search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Patrick Welche <prlw1@cam.ac.uk>
[netbsd-mini2440.git] / external / bsd / bind / dist / lib / isc / sha2.c
blob3111d1e27205af7066971a7a0cb4872983f51c08
1 /* $NetBSD$ */
2
3 /*
4 * Copyright (C) 2005-2007, 2009 Internet Systems Consortium, Inc. ("ISC")
5 *
6 * Permission to use, copy, modify, and/or distribute this software for any
7 * purpose with or without fee is hereby granted, provided that the above
8 * copyright notice and this permission notice appear in all copies.
9 *
10 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
11 * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
12 * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
13 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
14 * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
15 * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
16 * PERFORMANCE OF THIS SOFTWARE.
17 */
18
19 /* Id: sha2.c,v 1.18 2009/10/22 02:21:31 each Exp */
20
21 /* $FreeBSD: src/sys/crypto/sha2/sha2.c,v 1.2.2.2 2002/03/05 08:36:47 ume Exp $ */
22 /* $KAME: sha2.c,v 1.8 2001/11/08 01:07:52 itojun Exp $ */
23
24 /*
25 * sha2.c
26 *
27 * Version 1.0.0beta1
28 *
29 * Written by Aaron D. Gifford <me@aarongifford.com>
30 *
31 * Copyright 2000 Aaron D. Gifford. All rights reserved.
32 *
33 * Redistribution and use in source and binary forms, with or without
34 * modification, are permitted provided that the following conditions
35 * are met:
36 * 1. Redistributions of source code must retain the above copyright
37 * notice, this list of conditions and the following disclaimer.
38 * 2. Redistributions in binary form must reproduce the above copyright
39 * notice, this list of conditions and the following disclaimer in the
40 * documentation and/or other materials provided with the distribution.
41 * 3. Neither the name of the copyright holder nor the names of contributors
42 * may be used to endorse or promote products derived from this software
43 * without specific prior written permission.
44 *
45 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) AND CONTRIBUTOR(S) ``AS IS'' AND
46 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
47 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
48 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR(S) OR CONTRIBUTOR(S) BE LIABLE
49 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
50 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
51 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
52 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
53 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
54 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
55 * SUCH DAMAGE.
56 *
57 */
58
59
60 #include <config.h>
61
62 #include <isc/assertions.h>
63 #include <isc/platform.h>
64 #include <isc/sha2.h>
65 #include <isc/string.h>
66 #include <isc/util.h>
67
68 #ifdef ISC_PLATFORM_OPENSSLHASH
69
70 void
71 isc_sha224_init(isc_sha224_t *context) {
72 if (context == (isc_sha224_t *)0) {
73 return;
74 }
75 EVP_DigestInit(context, EVP_sha224());
76 }
77
78 void
79 isc_sha224_invalidate(isc_sha224_t *context) {
80 EVP_MD_CTX_cleanup(context);
81 }
82
83 void
84 isc_sha224_update(isc_sha224_t *context, const isc_uint8_t* data, size_t len) {
85 if (len == 0U) {
86 /* Calling with no data is valid - we do nothing */
87 return;
88 }
89
90 /* Sanity check: */
91 REQUIRE(context != (isc_sha224_t *)0 && data != (isc_uint8_t*)0);
92
93 EVP_DigestUpdate(context, (const void *) data, len);
94 }
95
96 void
97 isc_sha224_final(isc_uint8_t digest[], isc_sha224_t *context) {
98 /* Sanity check: */
99 REQUIRE(context != (isc_sha224_t *)0);
100
101 /* If no digest buffer is passed, we don't bother doing this: */
102 if (digest != (isc_uint8_t*)0) {
103 EVP_DigestFinal(context, digest, NULL);
104 } else {
105 EVP_MD_CTX_cleanup(context);
106 }
107 }
108
109 void
110 isc_sha256_init(isc_sha256_t *context) {
111 if (context == (isc_sha256_t *)0) {
112 return;
113 }
114 EVP_DigestInit(context, EVP_sha256());
115 }
116
117 void
118 isc_sha256_invalidate(isc_sha256_t *context) {
119 EVP_MD_CTX_cleanup(context);
120 }
121
122 void
123 isc_sha256_update(isc_sha256_t *context, const isc_uint8_t *data, size_t len) {
124 if (len == 0U) {
125 /* Calling with no data is valid - we do nothing */
126 return;
127 }
128
129 /* Sanity check: */
130 REQUIRE(context != (isc_sha256_t *)0 && data != (isc_uint8_t*)0);
131
132 EVP_DigestUpdate(context, (const void *) data, len);
133 }
134
135 void
136 isc_sha256_final(isc_uint8_t digest[], isc_sha256_t *context) {
137 /* Sanity check: */
138 REQUIRE(context != (isc_sha256_t *)0);
139
140 /* If no digest buffer is passed, we don't bother doing this: */
141 if (digest != (isc_uint8_t*)0) {
142 EVP_DigestFinal(context, digest, NULL);
143 } else {
144 EVP_MD_CTX_cleanup(context);
145 }
146 }
147
148 void
149 isc_sha512_init(isc_sha512_t *context) {
150 if (context == (isc_sha512_t *)0) {
151 return;
152 }
153 EVP_DigestInit(context, EVP_sha512());
154 }
155
156 void
157 isc_sha512_invalidate(isc_sha512_t *context) {
158 EVP_MD_CTX_cleanup(context);
159 }
160
161 void isc_sha512_update(isc_sha512_t *context, const isc_uint8_t *data, size_t len) {
162 if (len == 0U) {
163 /* Calling with no data is valid - we do nothing */
164 return;
165 }
166
167 /* Sanity check: */
168 REQUIRE(context != (isc_sha512_t *)0 && data != (isc_uint8_t*)0);
169
170 EVP_DigestUpdate(context, (const void *) data, len);
171 }
172
173 void isc_sha512_final(isc_uint8_t digest[], isc_sha512_t *context) {
174 /* Sanity check: */
175 REQUIRE(context != (isc_sha512_t *)0);
176
177 /* If no digest buffer is passed, we don't bother doing this: */
178 if (digest != (isc_uint8_t*)0) {
179 EVP_DigestFinal(context, digest, NULL);
180 } else {
181 EVP_MD_CTX_cleanup(context);
182 }
183 }
184
185 void
186 isc_sha384_init(isc_sha384_t *context) {
187 if (context == (isc_sha384_t *)0) {
188 return;
189 }
190 EVP_DigestInit(context, EVP_sha384());
191 }
192
193 void
194 isc_sha384_invalidate(isc_sha384_t *context) {
195 EVP_MD_CTX_cleanup(context);
196 }
197
198 void
199 isc_sha384_update(isc_sha384_t *context, const isc_uint8_t* data, size_t len) {
200 if (len == 0U) {
201 /* Calling with no data is valid - we do nothing */
202 return;
203 }
204
205 /* Sanity check: */
206 REQUIRE(context != (isc_sha512_t *)0 && data != (isc_uint8_t*)0);
207
208 EVP_DigestUpdate(context, (const void *) data, len);
209 }
210
211 void
212 isc_sha384_final(isc_uint8_t digest[], isc_sha384_t *context) {
213 /* Sanity check: */
214 REQUIRE(context != (isc_sha384_t *)0);
215
216 /* If no digest buffer is passed, we don't bother doing this: */
217 if (digest != (isc_uint8_t*)0) {
218 EVP_DigestFinal(context, digest, NULL);
219 } else {
220 EVP_MD_CTX_cleanup(context);
221 }
222 }
223
224 #else
225
226 /*
227 * UNROLLED TRANSFORM LOOP NOTE:
228 * You can define SHA2_UNROLL_TRANSFORM to use the unrolled transform
229 * loop version for the hash transform rounds (defined using macros
230 * later in this file). Either define on the command line, for example:
231 *
232 * cc -DISC_SHA2_UNROLL_TRANSFORM -o sha2 sha2.c sha2prog.c
233 *
234 * or define below:
235 *
236 * \#define ISC_SHA2_UNROLL_TRANSFORM
237 *
238 */
239
240 /*** SHA-256/384/512 Machine Architecture Definitions *****************/
241 /*
242 * BYTE_ORDER NOTE:
243 *
244 * Please make sure that your system defines BYTE_ORDER. If your
245 * architecture is little-endian, make sure it also defines
246 * LITTLE_ENDIAN and that the two (BYTE_ORDER and LITTLE_ENDIAN) are
247 * equivalent.
248 *
249 * If your system does not define the above, then you can do so by
250 * hand like this:
251 *
252 * \#define LITTLE_ENDIAN 1234
253 * \#define BIG_ENDIAN 4321
254 *
255 * And for little-endian machines, add:
256 *
257 * \#define BYTE_ORDER LITTLE_ENDIAN
258 *
259 * Or for big-endian machines:
260 *
261 * \#define BYTE_ORDER BIG_ENDIAN
262 *
263 * The FreeBSD machine this was written on defines BYTE_ORDER
264 * appropriately by including <sys/types.h> (which in turn includes
265 * <machine/endian.h> where the appropriate definitions are actually
266 * made).
267 */
268 #if !defined(BYTE_ORDER) || (BYTE_ORDER != LITTLE_ENDIAN && BYTE_ORDER != BIG_ENDIAN)
269 #ifndef BYTE_ORDER
270 #ifndef BIG_ENDIAN
271 #define BIG_ENDIAN 4321
272 #endif
273 #ifndef LITTLE_ENDIAN
274 #define LITTLE_ENDIAN 1234
275 #endif
276 #ifdef WORDS_BIGENDIAN
277 #define BYTE_ORDER BIG_ENDIAN
278 #else
279 #define BYTE_ORDER LITTLE_ENDIAN
280 #endif
281 #else
282 #error Define BYTE_ORDER to be equal to either LITTLE_ENDIAN or BIG_ENDIAN
283 #endif
284 #endif
285
286 /*** SHA-256/384/512 Various Length Definitions ***********************/
287 /* NOTE: Most of these are in sha2.h */
288 #define ISC_SHA256_SHORT_BLOCK_LENGTH (ISC_SHA256_BLOCK_LENGTH - 8)
289 #define ISC_SHA384_SHORT_BLOCK_LENGTH (ISC_SHA384_BLOCK_LENGTH - 16)
290 #define ISC_SHA512_SHORT_BLOCK_LENGTH (ISC_SHA512_BLOCK_LENGTH - 16)
291
292
293 /*** ENDIAN REVERSAL MACROS *******************************************/
294 #if BYTE_ORDER == LITTLE_ENDIAN
295 #define REVERSE32(w,x) { \
296 isc_uint32_t tmp = (w); \
297 tmp = (tmp >> 16) | (tmp << 16); \
298 (x) = ((tmp & 0xff00ff00UL) >> 8) | ((tmp & 0x00ff00ffUL) << 8); \
299 }
300 #ifdef WIN32
301 #define REVERSE64(w,x) { \
302 isc_uint64_t tmp = (w); \
303 tmp = (tmp >> 32) | (tmp << 32); \
304 tmp = ((tmp & 0xff00ff00ff00ff00UL) >> 8) | \
305 ((tmp & 0x00ff00ff00ff00ffUL) << 8); \
306 (x) = ((tmp & 0xffff0000ffff0000UL) >> 16) | \
307 ((tmp & 0x0000ffff0000ffffUL) << 16); \
308 }
309 #else
310 #define REVERSE64(w,x) { \
311 isc_uint64_t tmp = (w); \
312 tmp = (tmp >> 32) | (tmp << 32); \
313 tmp = ((tmp & 0xff00ff00ff00ff00ULL) >> 8) | \
314 ((tmp & 0x00ff00ff00ff00ffULL) << 8); \
315 (x) = ((tmp & 0xffff0000ffff0000ULL) >> 16) | \
316 ((tmp & 0x0000ffff0000ffffULL) << 16); \
317 }
318 #endif
319 #endif /* BYTE_ORDER == LITTLE_ENDIAN */
320
321 /*
322 * Macro for incrementally adding the unsigned 64-bit integer n to the
323 * unsigned 128-bit integer (represented using a two-element array of
324 * 64-bit words):
325 */
326 #define ADDINC128(w,n) { \
327 (w)[0] += (isc_uint64_t)(n); \
328 if ((w)[0] < (n)) { \
329 (w)[1]++; \
330 } \
331 }
332
333 /*** THE SIX LOGICAL FUNCTIONS ****************************************/
334 /*
335 * Bit shifting and rotation (used by the six SHA-XYZ logical functions:
336 *
337 * NOTE: The naming of R and S appears backwards here (R is a SHIFT and
338 * S is a ROTATION) because the SHA-256/384/512 description document
339 * (see http://csrc.nist.gov/cryptval/shs/sha256-384-512.pdf) uses this
340 * same "backwards" definition.
341 */
342 /* Shift-right (used in SHA-256, SHA-384, and SHA-512): */
343 #define R(b,x) ((x) >> (b))
344 /* 32-bit Rotate-right (used in SHA-256): */
345 #define S32(b,x) (((x) >> (b)) | ((x) << (32 - (b))))
346 /* 64-bit Rotate-right (used in SHA-384 and SHA-512): */
347 #define S64(b,x) (((x) >> (b)) | ((x) << (64 - (b))))
348
349 /* Two of six logical functions used in SHA-256, SHA-384, and SHA-512: */
350 #define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z)))
351 #define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
352
353 /* Four of six logical functions used in SHA-256: */
354 #define Sigma0_256(x) (S32(2, (x)) ^ S32(13, (x)) ^ S32(22, (x)))
355 #define Sigma1_256(x) (S32(6, (x)) ^ S32(11, (x)) ^ S32(25, (x)))
356 #define sigma0_256(x) (S32(7, (x)) ^ S32(18, (x)) ^ R(3 , (x)))
357 #define sigma1_256(x) (S32(17, (x)) ^ S32(19, (x)) ^ R(10, (x)))
358
359 /* Four of six logical functions used in SHA-384 and SHA-512: */
360 #define Sigma0_512(x) (S64(28, (x)) ^ S64(34, (x)) ^ S64(39, (x)))
361 #define Sigma1_512(x) (S64(14, (x)) ^ S64(18, (x)) ^ S64(41, (x)))
362 #define sigma0_512(x) (S64( 1, (x)) ^ S64( 8, (x)) ^ R( 7, (x)))
363 #define sigma1_512(x) (S64(19, (x)) ^ S64(61, (x)) ^ R( 6, (x)))
364
365 /*** INTERNAL FUNCTION PROTOTYPES *************************************/
366 /* NOTE: These should not be accessed directly from outside this
367 * library -- they are intended for private internal visibility/use
368 * only.
369 */
370 void isc_sha512_last(isc_sha512_t *);
371 void isc_sha256_transform(isc_sha256_t *, const isc_uint32_t*);
372 void isc_sha512_transform(isc_sha512_t *, const isc_uint64_t*);
373
374
375 /*** SHA-XYZ INITIAL HASH VALUES AND CONSTANTS ************************/
376 /* Hash constant words K for SHA-224 and SHA-256: */
377 static const isc_uint32_t K256[64] = {
378 0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL,
379 0x3956c25bUL, 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL,
380 0xd807aa98UL, 0x12835b01UL, 0x243185beUL, 0x550c7dc3UL,
381 0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL, 0xc19bf174UL,
382 0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL,
383 0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL,
384 0x983e5152UL, 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL,
385 0xc6e00bf3UL, 0xd5a79147UL, 0x06ca6351UL, 0x14292967UL,
386 0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL, 0x53380d13UL,
387 0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL,
388 0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL,
389 0xd192e819UL, 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL,
390 0x19a4c116UL, 0x1e376c08UL, 0x2748774cUL, 0x34b0bcb5UL,
391 0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL, 0x682e6ff3UL,
392 0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL,
393 0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL
394 };
395
396 /* Initial hash value H for SHA-224: */
397 static const isc_uint32_t sha224_initial_hash_value[8] = {
398 0xc1059ed8UL,
399 0x367cd507UL,
400 0x3070dd17UL,
401 0xf70e5939UL,
402 0xffc00b31UL,
403 0x68581511UL,
404 0x64f98fa7UL,
405 0xbefa4fa4UL
406 };
407
408 /* Initial hash value H for SHA-256: */
409 static const isc_uint32_t sha256_initial_hash_value[8] = {
410 0x6a09e667UL,
411 0xbb67ae85UL,
412 0x3c6ef372UL,
413 0xa54ff53aUL,
414 0x510e527fUL,
415 0x9b05688cUL,
416 0x1f83d9abUL,
417 0x5be0cd19UL
418 };
419
420 #ifdef WIN32
421 /* Hash constant words K for SHA-384 and SHA-512: */
422 static const isc_uint64_t K512[80] = {
423 0x428a2f98d728ae22UL, 0x7137449123ef65cdUL,
424 0xb5c0fbcfec4d3b2fUL, 0xe9b5dba58189dbbcUL,
425 0x3956c25bf348b538UL, 0x59f111f1b605d019UL,
426 0x923f82a4af194f9bUL, 0xab1c5ed5da6d8118UL,
427 0xd807aa98a3030242UL, 0x12835b0145706fbeUL,
428 0x243185be4ee4b28cUL, 0x550c7dc3d5ffb4e2UL,
429 0x72be5d74f27b896fUL, 0x80deb1fe3b1696b1UL,
430 0x9bdc06a725c71235UL, 0xc19bf174cf692694UL,
431 0xe49b69c19ef14ad2UL, 0xefbe4786384f25e3UL,
432 0x0fc19dc68b8cd5b5UL, 0x240ca1cc77ac9c65UL,
433 0x2de92c6f592b0275UL, 0x4a7484aa6ea6e483UL,
434 0x5cb0a9dcbd41fbd4UL, 0x76f988da831153b5UL,
435 0x983e5152ee66dfabUL, 0xa831c66d2db43210UL,
436 0xb00327c898fb213fUL, 0xbf597fc7beef0ee4UL,
437 0xc6e00bf33da88fc2UL, 0xd5a79147930aa725UL,
438 0x06ca6351e003826fUL, 0x142929670a0e6e70UL,
439 0x27b70a8546d22ffcUL, 0x2e1b21385c26c926UL,
440 0x4d2c6dfc5ac42aedUL, 0x53380d139d95b3dfUL,
441 0x650a73548baf63deUL, 0x766a0abb3c77b2a8UL,
442 0x81c2c92e47edaee6UL, 0x92722c851482353bUL,
443 0xa2bfe8a14cf10364UL, 0xa81a664bbc423001UL,
444 0xc24b8b70d0f89791UL, 0xc76c51a30654be30UL,
445 0xd192e819d6ef5218UL, 0xd69906245565a910UL,
446 0xf40e35855771202aUL, 0x106aa07032bbd1b8UL,
447 0x19a4c116b8d2d0c8UL, 0x1e376c085141ab53UL,
448 0x2748774cdf8eeb99UL, 0x34b0bcb5e19b48a8UL,
449 0x391c0cb3c5c95a63UL, 0x4ed8aa4ae3418acbUL,
450 0x5b9cca4f7763e373UL, 0x682e6ff3d6b2b8a3UL,
451 0x748f82ee5defb2fcUL, 0x78a5636f43172f60UL,
452 0x84c87814a1f0ab72UL, 0x8cc702081a6439ecUL,
453 0x90befffa23631e28UL, 0xa4506cebde82bde9UL,
454 0xbef9a3f7b2c67915UL, 0xc67178f2e372532bUL,
455 0xca273eceea26619cUL, 0xd186b8c721c0c207UL,
456 0xeada7dd6cde0eb1eUL, 0xf57d4f7fee6ed178UL,
457 0x06f067aa72176fbaUL, 0x0a637dc5a2c898a6UL,
458 0x113f9804bef90daeUL, 0x1b710b35131c471bUL,
459 0x28db77f523047d84UL, 0x32caab7b40c72493UL,
460 0x3c9ebe0a15c9bebcUL, 0x431d67c49c100d4cUL,
461 0x4cc5d4becb3e42b6UL, 0x597f299cfc657e2aUL,
462 0x5fcb6fab3ad6faecUL, 0x6c44198c4a475817UL
463 };
464
465 /* Initial hash value H for SHA-384: */
466 static const isc_uint64_t sha384_initial_hash_value[8] = {
467 0xcbbb9d5dc1059ed8UL,
468 0x629a292a367cd507UL,
469 0x9159015a3070dd17UL,
470 0x152fecd8f70e5939UL,
471 0x67332667ffc00b31UL,
472 0x8eb44a8768581511UL,
473 0xdb0c2e0d64f98fa7UL,
474 0x47b5481dbefa4fa4UL
475 };
476
477 /* Initial hash value H for SHA-512: */
478 static const isc_uint64_t sha512_initial_hash_value[8] = {
479 0x6a09e667f3bcc908U,
480 0xbb67ae8584caa73bUL,
481 0x3c6ef372fe94f82bUL,
482 0xa54ff53a5f1d36f1UL,
483 0x510e527fade682d1UL,
484 0x9b05688c2b3e6c1fUL,
485 0x1f83d9abfb41bd6bUL,
486 0x5be0cd19137e2179UL
487 };
488 #else
489 /* Hash constant words K for SHA-384 and SHA-512: */
490 static const isc_uint64_t K512[80] = {
491 0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL,
492 0xb5c0fbcfec4d3b2fULL, 0xe9b5dba58189dbbcULL,
493 0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL,
494 0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL,
495 0xd807aa98a3030242ULL, 0x12835b0145706fbeULL,
496 0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL,
497 0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL,
498 0x9bdc06a725c71235ULL, 0xc19bf174cf692694ULL,
499 0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL,
500 0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL,
501 0x2de92c6f592b0275ULL, 0x4a7484aa6ea6e483ULL,
502 0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL,
503 0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL,
504 0xb00327c898fb213fULL, 0xbf597fc7beef0ee4ULL,
505 0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL,
506 0x06ca6351e003826fULL, 0x142929670a0e6e70ULL,
507 0x27b70a8546d22ffcULL, 0x2e1b21385c26c926ULL,
508 0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL,
509 0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL,
510 0x81c2c92e47edaee6ULL, 0x92722c851482353bULL,
511 0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL,
512 0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL,
513 0xd192e819d6ef5218ULL, 0xd69906245565a910ULL,
514 0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL,
515 0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL,
516 0x2748774cdf8eeb99ULL, 0x34b0bcb5e19b48a8ULL,
517 0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL,
518 0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL,
519 0x748f82ee5defb2fcULL, 0x78a5636f43172f60ULL,
520 0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL,
521 0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL,
522 0xbef9a3f7b2c67915ULL, 0xc67178f2e372532bULL,
523 0xca273eceea26619cULL, 0xd186b8c721c0c207ULL,
524 0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL,
525 0x06f067aa72176fbaULL, 0x0a637dc5a2c898a6ULL,
526 0x113f9804bef90daeULL, 0x1b710b35131c471bULL,
527 0x28db77f523047d84ULL, 0x32caab7b40c72493ULL,
528 0x3c9ebe0a15c9bebcULL, 0x431d67c49c100d4cULL,
529 0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL,
530 0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL
531 };
532
533 /* Initial hash value H for SHA-384: */
534 static const isc_uint64_t sha384_initial_hash_value[8] = {
535 0xcbbb9d5dc1059ed8ULL,
536 0x629a292a367cd507ULL,
537 0x9159015a3070dd17ULL,
538 0x152fecd8f70e5939ULL,
539 0x67332667ffc00b31ULL,
540 0x8eb44a8768581511ULL,
541 0xdb0c2e0d64f98fa7ULL,
542 0x47b5481dbefa4fa4ULL
543 };
544
545 /* Initial hash value H for SHA-512: */
546 static const isc_uint64_t sha512_initial_hash_value[8] = {
547 0x6a09e667f3bcc908ULL,
548 0xbb67ae8584caa73bULL,
549 0x3c6ef372fe94f82bULL,
550 0xa54ff53a5f1d36f1ULL,
551 0x510e527fade682d1ULL,
552 0x9b05688c2b3e6c1fULL,
553 0x1f83d9abfb41bd6bULL,
554 0x5be0cd19137e2179ULL
555 };
556 #endif
557
558
559 /*** SHA-224: *********************************************************/
560 void
561 isc_sha224_init(isc_sha224_t *context) {
562 if (context == (isc_sha256_t *)0) {
563 return;
564 }
565 memcpy(context->state, sha224_initial_hash_value,
566 ISC_SHA256_DIGESTLENGTH);
567 memset(context->buffer, 0, ISC_SHA256_BLOCK_LENGTH);
568 context->bitcount = 0;
569 }
570
571 void
572 isc_sha224_invalidate(isc_sha224_t *context) {
573 memset(context, 0, sizeof(isc_sha224_t));
574 }
575
576 void
577 isc_sha224_update(isc_sha224_t *context, const isc_uint8_t* data, size_t len) {
578 isc_sha256_update((isc_sha256_t *)context, data, len);
579 }
580
581 void
582 isc_sha224_final(isc_uint8_t digest[], isc_sha224_t *context) {
583 isc_uint8_t sha256_digest[ISC_SHA256_DIGESTLENGTH];
584 isc_sha256_final(sha256_digest, (isc_sha256_t *)context);
585 memcpy(digest, sha256_digest, ISC_SHA224_DIGESTLENGTH);
586 memset(sha256_digest, 0, ISC_SHA256_DIGESTLENGTH);
587 }
588
589 /*** SHA-256: *********************************************************/
590 void
591 isc_sha256_init(isc_sha256_t *context) {
592 if (context == (isc_sha256_t *)0) {
593 return;
594 }
595 memcpy(context->state, sha256_initial_hash_value,
596 ISC_SHA256_DIGESTLENGTH);
597 memset(context->buffer, 0, ISC_SHA256_BLOCK_LENGTH);
598 context->bitcount = 0;
599 }
600
601 void
602 isc_sha256_invalidate(isc_sha256_t *context) {
603 memset(context, 0, sizeof(isc_sha256_t));
604 }
605
606 #ifdef ISC_SHA2_UNROLL_TRANSFORM
607
608 /* Unrolled SHA-256 round macros: */
609
610 #if BYTE_ORDER == LITTLE_ENDIAN
611
612 #define ROUND256_0_TO_15(a,b,c,d,e,f,g,h) \
613 REVERSE32(*data++, W256[j]); \
614 T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + \
615 K256[j] + W256[j]; \
616 (d) += T1; \
617 (h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \
618 j++
619
620
621 #else /* BYTE_ORDER == LITTLE_ENDIAN */
622
623 #define ROUND256_0_TO_15(a,b,c,d,e,f,g,h) \
624 T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + \
625 K256[j] + (W256[j] = *data++); \
626 (d) += T1; \
627 (h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \
628 j++
629
630 #endif /* BYTE_ORDER == LITTLE_ENDIAN */
631
632 #define ROUND256(a,b,c,d,e,f,g,h) \
633 s0 = W256[(j+1)&0x0f]; \
634 s0 = sigma0_256(s0); \
635 s1 = W256[(j+14)&0x0f]; \
636 s1 = sigma1_256(s1); \
637 T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + K256[j] + \
638 (W256[j&0x0f] += s1 + W256[(j+9)&0x0f] + s0); \
639 (d) += T1; \
640 (h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \
641 j++
642
643 void isc_sha256_transform(isc_sha256_t *context, const isc_uint32_t* data) {
644 isc_uint32_t a, b, c, d, e, f, g, h, s0, s1;
645 isc_uint32_t T1, *W256;
646 int j;
647
648 W256 = (isc_uint32_t*)context->buffer;
649
650 /* Initialize registers with the prev. intermediate value */
651 a = context->state[0];
652 b = context->state[1];
653 c = context->state[2];
654 d = context->state[3];
655 e = context->state[4];
656 f = context->state[5];
657 g = context->state[6];
658 h = context->state[7];
659
660 j = 0;
661 do {
662 /* Rounds 0 to 15 (unrolled): */
663 ROUND256_0_TO_15(a,b,c,d,e,f,g,h);
664 ROUND256_0_TO_15(h,a,b,c,d,e,f,g);
665 ROUND256_0_TO_15(g,h,a,b,c,d,e,f);
666 ROUND256_0_TO_15(f,g,h,a,b,c,d,e);
667 ROUND256_0_TO_15(e,f,g,h,a,b,c,d);
668 ROUND256_0_TO_15(d,e,f,g,h,a,b,c);
669 ROUND256_0_TO_15(c,d,e,f,g,h,a,b);
670 ROUND256_0_TO_15(b,c,d,e,f,g,h,a);
671 } while (j < 16);
672
673 /* Now for the remaining rounds to 64: */
674 do {
675 ROUND256(a,b,c,d,e,f,g,h);
676 ROUND256(h,a,b,c,d,e,f,g);
677 ROUND256(g,h,a,b,c,d,e,f);
678 ROUND256(f,g,h,a,b,c,d,e);
679 ROUND256(e,f,g,h,a,b,c,d);
680 ROUND256(d,e,f,g,h,a,b,c);
681 ROUND256(c,d,e,f,g,h,a,b);
682 ROUND256(b,c,d,e,f,g,h,a);
683 } while (j < 64);
684
685 /* Compute the current intermediate hash value */
686 context->state[0] += a;
687 context->state[1] += b;
688 context->state[2] += c;
689 context->state[3] += d;
690 context->state[4] += e;
691 context->state[5] += f;
692 context->state[6] += g;
693 context->state[7] += h;
694
695 /* Clean up */
696 a = b = c = d = e = f = g = h = T1 = 0;
697 }
698
699 #else /* ISC_SHA2_UNROLL_TRANSFORM */
700
701 void
702 isc_sha256_transform(isc_sha256_t *context, const isc_uint32_t* data) {
703 isc_uint32_t a, b, c, d, e, f, g, h, s0, s1;
704 isc_uint32_t T1, T2, *W256;
705 int j;
706
707 W256 = (isc_uint32_t*)context->buffer;
708
709 /* Initialize registers with the prev. intermediate value */
710 a = context->state[0];
711 b = context->state[1];
712 c = context->state[2];
713 d = context->state[3];
714 e = context->state[4];
715 f = context->state[5];
716 g = context->state[6];
717 h = context->state[7];
718
719 j = 0;
720 do {
721 #if BYTE_ORDER == LITTLE_ENDIAN
722 /* Copy data while converting to host byte order */
723 REVERSE32(*data++,W256[j]);
724 /* Apply the SHA-256 compression function to update a..h */
725 T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + W256[j];
726 #else /* BYTE_ORDER == LITTLE_ENDIAN */
727 /* Apply the SHA-256 compression function to update a..h with copy */
728 T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + (W256[j] = *data++);
729 #endif /* BYTE_ORDER == LITTLE_ENDIAN */
730 T2 = Sigma0_256(a) + Maj(a, b, c);
731 h = g;
732 g = f;
733 f = e;
734 e = d + T1;
735 d = c;
736 c = b;
737 b = a;
738 a = T1 + T2;
739
740 j++;
741 } while (j < 16);
742
743 do {
744 /* Part of the message block expansion: */
745 s0 = W256[(j+1)&0x0f];
746 s0 = sigma0_256(s0);
747 s1 = W256[(j+14)&0x0f];
748 s1 = sigma1_256(s1);
749
750 /* Apply the SHA-256 compression function to update a..h */
751 T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] +
752 (W256[j&0x0f] += s1 + W256[(j+9)&0x0f] + s0);
753 T2 = Sigma0_256(a) + Maj(a, b, c);
754 h = g;
755 g = f;
756 f = e;
757 e = d + T1;
758 d = c;
759 c = b;
760 b = a;
761 a = T1 + T2;
762
763 j++;
764 } while (j < 64);
765
766 /* Compute the current intermediate hash value */
767 context->state[0] += a;
768 context->state[1] += b;
769 context->state[2] += c;
770 context->state[3] += d;
771 context->state[4] += e;
772 context->state[5] += f;
773 context->state[6] += g;
774 context->state[7] += h;
775
776 /* Clean up */
777 a = b = c = d = e = f = g = h = T1 = T2 = 0;
778 }
779
780 #endif /* ISC_SHA2_UNROLL_TRANSFORM */
781
782 void
783 isc_sha256_update(isc_sha256_t *context, const isc_uint8_t *data, size_t len) {
784 unsigned int freespace, usedspace;
785
786 if (len == 0U) {
787 /* Calling with no data is valid - we do nothing */
788 return;
789 }
790
791 /* Sanity check: */
792 REQUIRE(context != (isc_sha256_t *)0 && data != (isc_uint8_t*)0);
793
794 usedspace = (unsigned int)((context->bitcount >> 3) %
795 ISC_SHA256_BLOCK_LENGTH);
796 if (usedspace > 0) {
797 /* Calculate how much free space is available in the buffer */
798 freespace = ISC_SHA256_BLOCK_LENGTH - usedspace;
799
800 if (len >= freespace) {
801 /* Fill the buffer completely and process it */
802 memcpy(&context->buffer[usedspace], data, freespace);
803 context->bitcount += freespace << 3;
804 len -= freespace;
805 data += freespace;
806 isc_sha256_transform(context,
807 (isc_uint32_t*)context->buffer);
808 } else {
809 /* The buffer is not yet full */
810 memcpy(&context->buffer[usedspace], data, len);
811 context->bitcount += len << 3;
812 /* Clean up: */
813 usedspace = freespace = 0;
814 return;
815 }
816 }
817 while (len >= ISC_SHA256_BLOCK_LENGTH) {
818 /* Process as many complete blocks as we can */
819 memcpy(context->buffer, data, ISC_SHA256_BLOCK_LENGTH);
820 isc_sha256_transform(context, (isc_uint32_t*)context->buffer);
821 context->bitcount += ISC_SHA256_BLOCK_LENGTH << 3;
822 len -= ISC_SHA256_BLOCK_LENGTH;
823 data += ISC_SHA256_BLOCK_LENGTH;
824 }
825 if (len > 0U) {
826 /* There's left-overs, so save 'em */
827 memcpy(context->buffer, data, len);
828 context->bitcount += len << 3;
829 }
830 /* Clean up: */
831 usedspace = freespace = 0;
832 }
833
834 void
835 isc_sha256_final(isc_uint8_t digest[], isc_sha256_t *context) {
836 isc_uint32_t *d = (isc_uint32_t*)digest;
837 unsigned int usedspace;
838
839 /* Sanity check: */
840 REQUIRE(context != (isc_sha256_t *)0);
841
842 /* If no digest buffer is passed, we don't bother doing this: */
843 if (digest != (isc_uint8_t*)0) {
844 usedspace = (unsigned int)((context->bitcount >> 3) %
845 ISC_SHA256_BLOCK_LENGTH);
846 #if BYTE_ORDER == LITTLE_ENDIAN
847 /* Convert FROM host byte order */
848 REVERSE64(context->bitcount,context->bitcount);
849 #endif
850 if (usedspace > 0) {
851 /* Begin padding with a 1 bit: */
852 context->buffer[usedspace++] = 0x80;
853
854 if (usedspace <= ISC_SHA256_SHORT_BLOCK_LENGTH) {
855 /* Set-up for the last transform: */
856 memset(&context->buffer[usedspace], 0,
857 ISC_SHA256_SHORT_BLOCK_LENGTH - usedspace);
858 } else {
859 if (usedspace < ISC_SHA256_BLOCK_LENGTH) {
860 memset(&context->buffer[usedspace], 0,
861 ISC_SHA256_BLOCK_LENGTH -
862 usedspace);
863 }
864 /* Do second-to-last transform: */
865 isc_sha256_transform(context,
866 (isc_uint32_t*)context->buffer);
867
868 /* And set-up for the last transform: */
869 memset(context->buffer, 0,
870 ISC_SHA256_SHORT_BLOCK_LENGTH);
871 }
872 } else {
873 /* Set-up for the last transform: */
874 memset(context->buffer, 0, ISC_SHA256_SHORT_BLOCK_LENGTH);
875
876 /* Begin padding with a 1 bit: */
877 *context->buffer = 0x80;
878 }
879 /* Set the bit count: */
880 *(isc_uint64_t*)&context->buffer[ISC_SHA256_SHORT_BLOCK_LENGTH] = context->bitcount;
881
882 /* Final transform: */
883 isc_sha256_transform(context, (isc_uint32_t*)context->buffer);
884
885 #if BYTE_ORDER == LITTLE_ENDIAN
886 {
887 /* Convert TO host byte order */
888 int j;
889 for (j = 0; j < 8; j++) {
890 REVERSE32(context->state[j],context->state[j]);
891 *d++ = context->state[j];
892 }
893 }
894 #else
895 memcpy(d, context->state, ISC_SHA256_DIGESTLENGTH);
896 #endif
897 }
898
899 /* Clean up state data: */
900 memset(context, 0, sizeof(context));
901 usedspace = 0;
902 }
903
904 /*** SHA-512: *********************************************************/
905 void
906 isc_sha512_init(isc_sha512_t *context) {
907 if (context == (isc_sha512_t *)0) {
908 return;
909 }
910 memcpy(context->state, sha512_initial_hash_value,
911 ISC_SHA512_DIGESTLENGTH);
912 memset(context->buffer, 0, ISC_SHA512_BLOCK_LENGTH);
913 context->bitcount[0] = context->bitcount[1] = 0;
914 }
915
916 void
917 isc_sha512_invalidate(isc_sha512_t *context) {
918 memset(context, 0, sizeof(isc_sha512_t));
919 }
920
921 #ifdef ISC_SHA2_UNROLL_TRANSFORM
922
923 /* Unrolled SHA-512 round macros: */
924 #if BYTE_ORDER == LITTLE_ENDIAN
925
926 #define ROUND512_0_TO_15(a,b,c,d,e,f,g,h) \
927 REVERSE64(*data++, W512[j]); \
928 T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + \
929 K512[j] + W512[j]; \
930 (d) += T1, \
931 (h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)), \
932 j++
933
934
935 #else /* BYTE_ORDER == LITTLE_ENDIAN */
936
937 #define ROUND512_0_TO_15(a,b,c,d,e,f,g,h) \
938 T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + \
939 K512[j] + (W512[j] = *data++); \
940 (d) += T1; \
941 (h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)); \
942 j++
943
944 #endif /* BYTE_ORDER == LITTLE_ENDIAN */
945
946 #define ROUND512(a,b,c,d,e,f,g,h) \
947 s0 = W512[(j+1)&0x0f]; \
948 s0 = sigma0_512(s0); \
949 s1 = W512[(j+14)&0x0f]; \
950 s1 = sigma1_512(s1); \
951 T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + K512[j] + \
952 (W512[j&0x0f] += s1 + W512[(j+9)&0x0f] + s0); \
953 (d) += T1; \
954 (h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)); \
955 j++
956
957 void isc_sha512_transform(isc_sha512_t *context, const isc_uint64_t* data) {
958 isc_uint64_t a, b, c, d, e, f, g, h, s0, s1;
959 isc_uint64_t T1, *W512 = (isc_uint64_t*)context->buffer;
960 int j;
961
962 /* Initialize registers with the prev. intermediate value */
963 a = context->state[0];
964 b = context->state[1];
965 c = context->state[2];
966 d = context->state[3];
967 e = context->state[4];
968 f = context->state[5];
969 g = context->state[6];
970 h = context->state[7];
971
972 j = 0;
973 do {
974 ROUND512_0_TO_15(a,b,c,d,e,f,g,h);
975 ROUND512_0_TO_15(h,a,b,c,d,e,f,g);
976 ROUND512_0_TO_15(g,h,a,b,c,d,e,f);
977 ROUND512_0_TO_15(f,g,h,a,b,c,d,e);
978 ROUND512_0_TO_15(e,f,g,h,a,b,c,d);
979 ROUND512_0_TO_15(d,e,f,g,h,a,b,c);
980 ROUND512_0_TO_15(c,d,e,f,g,h,a,b);
981 ROUND512_0_TO_15(b,c,d,e,f,g,h,a);
982 } while (j < 16);
983
984 /* Now for the remaining rounds up to 79: */
985 do {
986 ROUND512(a,b,c,d,e,f,g,h);
987 ROUND512(h,a,b,c,d,e,f,g);
988 ROUND512(g,h,a,b,c,d,e,f);
989 ROUND512(f,g,h,a,b,c,d,e);
990 ROUND512(e,f,g,h,a,b,c,d);
991 ROUND512(d,e,f,g,h,a,b,c);
992 ROUND512(c,d,e,f,g,h,a,b);
993 ROUND512(b,c,d,e,f,g,h,a);
994 } while (j < 80);
995
996 /* Compute the current intermediate hash value */
997 context->state[0] += a;
998 context->state[1] += b;
999 context->state[2] += c;
1000 context->state[3] += d;
1001 context->state[4] += e;
1002 context->state[5] += f;
1003 context->state[6] += g;
1004 context->state[7] += h;
1005
1006 /* Clean up */
1007 a = b = c = d = e = f = g = h = T1 = 0;
1008 }
1009
1010 #else /* ISC_SHA2_UNROLL_TRANSFORM */
1011
1012 void
1013 isc_sha512_transform(isc_sha512_t *context, const isc_uint64_t* data) {
1014 isc_uint64_t a, b, c, d, e, f, g, h, s0, s1;
1015 isc_uint64_t T1, T2, *W512 = (isc_uint64_t*)context->buffer;
1016 int j;
1017
1018 /* Initialize registers with the prev. intermediate value */
1019 a = context->state[0];
1020 b = context->state[1];
1021 c = context->state[2];
1022 d = context->state[3];
1023 e = context->state[4];
1024 f = context->state[5];
1025 g = context->state[6];
1026 h = context->state[7];
1027
1028 j = 0;
1029 do {
1030 #if BYTE_ORDER == LITTLE_ENDIAN
1031 /* Convert TO host byte order */
1032 REVERSE64(*data++, W512[j]);
1033 /* Apply the SHA-512 compression function to update a..h */
1034 T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + W512[j];
1035 #else /* BYTE_ORDER == LITTLE_ENDIAN */
1036 /* Apply the SHA-512 compression function to update a..h with copy */
1037 T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + (W512[j] = *data++);
1038 #endif /* BYTE_ORDER == LITTLE_ENDIAN */
1039 T2 = Sigma0_512(a) + Maj(a, b, c);
1040 h = g;
1041 g = f;
1042 f = e;
1043 e = d + T1;
1044 d = c;
1045 c = b;
1046 b = a;
1047 a = T1 + T2;
1048
1049 j++;
1050 } while (j < 16);
1051
1052 do {
1053 /* Part of the message block expansion: */
1054 s0 = W512[(j+1)&0x0f];
1055 s0 = sigma0_512(s0);
1056 s1 = W512[(j+14)&0x0f];
1057 s1 = sigma1_512(s1);
1058
1059 /* Apply the SHA-512 compression function to update a..h */
1060 T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] +
1061 (W512[j&0x0f] += s1 + W512[(j+9)&0x0f] + s0);
1062 T2 = Sigma0_512(a) + Maj(a, b, c);
1063 h = g;
1064 g = f;
1065 f = e;
1066 e = d + T1;
1067 d = c;
1068 c = b;
1069 b = a;
1070 a = T1 + T2;
1071
1072 j++;
1073 } while (j < 80);
1074
1075 /* Compute the current intermediate hash value */
1076 context->state[0] += a;
1077 context->state[1] += b;
1078 context->state[2] += c;
1079 context->state[3] += d;
1080 context->state[4] += e;
1081 context->state[5] += f;
1082 context->state[6] += g;
1083 context->state[7] += h;
1084
1085 /* Clean up */
1086 a = b = c = d = e = f = g = h = T1 = T2 = 0;
1087 }
1088
1089 #endif /* ISC_SHA2_UNROLL_TRANSFORM */
1090
1091 void isc_sha512_update(isc_sha512_t *context, const isc_uint8_t *data, size_t len) {
1092 unsigned int freespace, usedspace;
1093
1094 if (len == 0U) {
1095 /* Calling with no data is valid - we do nothing */
1096 return;
1097 }
1098
1099 /* Sanity check: */
1100 REQUIRE(context != (isc_sha512_t *)0 && data != (isc_uint8_t*)0);
1101
1102 usedspace = (unsigned int)((context->bitcount[0] >> 3) %
1103 ISC_SHA512_BLOCK_LENGTH);
1104 if (usedspace > 0) {
1105 /* Calculate how much free space is available in the buffer */
1106 freespace = ISC_SHA512_BLOCK_LENGTH - usedspace;
1107
1108 if (len >= freespace) {
1109 /* Fill the buffer completely and process it */
1110 memcpy(&context->buffer[usedspace], data, freespace);
1111 ADDINC128(context->bitcount, freespace << 3);
1112 len -= freespace;
1113 data += freespace;
1114 isc_sha512_transform(context,
1115 (isc_uint64_t*)context->buffer);
1116 } else {
1117 /* The buffer is not yet full */
1118 memcpy(&context->buffer[usedspace], data, len);
1119 ADDINC128(context->bitcount, len << 3);
1120 /* Clean up: */
1121 usedspace = freespace = 0;
1122 return;
1123 }
1124 }
1125 while (len >= ISC_SHA512_BLOCK_LENGTH) {
1126 /* Process as many complete blocks as we can */
1127 memcpy(context->buffer, data, ISC_SHA512_BLOCK_LENGTH);
1128 isc_sha512_transform(context, (isc_uint64_t*)context->buffer);
1129 ADDINC128(context->bitcount, ISC_SHA512_BLOCK_LENGTH << 3);
1130 len -= ISC_SHA512_BLOCK_LENGTH;
1131 data += ISC_SHA512_BLOCK_LENGTH;
1132 }
1133 if (len > 0U) {
1134 /* There's left-overs, so save 'em */
1135 memcpy(context->buffer, data, len);
1136 ADDINC128(context->bitcount, len << 3);
1137 }
1138 /* Clean up: */
1139 usedspace = freespace = 0;
1140 }
1141
1142 void isc_sha512_last(isc_sha512_t *context) {
1143 unsigned int usedspace;
1144
1145 usedspace = (unsigned int)((context->bitcount[0] >> 3) %
1146 ISC_SHA512_BLOCK_LENGTH);
1147 #if BYTE_ORDER == LITTLE_ENDIAN
1148 /* Convert FROM host byte order */
1149 REVERSE64(context->bitcount[0],context->bitcount[0]);
1150 REVERSE64(context->bitcount[1],context->bitcount[1]);
1151 #endif
1152 if (usedspace > 0) {
1153 /* Begin padding with a 1 bit: */
1154 context->buffer[usedspace++] = 0x80;
1155
1156 if (usedspace <= ISC_SHA512_SHORT_BLOCK_LENGTH) {
1157 /* Set-up for the last transform: */
1158 memset(&context->buffer[usedspace], 0,
1159 ISC_SHA512_SHORT_BLOCK_LENGTH - usedspace);
1160 } else {
1161 if (usedspace < ISC_SHA512_BLOCK_LENGTH) {
1162 memset(&context->buffer[usedspace], 0,
1163 ISC_SHA512_BLOCK_LENGTH - usedspace);
1164 }
1165 /* Do second-to-last transform: */
1166 isc_sha512_transform(context,
1167 (isc_uint64_t*)context->buffer);
1168
1169 /* And set-up for the last transform: */
1170 memset(context->buffer, 0, ISC_SHA512_BLOCK_LENGTH - 2);
1171 }
1172 } else {
1173 /* Prepare for final transform: */
1174 memset(context->buffer, 0, ISC_SHA512_SHORT_BLOCK_LENGTH);
1175
1176 /* Begin padding with a 1 bit: */
1177 *context->buffer = 0x80;
1178 }
1179 /* Store the length of input data (in bits): */
1180 *(isc_uint64_t*)&context->buffer[ISC_SHA512_SHORT_BLOCK_LENGTH] = context->bitcount[1];
1181 *(isc_uint64_t*)&context->buffer[ISC_SHA512_SHORT_BLOCK_LENGTH+8] = context->bitcount[0];
1182
1183 /* Final transform: */
1184 isc_sha512_transform(context, (isc_uint64_t*)context->buffer);
1185 }
1186
1187 void isc_sha512_final(isc_uint8_t digest[], isc_sha512_t *context) {
1188 isc_uint64_t *d = (isc_uint64_t*)digest;
1189
1190 /* Sanity check: */
1191 REQUIRE(context != (isc_sha512_t *)0);
1192
1193 /* If no digest buffer is passed, we don't bother doing this: */
1194 if (digest != (isc_uint8_t*)0) {
1195 isc_sha512_last(context);
1196
1197 /* Save the hash data for output: */
1198 #if BYTE_ORDER == LITTLE_ENDIAN
1199 {
1200 /* Convert TO host byte order */
1201 int j;
1202 for (j = 0; j < 8; j++) {
1203 REVERSE64(context->state[j],context->state[j]);
1204 *d++ = context->state[j];
1205 }
1206 }
1207 #else
1208 memcpy(d, context->state, ISC_SHA512_DIGESTLENGTH);
1209 #endif
1210 }
1211
1212 /* Zero out state data */
1213 memset(context, 0, sizeof(context));
1214 }
1215
1216
1217 /*** SHA-384: *********************************************************/
1218 void
1219 isc_sha384_init(isc_sha384_t *context) {
1220 if (context == (isc_sha384_t *)0) {
1221 return;
1222 }
1223 memcpy(context->state, sha384_initial_hash_value,
1224 ISC_SHA512_DIGESTLENGTH);
1225 memset(context->buffer, 0, ISC_SHA384_BLOCK_LENGTH);
1226 context->bitcount[0] = context->bitcount[1] = 0;
1227 }
1228
1229 void
1230 isc_sha384_invalidate(isc_sha384_t *context) {
1231 memset(context, 0, sizeof(isc_sha384_t));
1232 }
1233
1234 void
1235 isc_sha384_update(isc_sha384_t *context, const isc_uint8_t* data, size_t len) {
1236 isc_sha512_update((isc_sha512_t *)context, data, len);
1237 }
1238
1239 void
1240 isc_sha384_final(isc_uint8_t digest[], isc_sha384_t *context) {
1241 isc_uint64_t *d = (isc_uint64_t*)digest;
1242
1243 /* Sanity check: */
1244 REQUIRE(context != (isc_sha384_t *)0);
1245
1246 /* If no digest buffer is passed, we don't bother doing this: */
1247 if (digest != (isc_uint8_t*)0) {
1248 isc_sha512_last((isc_sha512_t *)context);
1249
1250 /* Save the hash data for output: */
1251 #if BYTE_ORDER == LITTLE_ENDIAN
1252 {
1253 /* Convert TO host byte order */
1254 int j;
1255 for (j = 0; j < 6; j++) {
1256 REVERSE64(context->state[j],context->state[j]);
1257 *d++ = context->state[j];
1258 }
1259 }
1260 #else
1261 memcpy(d, context->state, ISC_SHA384_DIGESTLENGTH);
1262 #endif
1263 }
1264
1265 /* Zero out state data */
1266 memset(context, 0, sizeof(context));
1267 }
1268 #endif /* !ISC_PLATFORM_OPENSSLHASH */
1269
1270 /*
1271 * Constant used by SHA256/384/512_End() functions for converting the
1272 * digest to a readable hexadecimal character string:
1273 */
1274 static const char *sha2_hex_digits = "0123456789abcdef";
1275
1276 char *
1277 isc_sha224_end(isc_sha224_t *context, char buffer[]) {
1278 isc_uint8_t digest[ISC_SHA224_DIGESTLENGTH], *d = digest;
1279 unsigned int i;
1280
1281 /* Sanity check: */
1282 REQUIRE(context != (isc_sha224_t *)0);
1283
1284 if (buffer != (char*)0) {
1285 isc_sha224_final(digest, context);
1286
1287 for (i = 0; i < ISC_SHA224_DIGESTLENGTH; i++) {
1288 *buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4];
1289 *buffer++ = sha2_hex_digits[*d & 0x0f];
1290 d++;
1291 }
1292 *buffer = (char)0;
1293 } else {
1294 #ifdef ISC_PLATFORM_OPENSSLHASH
1295 EVP_MD_CTX_cleanup(context);
1296 #else
1297 memset(context, 0, sizeof(context));
1298 #endif
1299 }
1300 memset(digest, 0, ISC_SHA224_DIGESTLENGTH);
1301 return buffer;
1302 }
1303
1304 char *
1305 isc_sha224_data(const isc_uint8_t *data, size_t len,
1306 char digest[ISC_SHA224_DIGESTSTRINGLENGTH])
1307 {
1308 isc_sha224_t context;
1309
1310 isc_sha224_init(&context);
1311 isc_sha224_update(&context, data, len);
1312 return (isc_sha224_end(&context, digest));
1313 }
1314
1315 char *
1316 isc_sha256_end(isc_sha256_t *context, char buffer[]) {
1317 isc_uint8_t digest[ISC_SHA256_DIGESTLENGTH], *d = digest;
1318 unsigned int i;
1319
1320 /* Sanity check: */
1321 REQUIRE(context != (isc_sha256_t *)0);
1322
1323 if (buffer != (char*)0) {
1324 isc_sha256_final(digest, context);
1325
1326 for (i = 0; i < ISC_SHA256_DIGESTLENGTH; i++) {
1327 *buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4];
1328 *buffer++ = sha2_hex_digits[*d & 0x0f];
1329 d++;
1330 }
1331 *buffer = (char)0;
1332 } else {
1333 #ifdef ISC_PLATFORM_OPENSSLHASH
1334 EVP_MD_CTX_cleanup(context);
1335 #else
1336 memset(context, 0, sizeof(context));
1337 #endif
1338 }
1339 memset(digest, 0, ISC_SHA256_DIGESTLENGTH);
1340 return buffer;
1341 }
1342
1343 char *
1344 isc_sha256_data(const isc_uint8_t* data, size_t len,
1345 char digest[ISC_SHA256_DIGESTSTRINGLENGTH])
1346 {
1347 isc_sha256_t context;
1348
1349 isc_sha256_init(&context);
1350 isc_sha256_update(&context, data, len);
1351 return (isc_sha256_end(&context, digest));
1352 }
1353
1354 char *
1355 isc_sha512_end(isc_sha512_t *context, char buffer[]) {
1356 isc_uint8_t digest[ISC_SHA512_DIGESTLENGTH], *d = digest;
1357 unsigned int i;
1358
1359 /* Sanity check: */
1360 REQUIRE(context != (isc_sha512_t *)0);
1361
1362 if (buffer != (char*)0) {
1363 isc_sha512_final(digest, context);
1364
1365 for (i = 0; i < ISC_SHA512_DIGESTLENGTH; i++) {
1366 *buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4];
1367 *buffer++ = sha2_hex_digits[*d & 0x0f];
1368 d++;
1369 }
1370 *buffer = (char)0;
1371 } else {
1372 #ifdef ISC_PLATFORM_OPENSSLHASH
1373 EVP_MD_CTX_cleanup(context);
1374 #else
1375 memset(context, 0, sizeof(context));
1376 #endif
1377 }
1378 memset(digest, 0, ISC_SHA512_DIGESTLENGTH);
1379 return buffer;
1380 }
1381
1382 char *
1383 isc_sha512_data(const isc_uint8_t *data, size_t len,
1384 char digest[ISC_SHA512_DIGESTSTRINGLENGTH])
1385 {
1386 isc_sha512_t context;
1387
1388 isc_sha512_init(&context);
1389 isc_sha512_update(&context, data, len);
1390 return (isc_sha512_end(&context, digest));
1391 }
1392
1393 char *
1394 isc_sha384_end(isc_sha384_t *context, char buffer[]) {
1395 isc_uint8_t digest[ISC_SHA384_DIGESTLENGTH], *d = digest;
1396 unsigned int i;
1397
1398 /* Sanity check: */
1399 REQUIRE(context != (isc_sha384_t *)0);
1400
1401 if (buffer != (char*)0) {
1402 isc_sha384_final(digest, context);
1403
1404 for (i = 0; i < ISC_SHA384_DIGESTLENGTH; i++) {
1405 *buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4];
1406 *buffer++ = sha2_hex_digits[*d & 0x0f];
1407 d++;
1408 }
1409 *buffer = (char)0;
1410 } else {
1411 #ifdef ISC_PLATFORM_OPENSSLHASH
1412 EVP_MD_CTX_cleanup(context);
1413 #else
1414 memset(context, 0, sizeof(context));
1415 #endif
1416 }
1417 memset(digest, 0, ISC_SHA384_DIGESTLENGTH);
1418 return buffer;
1419 }
1420
1421 char *
1422 isc_sha384_data(const isc_uint8_t *data, size_t len,
1423 char digest[ISC_SHA384_DIGESTSTRINGLENGTH])
1424 {
1425 isc_sha384_t context;
1426
1427 isc_sha384_init(&context);
1428 isc_sha384_update(&context, data, len);
1429 return (isc_sha384_end(&context, digest));
1430 }
NetBSD on the FriendlyARM MINI2440