667 ROUND512(b, c, d, e, f, g, h, a);
668 } while (j < 80);
669
670 /* Compute the current intermediate hash value */
671 context->state[0] += a;
672 context->state[1] += b;
673 context->state[2] += c;
674 context->state[3] += d;
675 context->state[4] += e;
676 context->state[5] += f;
677 context->state[6] += g;
678 context->state[7] += h;
679
680 /* Clean up */
681 a = b = c = d = e = f = g = h = T1 = 0;
682 }
683 #else /* SHA2_UNROLL_TRANSFORM */
684
685 static void
686 SHA512_Transform(SHA512_CTX *context, const uint8 *data)
687 {
688 uint64 a,
689 b,
690 c,
691 d,
692 e,
693 f,
694 g,
695 h,
696 s0,
697 s1;
698 uint64 T1,
699 T2,
700 *W512 = (uint64 *) context->buffer;
701 int j;
702
703 /* Initialize registers with the prev. intermediate value */
704 a = context->state[0];
705 b = context->state[1];
706 c = context->state[2];
707 d = context->state[3];
708 e = context->state[4];
709 f = context->state[5];
710 g = context->state[6];
711 h = context->state[7];
712
713 j = 0;
714 do
715 {
716 W512[j] = (uint64) data[7] | ((uint64) data[6] << 8) |
717 ((uint64) data[5] << 16) | ((uint64) data[4] << 24) |
718 ((uint64) data[3] << 32) | ((uint64) data[2] << 40) |
719 ((uint64) data[1] << 48) | ((uint64) data[0] << 56);
720 data += 8;
721 /* Apply the SHA-512 compression function to update a..h */
722 T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + W512[j];
723 T2 = Sigma0_512(a) + Maj(a, b, c);
724 h = g;
725 g = f;
726 f = e;
727 e = d + T1;
728 d = c;
729 c = b;
730 b = a;
731 a = T1 + T2;
732
733 j++;
734 } while (j < 16);
735
736 do
737 {
738 /* Part of the message block expansion: */
739 s0 = W512[(j + 1) & 0x0f];
740 s0 = sigma0_512(s0);
741 s1 = W512[(j + 14) & 0x0f];
742 s1 = sigma1_512(s1);
743
744 /* Apply the SHA-512 compression function to update a..h */
745 T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] +
746 (W512[j & 0x0f] += s1 + W512[(j + 9) & 0x0f] + s0);
747 T2 = Sigma0_512(a) + Maj(a, b, c);
748 h = g;
749 g = f;
750 f = e;
751 e = d + T1;
752 d = c;
753 c = b;
754 b = a;
755 a = T1 + T2;
756
757 j++;
758 } while (j < 80);
759
760 /* Compute the current intermediate hash value */
761 context->state[0] += a;
762 context->state[1] += b;
763 context->state[2] += c;
764 context->state[3] += d;
765 context->state[4] += e;
766 context->state[5] += f;
767 context->state[6] += g;
768 context->state[7] += h;
769
770 /* Clean up */
771 a = b = c = d = e = f = g = h = T1 = T2 = 0;
772 }
773 #endif /* SHA2_UNROLL_TRANSFORM */
774
775 void
776 SHA512_Update(SHA512_CTX *context, const uint8 *data, size_t len)
777 {
778 size_t freespace,
779 usedspace;
780
781 /* Calling with no data is valid (we do nothing) */
782 if (len == 0)
783 return;
784
785 usedspace = (context->bitcount[0] >> 3) % SHA512_BLOCK_LENGTH;
786 if (usedspace > 0)
787 {
788 /* Calculate how much free space is available in the buffer */
789 freespace = SHA512_BLOCK_LENGTH - usedspace;
790
791 if (len >= freespace)
792 {
793 /* Fill the buffer completely and process it */
794 memcpy(&context->buffer[usedspace], data, freespace);
795 ADDINC128(context->bitcount, freespace << 3);
796 len -= freespace;
797 data += freespace;
798 SHA512_Transform(context, context->buffer);
799 }
800 else
801 {
802 /* The buffer is not yet full */
803 memcpy(&context->buffer[usedspace], data, len);
804 ADDINC128(context->bitcount, len << 3);
805 /* Clean up: */
806 usedspace = freespace = 0;
807 return;
808 }
809 }
810 while (len >= SHA512_BLOCK_LENGTH)
811 {
812 /* Process as many complete blocks as we can */
813 SHA512_Transform(context, data);
814 ADDINC128(context->bitcount, SHA512_BLOCK_LENGTH << 3);
815 len -= SHA512_BLOCK_LENGTH;
816 data += SHA512_BLOCK_LENGTH;
817 }
818 if (len > 0)
819 {
820 /* There's left-overs, so save 'em */
821 memcpy(context->buffer, data, len);
822 ADDINC128(context->bitcount, len << 3);
823 }
824 /* Clean up: */
825 usedspace = freespace = 0;
826 }
827
828 static void
829 SHA512_Last(SHA512_CTX *context)
830 {
831 unsigned int usedspace;
832
833 usedspace = (context->bitcount[0] >> 3) % SHA512_BLOCK_LENGTH;
834 #ifndef WORDS_BIGENDIAN
835 /* Convert FROM host byte order */
836 REVERSE64(context->bitcount[0], context->bitcount[0]);
837 REVERSE64(context->bitcount[1], context->bitcount[1]);
838 #endif
839 if (usedspace > 0)
840 {
841 /* Begin padding with a 1 bit: */
842 context->buffer[usedspace++] = 0x80;
843
844 if (usedspace <= SHA512_SHORT_BLOCK_LENGTH)
845 {
846 /* Set-up for the last transform: */
847 memset(&context->buffer[usedspace], 0, SHA512_SHORT_BLOCK_LENGTH - usedspace);
848 }
849 else
850 {
851 if (usedspace < SHA512_BLOCK_LENGTH)
852 {
853 memset(&context->buffer[usedspace], 0, SHA512_BLOCK_LENGTH - usedspace);
854 }
855 /* Do second-to-last transform: */
856 SHA512_Transform(context, context->buffer);
857
858 /* And set-up for the last transform: */
859 memset(context->buffer, 0, SHA512_BLOCK_LENGTH - 2);
860 }
861 }
862 else
863 {
864 /* Prepare for final transform: */
865 memset(context->buffer, 0, SHA512_SHORT_BLOCK_LENGTH);
866
867 /* Begin padding with a 1 bit: */
868 *context->buffer = 0x80;
869 }
870 /* Store the length of input data (in bits): */
871 *(uint64 *) &context->buffer[SHA512_SHORT_BLOCK_LENGTH] = context->bitcount[1];
872 *(uint64 *) &context->buffer[SHA512_SHORT_BLOCK_LENGTH + 8] = context->bitcount[0];
873
874 /* Final transform: */
875 SHA512_Transform(context, context->buffer);
876 }
877
878 void
879 SHA512_Final(uint8 digest[], SHA512_CTX *context)
880 {
881 /* If no digest buffer is passed, we don't bother doing this: */
882 if (digest != NULL)
883 {
884 SHA512_Last(context);
885
886 /* Save the hash data for output: */
887 #ifndef WORDS_BIGENDIAN
888 {
889 /* Convert TO host byte order */
890 int j;
891
892 for (j = 0; j < 8; j++)
893 {
894 REVERSE64(context->state[j], context->state[j]);
895 }
896 }
897 #endif
898 memcpy(digest, context->state, SHA512_DIGEST_LENGTH);
899 }
900
901 /* Zero out state data */
902 memset(context, 0, sizeof(*context));
903 }
904
905
906 /*** SHA-384: *********************************************************/
907 void
908 SHA384_Init(SHA384_CTX *context)
909 {
910 if (context == NULL)
911 return;
912 memcpy(context->state, sha384_initial_hash_value, SHA512_DIGEST_LENGTH);
913 memset(context->buffer, 0, SHA384_BLOCK_LENGTH);
914 context->bitcount[0] = context->bitcount[1] = 0;
915 }
916
917 void
918 SHA384_Update(SHA384_CTX *context, const uint8 *data, size_t len)
919 {
920 SHA512_Update((SHA512_CTX *) context, data, len);
921 }
922
923 void
924 SHA384_Final(uint8 digest[], SHA384_CTX *context)
925 {
926 /* If no digest buffer is passed, we don't bother doing this: */
927 if (digest != NULL)
928 {
929 SHA512_Last((SHA512_CTX *) context);
930
931 /* Save the hash data for output: */
932 #ifndef WORDS_BIGENDIAN
933 {
934 /* Convert TO host byte order */
935 int j;
936
937 for (j = 0; j < 6; j++)
938 {
939 REVERSE64(context->state[j], context->state[j]);
940 }
941 }
942 #endif
943 memcpy(digest, context->state, SHA384_DIGEST_LENGTH);
944 }
945
946 /* Zero out state data */
947 memset(context, 0, sizeof(*context));
948 }
949
950 /*** SHA-224: *********************************************************/
951 void
952 SHA224_Init(SHA224_CTX *context)
953 {
954 if (context == NULL)
955 return;
956 memcpy(context->state, sha224_initial_hash_value, SHA256_DIGEST_LENGTH);
957 memset(context->buffer, 0, SHA256_BLOCK_LENGTH);
958 context->bitcount = 0;
959 }
960
961 void
962 SHA224_Update(SHA224_CTX *context, const uint8 *data, size_t len)
963 {
964 SHA256_Update((SHA256_CTX *) context, data, len);
965 }
966
967 void
968 SHA224_Final(uint8 digest[], SHA224_CTX *context)
969 {
970 /* If no digest buffer is passed, we don't bother doing this: */
971 if (digest != NULL)
972 {
973 SHA256_Last(context);
974
975 #ifndef WORDS_BIGENDIAN
976 {
977 /* Convert TO host byte order */
978 int j;
979
980 for (j = 0; j < 8; j++)
981 {
982 REVERSE32(context->state[j], context->state[j]);
983 }
984 }
985 #endif
986 memcpy(digest, context->state, SHA224_DIGEST_LENGTH);
987 }
988
989 /* Clean up state data: */
990 memset(context, 0, sizeof(*context));
991 }
PostgreSQL from CVS