search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Patrick Welche <prlw1@cam.ac.uk>
[netbsd-mini2440.git] / external / bsd / ntp / dist / lib / isc / sha2.c
blob2dbcb1b07c2e670efc642e05721266e0a83c2a1d
1 /* $NetBSD$ */
2
3 /*
4 * Copyright (C) 2005-2007, 2009 Internet Systems Consortium, Inc. ("ISC")
5 *
6 * Permission to use, copy, modify, and/or distribute this software for any
7 * purpose with or without fee is hereby granted, provided that the above
8 * copyright notice and this permission notice appear in all copies.
9 *
10 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
11 * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
12 * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
13 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
14 * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
15 * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
16 * PERFORMANCE OF THIS SOFTWARE.
17 */
18
19 /* Id: sha2.c,v 1.13.332.2 2009/01/18 23:47:41 tbox Exp */
20
21 /* $FreeBSD: src/sys/crypto/sha2/sha2.c,v 1.2.2.2 2002/03/05 08:36:47 ume Exp $ */
22 /* $KAME: sha2.c,v 1.8 2001/11/08 01:07:52 itojun Exp $ */
23
24 /*
25 * sha2.c
26 *
27 * Version 1.0.0beta1
28 *
29 * Written by Aaron D. Gifford <me@aarongifford.com>
30 *
31 * Copyright 2000 Aaron D. Gifford. All rights reserved.
32 *
33 * Redistribution and use in source and binary forms, with or without
34 * modification, are permitted provided that the following conditions
35 * are met:
36 * 1. Redistributions of source code must retain the above copyright
37 * notice, this list of conditions and the following disclaimer.
38 * 2. Redistributions in binary form must reproduce the above copyright
39 * notice, this list of conditions and the following disclaimer in the
40 * documentation and/or other materials provided with the distribution.
41 * 3. Neither the name of the copyright holder nor the names of contributors
42 * may be used to endorse or promote products derived from this software
43 * without specific prior written permission.
44 *
45 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) AND CONTRIBUTOR(S) ``AS IS'' AND
46 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
47 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
48 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR(S) OR CONTRIBUTOR(S) BE LIABLE
49 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
50 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
51 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
52 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
53 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
54 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
55 * SUCH DAMAGE.
56 *
57 */
58
59
60 #include <config.h>
61
62 #include <isc/assertions.h>
63 #include <isc/sha2.h>
64 #include <isc/string.h>
65 #include <isc/util.h>
66
67 /*
68 * UNROLLED TRANSFORM LOOP NOTE:
69 * You can define SHA2_UNROLL_TRANSFORM to use the unrolled transform
70 * loop version for the hash transform rounds (defined using macros
71 * later in this file). Either define on the command line, for example:
72 *
73 * cc -DISC_SHA2_UNROLL_TRANSFORM -o sha2 sha2.c sha2prog.c
74 *
75 * or define below:
76 *
77 * \#define ISC_SHA2_UNROLL_TRANSFORM
78 *
79 */
80
81 /*** SHA-256/384/512 Machine Architecture Definitions *****************/
82 /*
83 * BYTE_ORDER NOTE:
84 *
85 * Please make sure that your system defines BYTE_ORDER. If your
86 * architecture is little-endian, make sure it also defines
87 * LITTLE_ENDIAN and that the two (BYTE_ORDER and LITTLE_ENDIAN) are
88 * equivalent.
89 *
90 * If your system does not define the above, then you can do so by
91 * hand like this:
92 *
93 * \#define LITTLE_ENDIAN 1234
94 * \#define BIG_ENDIAN 4321
95 *
96 * And for little-endian machines, add:
97 *
98 * \#define BYTE_ORDER LITTLE_ENDIAN
99 *
100 * Or for big-endian machines:
101 *
102 * \#define BYTE_ORDER BIG_ENDIAN
103 *
104 * The FreeBSD machine this was written on defines BYTE_ORDER
105 * appropriately by including <sys/types.h> (which in turn includes
106 * <machine/endian.h> where the appropriate definitions are actually
107 * made).
108 */
109 #if !defined(BYTE_ORDER) || (BYTE_ORDER != LITTLE_ENDIAN && BYTE_ORDER != BIG_ENDIAN)
110 #ifndef BYTE_ORDER
111 #ifndef BIG_ENDIAN
112 #define BIG_ENDIAN 4321
113 #endif
114 #ifndef LITTLE_ENDIAN
115 #define LITTLE_ENDIAN 1234
116 #endif
117 #ifdef WORDS_BIGENDIAN
118 #define BYTE_ORDER BIG_ENDIAN
119 #else
120 #define BYTE_ORDER LITTLE_ENDIAN
121 #endif
122 #else
123 #error Define BYTE_ORDER to be equal to either LITTLE_ENDIAN or BIG_ENDIAN
124 #endif
125 #endif
126
127 /*** SHA-256/384/512 Various Length Definitions ***********************/
128 /* NOTE: Most of these are in sha2.h */
129 #define ISC_SHA256_SHORT_BLOCK_LENGTH (ISC_SHA256_BLOCK_LENGTH - 8)
130 #define ISC_SHA384_SHORT_BLOCK_LENGTH (ISC_SHA384_BLOCK_LENGTH - 16)
131 #define ISC_SHA512_SHORT_BLOCK_LENGTH (ISC_SHA512_BLOCK_LENGTH - 16)
132
133
134 /*** ENDIAN REVERSAL MACROS *******************************************/
135 #if BYTE_ORDER == LITTLE_ENDIAN
136 #define REVERSE32(w,x) { \
137 isc_uint32_t tmp = (w); \
138 tmp = (tmp >> 16) | (tmp << 16); \
139 (x) = ((tmp & 0xff00ff00UL) >> 8) | ((tmp & 0x00ff00ffUL) << 8); \
140 }
141 #ifdef WIN32
142 #define REVERSE64(w,x) { \
143 isc_uint64_t tmp = (w); \
144 tmp = (tmp >> 32) | (tmp << 32); \
145 tmp = ((tmp & 0xff00ff00ff00ff00UL) >> 8) | \
146 ((tmp & 0x00ff00ff00ff00ffUL) << 8); \
147 (x) = ((tmp & 0xffff0000ffff0000UL) >> 16) | \
148 ((tmp & 0x0000ffff0000ffffUL) << 16); \
149 }
150 #else
151 #define REVERSE64(w,x) { \
152 isc_uint64_t tmp = (w); \
153 tmp = (tmp >> 32) | (tmp << 32); \
154 tmp = ((tmp & 0xff00ff00ff00ff00ULL) >> 8) | \
155 ((tmp & 0x00ff00ff00ff00ffULL) << 8); \
156 (x) = ((tmp & 0xffff0000ffff0000ULL) >> 16) | \
157 ((tmp & 0x0000ffff0000ffffULL) << 16); \
158 }
159 #endif
160 #endif /* BYTE_ORDER == LITTLE_ENDIAN */
161
162 /*
163 * Macro for incrementally adding the unsigned 64-bit integer n to the
164 * unsigned 128-bit integer (represented using a two-element array of
165 * 64-bit words):
166 */
167 #define ADDINC128(w,n) { \
168 (w)[0] += (isc_uint64_t)(n); \
169 if ((w)[0] < (n)) { \
170 (w)[1]++; \
171 } \
172 }
173
174 /*** THE SIX LOGICAL FUNCTIONS ****************************************/
175 /*
176 * Bit shifting and rotation (used by the six SHA-XYZ logical functions:
177 *
178 * NOTE: The naming of R and S appears backwards here (R is a SHIFT and
179 * S is a ROTATION) because the SHA-256/384/512 description document
180 * (see http://csrc.nist.gov/cryptval/shs/sha256-384-512.pdf) uses this
181 * same "backwards" definition.
182 */
183 /* Shift-right (used in SHA-256, SHA-384, and SHA-512): */
184 #define R(b,x) ((x) >> (b))
185 /* 32-bit Rotate-right (used in SHA-256): */
186 #define S32(b,x) (((x) >> (b)) | ((x) << (32 - (b))))
187 /* 64-bit Rotate-right (used in SHA-384 and SHA-512): */
188 #define S64(b,x) (((x) >> (b)) | ((x) << (64 - (b))))
189
190 /* Two of six logical functions used in SHA-256, SHA-384, and SHA-512: */
191 #define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z)))
192 #define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
193
194 /* Four of six logical functions used in SHA-256: */
195 #define Sigma0_256(x) (S32(2, (x)) ^ S32(13, (x)) ^ S32(22, (x)))
196 #define Sigma1_256(x) (S32(6, (x)) ^ S32(11, (x)) ^ S32(25, (x)))
197 #define sigma0_256(x) (S32(7, (x)) ^ S32(18, (x)) ^ R(3 , (x)))
198 #define sigma1_256(x) (S32(17, (x)) ^ S32(19, (x)) ^ R(10, (x)))
199
200 /* Four of six logical functions used in SHA-384 and SHA-512: */
201 #define Sigma0_512(x) (S64(28, (x)) ^ S64(34, (x)) ^ S64(39, (x)))
202 #define Sigma1_512(x) (S64(14, (x)) ^ S64(18, (x)) ^ S64(41, (x)))
203 #define sigma0_512(x) (S64( 1, (x)) ^ S64( 8, (x)) ^ R( 7, (x)))
204 #define sigma1_512(x) (S64(19, (x)) ^ S64(61, (x)) ^ R( 6, (x)))
205
206 /*** INTERNAL FUNCTION PROTOTYPES *************************************/
207 /* NOTE: These should not be accessed directly from outside this
208 * library -- they are intended for private internal visibility/use
209 * only.
210 */
211 void isc_sha512_last(isc_sha512_t *);
212 void isc_sha256_transform(isc_sha256_t *, const isc_uint32_t*);
213 void isc_sha512_transform(isc_sha512_t *, const isc_uint64_t*);
214
215
216 /*** SHA-XYZ INITIAL HASH VALUES AND CONSTANTS ************************/
217 /* Hash constant words K for SHA-224 and SHA-256: */
218 static const isc_uint32_t K256[64] = {
219 0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL,
220 0x3956c25bUL, 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL,
221 0xd807aa98UL, 0x12835b01UL, 0x243185beUL, 0x550c7dc3UL,
222 0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL, 0xc19bf174UL,
223 0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL,
224 0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL,
225 0x983e5152UL, 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL,
226 0xc6e00bf3UL, 0xd5a79147UL, 0x06ca6351UL, 0x14292967UL,
227 0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL, 0x53380d13UL,
228 0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL,
229 0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL,
230 0xd192e819UL, 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL,
231 0x19a4c116UL, 0x1e376c08UL, 0x2748774cUL, 0x34b0bcb5UL,
232 0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL, 0x682e6ff3UL,
233 0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL,
234 0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL
235 };
236
237 /* Initial hash value H for SHA-224: */
238 static const isc_uint32_t sha224_initial_hash_value[8] = {
239 0xc1059ed8UL,
240 0x367cd507UL,
241 0x3070dd17UL,
242 0xf70e5939UL,
243 0xffc00b31UL,
244 0x68581511UL,
245 0x64f98fa7UL,
246 0xbefa4fa4UL
247 };
248
249 /* Initial hash value H for SHA-256: */
250 static const isc_uint32_t sha256_initial_hash_value[8] = {
251 0x6a09e667UL,
252 0xbb67ae85UL,
253 0x3c6ef372UL,
254 0xa54ff53aUL,
255 0x510e527fUL,
256 0x9b05688cUL,
257 0x1f83d9abUL,
258 0x5be0cd19UL
259 };
260
261 #ifdef WIN32
262 /* Hash constant words K for SHA-384 and SHA-512: */
263 static const isc_uint64_t K512[80] = {
264 0x428a2f98d728ae22UL, 0x7137449123ef65cdUL,
265 0xb5c0fbcfec4d3b2fUL, 0xe9b5dba58189dbbcUL,
266 0x3956c25bf348b538UL, 0x59f111f1b605d019UL,
267 0x923f82a4af194f9bUL, 0xab1c5ed5da6d8118UL,
268 0xd807aa98a3030242UL, 0x12835b0145706fbeUL,
269 0x243185be4ee4b28cUL, 0x550c7dc3d5ffb4e2UL,
270 0x72be5d74f27b896fUL, 0x80deb1fe3b1696b1UL,
271 0x9bdc06a725c71235UL, 0xc19bf174cf692694UL,
272 0xe49b69c19ef14ad2UL, 0xefbe4786384f25e3UL,
273 0x0fc19dc68b8cd5b5UL, 0x240ca1cc77ac9c65UL,
274 0x2de92c6f592b0275UL, 0x4a7484aa6ea6e483UL,
275 0x5cb0a9dcbd41fbd4UL, 0x76f988da831153b5UL,
276 0x983e5152ee66dfabUL, 0xa831c66d2db43210UL,
277 0xb00327c898fb213fUL, 0xbf597fc7beef0ee4UL,
278 0xc6e00bf33da88fc2UL, 0xd5a79147930aa725UL,
279 0x06ca6351e003826fUL, 0x142929670a0e6e70UL,
280 0x27b70a8546d22ffcUL, 0x2e1b21385c26c926UL,
281 0x4d2c6dfc5ac42aedUL, 0x53380d139d95b3dfUL,
282 0x650a73548baf63deUL, 0x766a0abb3c77b2a8UL,
283 0x81c2c92e47edaee6UL, 0x92722c851482353bUL,
284 0xa2bfe8a14cf10364UL, 0xa81a664bbc423001UL,
285 0xc24b8b70d0f89791UL, 0xc76c51a30654be30UL,
286 0xd192e819d6ef5218UL, 0xd69906245565a910UL,
287 0xf40e35855771202aUL, 0x106aa07032bbd1b8UL,
288 0x19a4c116b8d2d0c8UL, 0x1e376c085141ab53UL,
289 0x2748774cdf8eeb99UL, 0x34b0bcb5e19b48a8UL,
290 0x391c0cb3c5c95a63UL, 0x4ed8aa4ae3418acbUL,
291 0x5b9cca4f7763e373UL, 0x682e6ff3d6b2b8a3UL,
292 0x748f82ee5defb2fcUL, 0x78a5636f43172f60UL,
293 0x84c87814a1f0ab72UL, 0x8cc702081a6439ecUL,
294 0x90befffa23631e28UL, 0xa4506cebde82bde9UL,
295 0xbef9a3f7b2c67915UL, 0xc67178f2e372532bUL,
296 0xca273eceea26619cUL, 0xd186b8c721c0c207UL,
297 0xeada7dd6cde0eb1eUL, 0xf57d4f7fee6ed178UL,
298 0x06f067aa72176fbaUL, 0x0a637dc5a2c898a6UL,
299 0x113f9804bef90daeUL, 0x1b710b35131c471bUL,
300 0x28db77f523047d84UL, 0x32caab7b40c72493UL,
301 0x3c9ebe0a15c9bebcUL, 0x431d67c49c100d4cUL,
302 0x4cc5d4becb3e42b6UL, 0x597f299cfc657e2aUL,
303 0x5fcb6fab3ad6faecUL, 0x6c44198c4a475817UL
304 };
305
306 /* Initial hash value H for SHA-384: */
307 static const isc_uint64_t sha384_initial_hash_value[8] = {
308 0xcbbb9d5dc1059ed8UL,
309 0x629a292a367cd507UL,
310 0x9159015a3070dd17UL,
311 0x152fecd8f70e5939UL,
312 0x67332667ffc00b31UL,
313 0x8eb44a8768581511UL,
314 0xdb0c2e0d64f98fa7UL,
315 0x47b5481dbefa4fa4UL
316 };
317
318 /* Initial hash value H for SHA-512: */
319 static const isc_uint64_t sha512_initial_hash_value[8] = {
320 0x6a09e667f3bcc908U,
321 0xbb67ae8584caa73bUL,
322 0x3c6ef372fe94f82bUL,
323 0xa54ff53a5f1d36f1UL,
324 0x510e527fade682d1UL,
325 0x9b05688c2b3e6c1fUL,
326 0x1f83d9abfb41bd6bUL,
327 0x5be0cd19137e2179UL
328 };
329 #else
330 /* Hash constant words K for SHA-384 and SHA-512: */
331 static const isc_uint64_t K512[80] = {
332 0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL,
333 0xb5c0fbcfec4d3b2fULL, 0xe9b5dba58189dbbcULL,
334 0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL,
335 0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL,
336 0xd807aa98a3030242ULL, 0x12835b0145706fbeULL,
337 0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL,
338 0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL,
339 0x9bdc06a725c71235ULL, 0xc19bf174cf692694ULL,
340 0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL,
341 0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL,
342 0x2de92c6f592b0275ULL, 0x4a7484aa6ea6e483ULL,
343 0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL,
344 0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL,
345 0xb00327c898fb213fULL, 0xbf597fc7beef0ee4ULL,
346 0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL,
347 0x06ca6351e003826fULL, 0x142929670a0e6e70ULL,
348 0x27b70a8546d22ffcULL, 0x2e1b21385c26c926ULL,
349 0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL,
350 0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL,
351 0x81c2c92e47edaee6ULL, 0x92722c851482353bULL,
352 0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL,
353 0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL,
354 0xd192e819d6ef5218ULL, 0xd69906245565a910ULL,
355 0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL,
356 0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL,
357 0x2748774cdf8eeb99ULL, 0x34b0bcb5e19b48a8ULL,
358 0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL,
359 0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL,
360 0x748f82ee5defb2fcULL, 0x78a5636f43172f60ULL,
361 0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL,
362 0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL,
363 0xbef9a3f7b2c67915ULL, 0xc67178f2e372532bULL,
364 0xca273eceea26619cULL, 0xd186b8c721c0c207ULL,
365 0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL,
366 0x06f067aa72176fbaULL, 0x0a637dc5a2c898a6ULL,
367 0x113f9804bef90daeULL, 0x1b710b35131c471bULL,
368 0x28db77f523047d84ULL, 0x32caab7b40c72493ULL,
369 0x3c9ebe0a15c9bebcULL, 0x431d67c49c100d4cULL,
370 0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL,
371 0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL
372 };
373
374 /* Initial hash value H for SHA-384: */
375 static const isc_uint64_t sha384_initial_hash_value[8] = {
376 0xcbbb9d5dc1059ed8ULL,
377 0x629a292a367cd507ULL,
378 0x9159015a3070dd17ULL,
379 0x152fecd8f70e5939ULL,
380 0x67332667ffc00b31ULL,
381 0x8eb44a8768581511ULL,
382 0xdb0c2e0d64f98fa7ULL,
383 0x47b5481dbefa4fa4ULL
384 };
385
386 /* Initial hash value H for SHA-512: */
387 static const isc_uint64_t sha512_initial_hash_value[8] = {
388 0x6a09e667f3bcc908ULL,
389 0xbb67ae8584caa73bULL,
390 0x3c6ef372fe94f82bULL,
391 0xa54ff53a5f1d36f1ULL,
392 0x510e527fade682d1ULL,
393 0x9b05688c2b3e6c1fULL,
394 0x1f83d9abfb41bd6bULL,
395 0x5be0cd19137e2179ULL
396 };
397 #endif
398
399 /*
400 * Constant used by SHA256/384/512_End() functions for converting the
401 * digest to a readable hexadecimal character string:
402 */
403 static const char *sha2_hex_digits = "0123456789abcdef";
404
405
406
407 /*** SHA-224: *********************************************************/
408 void
409 isc_sha224_init(isc_sha224_t *context) {
410 if (context == (isc_sha256_t *)0) {
411 return;
412 }
413 memcpy(context->state, sha224_initial_hash_value,
414 ISC_SHA256_DIGESTLENGTH);
415 memset(context->buffer, 0, ISC_SHA256_BLOCK_LENGTH);
416 context->bitcount = 0;
417 }
418
419 void
420 isc_sha224_update(isc_sha224_t *context, const isc_uint8_t* data, size_t len) {
421 isc_sha256_update((isc_sha256_t *)context, data, len);
422 }
423
424 void
425 isc_sha224_final(isc_uint8_t digest[], isc_sha224_t *context) {
426 isc_uint8_t sha256_digest[ISC_SHA256_DIGESTLENGTH];
427 isc_sha256_final(sha256_digest, (isc_sha256_t *)context);
428 memcpy(digest, sha256_digest, ISC_SHA224_DIGESTLENGTH);
429 memset(sha256_digest, 0, ISC_SHA256_DIGESTLENGTH);
430 }
431
432 char *
433 isc_sha224_end(isc_sha224_t *context, char buffer[]) {
434 isc_uint8_t digest[ISC_SHA224_DIGESTLENGTH], *d = digest;
435 unsigned int i;
436
437 /* Sanity check: */
438 REQUIRE(context != (isc_sha224_t *)0);
439
440 if (buffer != (char*)0) {
441 isc_sha224_final(digest, context);
442
443 for (i = 0; i < ISC_SHA224_DIGESTLENGTH; i++) {
444 *buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4];
445 *buffer++ = sha2_hex_digits[*d & 0x0f];
446 d++;
447 }
448 *buffer = (char)0;
449 } else {
450 memset(context, 0, sizeof(context));
451 }
452 memset(digest, 0, ISC_SHA224_DIGESTLENGTH);
453 return buffer;
454 }
455
456 char*
457 isc_sha224_data(const isc_uint8_t *data, size_t len,
458 char digest[ISC_SHA224_DIGESTSTRINGLENGTH])
459 {
460 isc_sha224_t context;
461
462 isc_sha224_init(&context);
463 isc_sha224_update(&context, data, len);
464 return (isc_sha224_end(&context, digest));
465 }
466
467 /*** SHA-256: *********************************************************/
468 void
469 isc_sha256_init(isc_sha256_t *context) {
470 if (context == (isc_sha256_t *)0) {
471 return;
472 }
473 memcpy(context->state, sha256_initial_hash_value,
474 ISC_SHA256_DIGESTLENGTH);
475 memset(context->buffer, 0, ISC_SHA256_BLOCK_LENGTH);
476 context->bitcount = 0;
477 }
478
479 #ifdef ISC_SHA2_UNROLL_TRANSFORM
480
481 /* Unrolled SHA-256 round macros: */
482
483 #if BYTE_ORDER == LITTLE_ENDIAN
484
485 #define ROUND256_0_TO_15(a,b,c,d,e,f,g,h) \
486 REVERSE32(*data++, W256[j]); \
487 T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + \
488 K256[j] + W256[j]; \
489 (d) += T1; \
490 (h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \
491 j++
492
493
494 #else /* BYTE_ORDER == LITTLE_ENDIAN */
495
496 #define ROUND256_0_TO_15(a,b,c,d,e,f,g,h) \
497 T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + \
498 K256[j] + (W256[j] = *data++); \
499 (d) += T1; \
500 (h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \
501 j++
502
503 #endif /* BYTE_ORDER == LITTLE_ENDIAN */
504
505 #define ROUND256(a,b,c,d,e,f,g,h) \
506 s0 = W256[(j+1)&0x0f]; \
507 s0 = sigma0_256(s0); \
508 s1 = W256[(j+14)&0x0f]; \
509 s1 = sigma1_256(s1); \
510 T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + K256[j] + \
511 (W256[j&0x0f] += s1 + W256[(j+9)&0x0f] + s0); \
512 (d) += T1; \
513 (h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \
514 j++
515
516 void isc_sha256_transform(isc_sha256_t *context, const isc_uint32_t* data) {
517 isc_uint32_t a, b, c, d, e, f, g, h, s0, s1;
518 isc_uint32_t T1, *W256;
519 int j;
520
521 W256 = (isc_uint32_t*)context->buffer;
522
523 /* Initialize registers with the prev. intermediate value */
524 a = context->state[0];
525 b = context->state[1];
526 c = context->state[2];
527 d = context->state[3];
528 e = context->state[4];
529 f = context->state[5];
530 g = context->state[6];
531 h = context->state[7];
532
533 j = 0;
534 do {
535 /* Rounds 0 to 15 (unrolled): */
536 ROUND256_0_TO_15(a,b,c,d,e,f,g,h);
537 ROUND256_0_TO_15(h,a,b,c,d,e,f,g);
538 ROUND256_0_TO_15(g,h,a,b,c,d,e,f);
539 ROUND256_0_TO_15(f,g,h,a,b,c,d,e);
540 ROUND256_0_TO_15(e,f,g,h,a,b,c,d);
541 ROUND256_0_TO_15(d,e,f,g,h,a,b,c);
542 ROUND256_0_TO_15(c,d,e,f,g,h,a,b);
543 ROUND256_0_TO_15(b,c,d,e,f,g,h,a);
544 } while (j < 16);
545
546 /* Now for the remaining rounds to 64: */
547 do {
548 ROUND256(a,b,c,d,e,f,g,h);
549 ROUND256(h,a,b,c,d,e,f,g);
550 ROUND256(g,h,a,b,c,d,e,f);
551 ROUND256(f,g,h,a,b,c,d,e);
552 ROUND256(e,f,g,h,a,b,c,d);
553 ROUND256(d,e,f,g,h,a,b,c);
554 ROUND256(c,d,e,f,g,h,a,b);
555 ROUND256(b,c,d,e,f,g,h,a);
556 } while (j < 64);
557
558 /* Compute the current intermediate hash value */
559 context->state[0] += a;
560 context->state[1] += b;
561 context->state[2] += c;
562 context->state[3] += d;
563 context->state[4] += e;
564 context->state[5] += f;
565 context->state[6] += g;
566 context->state[7] += h;
567
568 /* Clean up */
569 a = b = c = d = e = f = g = h = T1 = 0;
570 }
571
572 #else /* ISC_SHA2_UNROLL_TRANSFORM */
573
574 void
575 isc_sha256_transform(isc_sha256_t *context, const isc_uint32_t* data) {
576 isc_uint32_t a, b, c, d, e, f, g, h, s0, s1;
577 isc_uint32_t T1, T2, *W256;
578 int j;
579
580 W256 = (isc_uint32_t*)context->buffer;
581
582 /* Initialize registers with the prev. intermediate value */
583 a = context->state[0];
584 b = context->state[1];
585 c = context->state[2];
586 d = context->state[3];
587 e = context->state[4];
588 f = context->state[5];
589 g = context->state[6];
590 h = context->state[7];
591
592 j = 0;
593 do {
594 #if BYTE_ORDER == LITTLE_ENDIAN
595 /* Copy data while converting to host byte order */
596 REVERSE32(*data++,W256[j]);
597 /* Apply the SHA-256 compression function to update a..h */
598 T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + W256[j];
599 #else /* BYTE_ORDER == LITTLE_ENDIAN */
600 /* Apply the SHA-256 compression function to update a..h with copy */
601 T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + (W256[j] = *data++);
602 #endif /* BYTE_ORDER == LITTLE_ENDIAN */
603 T2 = Sigma0_256(a) + Maj(a, b, c);
604 h = g;
605 g = f;
606 f = e;
607 e = d + T1;
608 d = c;
609 c = b;
610 b = a;
611 a = T1 + T2;
612
613 j++;
614 } while (j < 16);
615
616 do {
617 /* Part of the message block expansion: */
618 s0 = W256[(j+1)&0x0f];
619 s0 = sigma0_256(s0);
620 s1 = W256[(j+14)&0x0f];
621 s1 = sigma1_256(s1);
622
623 /* Apply the SHA-256 compression function to update a..h */
624 T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] +
625 (W256[j&0x0f] += s1 + W256[(j+9)&0x0f] + s0);
626 T2 = Sigma0_256(a) + Maj(a, b, c);
627 h = g;
628 g = f;
629 f = e;
630 e = d + T1;
631 d = c;
632 c = b;
633 b = a;
634 a = T1 + T2;
635
636 j++;
637 } while (j < 64);
638
639 /* Compute the current intermediate hash value */
640 context->state[0] += a;
641 context->state[1] += b;
642 context->state[2] += c;
643 context->state[3] += d;
644 context->state[4] += e;
645 context->state[5] += f;
646 context->state[6] += g;
647 context->state[7] += h;
648
649 /* Clean up */
650 a = b = c = d = e = f = g = h = T1 = T2 = 0;
651 }
652
653 #endif /* ISC_SHA2_UNROLL_TRANSFORM */
654
655 void
656 isc_sha256_update(isc_sha256_t *context, const isc_uint8_t *data, size_t len) {
657 unsigned int freespace, usedspace;
658
659 if (len == 0U) {
660 /* Calling with no data is valid - we do nothing */
661 return;
662 }
663
664 /* Sanity check: */
665 REQUIRE(context != (isc_sha256_t *)0 && data != (isc_uint8_t*)0);
666
667 usedspace = (unsigned int)((context->bitcount >> 3) %
668 ISC_SHA256_BLOCK_LENGTH);
669 if (usedspace > 0) {
670 /* Calculate how much free space is available in the buffer */
671 freespace = ISC_SHA256_BLOCK_LENGTH - usedspace;
672
673 if (len >= freespace) {
674 /* Fill the buffer completely and process it */
675 memcpy(&context->buffer[usedspace], data, freespace);
676 context->bitcount += freespace << 3;
677 len -= freespace;
678 data += freespace;
679 isc_sha256_transform(context,
680 (isc_uint32_t*)context->buffer);
681 } else {
682 /* The buffer is not yet full */
683 memcpy(&context->buffer[usedspace], data, len);
684 context->bitcount += len << 3;
685 /* Clean up: */
686 usedspace = freespace = 0;
687 return;
688 }
689 }
690 while (len >= ISC_SHA256_BLOCK_LENGTH) {
691 /* Process as many complete blocks as we can */
692 memcpy(context->buffer, data, ISC_SHA256_BLOCK_LENGTH);
693 isc_sha256_transform(context, (isc_uint32_t*)context->buffer);
694 context->bitcount += ISC_SHA256_BLOCK_LENGTH << 3;
695 len -= ISC_SHA256_BLOCK_LENGTH;
696 data += ISC_SHA256_BLOCK_LENGTH;
697 }
698 if (len > 0U) {
699 /* There's left-overs, so save 'em */
700 memcpy(context->buffer, data, len);
701 context->bitcount += len << 3;
702 }
703 /* Clean up: */
704 usedspace = freespace = 0;
705 }
706
707 void
708 isc_sha256_final(isc_uint8_t digest[], isc_sha256_t *context) {
709 isc_uint32_t *d = (isc_uint32_t*)digest;
710 unsigned int usedspace;
711
712 /* Sanity check: */
713 REQUIRE(context != (isc_sha256_t *)0);
714
715 /* If no digest buffer is passed, we don't bother doing this: */
716 if (digest != (isc_uint8_t*)0) {
717 usedspace = (unsigned int)((context->bitcount >> 3) %
718 ISC_SHA256_BLOCK_LENGTH);
719 #if BYTE_ORDER == LITTLE_ENDIAN
720 /* Convert FROM host byte order */
721 REVERSE64(context->bitcount,context->bitcount);
722 #endif
723 if (usedspace > 0) {
724 /* Begin padding with a 1 bit: */
725 context->buffer[usedspace++] = 0x80;
726
727 if (usedspace <= ISC_SHA256_SHORT_BLOCK_LENGTH) {
728 /* Set-up for the last transform: */
729 memset(&context->buffer[usedspace], 0,
730 ISC_SHA256_SHORT_BLOCK_LENGTH - usedspace);
731 } else {
732 if (usedspace < ISC_SHA256_BLOCK_LENGTH) {
733 memset(&context->buffer[usedspace], 0,
734 ISC_SHA256_BLOCK_LENGTH -
735 usedspace);
736 }
737 /* Do second-to-last transform: */
738 isc_sha256_transform(context,
739 (isc_uint32_t*)context->buffer);
740
741 /* And set-up for the last transform: */
742 memset(context->buffer, 0,
743 ISC_SHA256_SHORT_BLOCK_LENGTH);
744 }
745 } else {
746 /* Set-up for the last transform: */
747 memset(context->buffer, 0, ISC_SHA256_SHORT_BLOCK_LENGTH);
748
749 /* Begin padding with a 1 bit: */
750 *context->buffer = 0x80;
751 }
752 /* Set the bit count: */
753 *(isc_uint64_t*)&context->buffer[ISC_SHA256_SHORT_BLOCK_LENGTH] = context->bitcount;
754
755 /* Final transform: */
756 isc_sha256_transform(context, (isc_uint32_t*)context->buffer);
757
758 #if BYTE_ORDER == LITTLE_ENDIAN
759 {
760 /* Convert TO host byte order */
761 int j;
762 for (j = 0; j < 8; j++) {
763 REVERSE32(context->state[j],context->state[j]);
764 *d++ = context->state[j];
765 }
766 }
767 #else
768 memcpy(d, context->state, ISC_SHA256_DIGESTLENGTH);
769 #endif
770 }
771
772 /* Clean up state data: */
773 memset(context, 0, sizeof(context));
774 usedspace = 0;
775 }
776
777 char *
778 isc_sha256_end(isc_sha256_t *context, char buffer[]) {
779 isc_uint8_t digest[ISC_SHA256_DIGESTLENGTH], *d = digest;
780 unsigned int i;
781
782 /* Sanity check: */
783 REQUIRE(context != (isc_sha256_t *)0);
784
785 if (buffer != (char*)0) {
786 isc_sha256_final(digest, context);
787
788 for (i = 0; i < ISC_SHA256_DIGESTLENGTH; i++) {
789 *buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4];
790 *buffer++ = sha2_hex_digits[*d & 0x0f];
791 d++;
792 }
793 *buffer = (char)0;
794 } else {
795 memset(context, 0, sizeof(context));
796 }
797 memset(digest, 0, ISC_SHA256_DIGESTLENGTH);
798 return buffer;
799 }
800
801 char *
802 isc_sha256_data(const isc_uint8_t* data, size_t len,
803 char digest[ISC_SHA256_DIGESTSTRINGLENGTH])
804 {
805 isc_sha256_t context;
806
807 isc_sha256_init(&context);
808 isc_sha256_update(&context, data, len);
809 return (isc_sha256_end(&context, digest));
810 }
811
812
813 /*** SHA-512: *********************************************************/
814 void
815 isc_sha512_init(isc_sha512_t *context) {
816 if (context == (isc_sha512_t *)0) {
817 return;
818 }
819 memcpy(context->state, sha512_initial_hash_value,
820 ISC_SHA512_DIGESTLENGTH);
821 memset(context->buffer, 0, ISC_SHA512_BLOCK_LENGTH);
822 context->bitcount[0] = context->bitcount[1] = 0;
823 }
824
825 #ifdef ISC_SHA2_UNROLL_TRANSFORM
826
827 /* Unrolled SHA-512 round macros: */
828 #if BYTE_ORDER == LITTLE_ENDIAN
829
830 #define ROUND512_0_TO_15(a,b,c,d,e,f,g,h) \
831 REVERSE64(*data++, W512[j]); \
832 T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + \
833 K512[j] + W512[j]; \
834 (d) += T1, \
835 (h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)), \
836 j++
837
838
839 #else /* BYTE_ORDER == LITTLE_ENDIAN */
840
841 #define ROUND512_0_TO_15(a,b,c,d,e,f,g,h) \
842 T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + \
843 K512[j] + (W512[j] = *data++); \
844 (d) += T1; \
845 (h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)); \
846 j++
847
848 #endif /* BYTE_ORDER == LITTLE_ENDIAN */
849
850 #define ROUND512(a,b,c,d,e,f,g,h) \
851 s0 = W512[(j+1)&0x0f]; \
852 s0 = sigma0_512(s0); \
853 s1 = W512[(j+14)&0x0f]; \
854 s1 = sigma1_512(s1); \
855 T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + K512[j] + \
856 (W512[j&0x0f] += s1 + W512[(j+9)&0x0f] + s0); \
857 (d) += T1; \
858 (h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)); \
859 j++
860
861 void isc_sha512_transform(isc_sha512_t *context, const isc_uint64_t* data) {
862 isc_uint64_t a, b, c, d, e, f, g, h, s0, s1;
863 isc_uint64_t T1, *W512 = (isc_uint64_t*)context->buffer;
864 int j;
865
866 /* Initialize registers with the prev. intermediate value */
867 a = context->state[0];
868 b = context->state[1];
869 c = context->state[2];
870 d = context->state[3];
871 e = context->state[4];
872 f = context->state[5];
873 g = context->state[6];
874 h = context->state[7];
875
876 j = 0;
877 do {
878 ROUND512_0_TO_15(a,b,c,d,e,f,g,h);
879 ROUND512_0_TO_15(h,a,b,c,d,e,f,g);
880 ROUND512_0_TO_15(g,h,a,b,c,d,e,f);
881 ROUND512_0_TO_15(f,g,h,a,b,c,d,e);
882 ROUND512_0_TO_15(e,f,g,h,a,b,c,d);
883 ROUND512_0_TO_15(d,e,f,g,h,a,b,c);
884 ROUND512_0_TO_15(c,d,e,f,g,h,a,b);
885 ROUND512_0_TO_15(b,c,d,e,f,g,h,a);
886 } while (j < 16);
887
888 /* Now for the remaining rounds up to 79: */
889 do {
890 ROUND512(a,b,c,d,e,f,g,h);
891 ROUND512(h,a,b,c,d,e,f,g);
892 ROUND512(g,h,a,b,c,d,e,f);
893 ROUND512(f,g,h,a,b,c,d,e);
894 ROUND512(e,f,g,h,a,b,c,d);
895 ROUND512(d,e,f,g,h,a,b,c);
896 ROUND512(c,d,e,f,g,h,a,b);
897 ROUND512(b,c,d,e,f,g,h,a);
898 } while (j < 80);
899
900 /* Compute the current intermediate hash value */
901 context->state[0] += a;
902 context->state[1] += b;
903 context->state[2] += c;
904 context->state[3] += d;
905 context->state[4] += e;
906 context->state[5] += f;
907 context->state[6] += g;
908 context->state[7] += h;
909
910 /* Clean up */
911 a = b = c = d = e = f = g = h = T1 = 0;
912 }
913
914 #else /* ISC_SHA2_UNROLL_TRANSFORM */
915
916 void
917 isc_sha512_transform(isc_sha512_t *context, const isc_uint64_t* data) {
918 isc_uint64_t a, b, c, d, e, f, g, h, s0, s1;
919 isc_uint64_t T1, T2, *W512 = (isc_uint64_t*)context->buffer;
920 int j;
921
922 /* Initialize registers with the prev. intermediate value */
923 a = context->state[0];
924 b = context->state[1];
925 c = context->state[2];
926 d = context->state[3];
927 e = context->state[4];
928 f = context->state[5];
929 g = context->state[6];
930 h = context->state[7];
931
932 j = 0;
933 do {
934 #if BYTE_ORDER == LITTLE_ENDIAN
935 /* Convert TO host byte order */
936 REVERSE64(*data++, W512[j]);
937 /* Apply the SHA-512 compression function to update a..h */
938 T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + W512[j];
939 #else /* BYTE_ORDER == LITTLE_ENDIAN */
940 /* Apply the SHA-512 compression function to update a..h with copy */
941 T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + (W512[j] = *data++);
942 #endif /* BYTE_ORDER == LITTLE_ENDIAN */
943 T2 = Sigma0_512(a) + Maj(a, b, c);
944 h = g;
945 g = f;
946 f = e;
947 e = d + T1;
948 d = c;
949 c = b;
950 b = a;
951 a = T1 + T2;
952
953 j++;
954 } while (j < 16);
955
956 do {
957 /* Part of the message block expansion: */
958 s0 = W512[(j+1)&0x0f];
959 s0 = sigma0_512(s0);
960 s1 = W512[(j+14)&0x0f];
961 s1 = sigma1_512(s1);
962
963 /* Apply the SHA-512 compression function to update a..h */
964 T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] +
965 (W512[j&0x0f] += s1 + W512[(j+9)&0x0f] + s0);
966 T2 = Sigma0_512(a) + Maj(a, b, c);
967 h = g;
968 g = f;
969 f = e;
970 e = d + T1;
971 d = c;
972 c = b;
973 b = a;
974 a = T1 + T2;
975
976 j++;
977 } while (j < 80);
978
979 /* Compute the current intermediate hash value */
980 context->state[0] += a;
981 context->state[1] += b;
982 context->state[2] += c;
983 context->state[3] += d;
984 context->state[4] += e;
985 context->state[5] += f;
986 context->state[6] += g;
987 context->state[7] += h;
988
989 /* Clean up */
990 a = b = c = d = e = f = g = h = T1 = T2 = 0;
991 }
992
993 #endif /* ISC_SHA2_UNROLL_TRANSFORM */
994
995 void isc_sha512_update(isc_sha512_t *context, const isc_uint8_t *data, size_t len) {
996 unsigned int freespace, usedspace;
997
998 if (len == 0U) {
999 /* Calling with no data is valid - we do nothing */
1000 return;
1001 }
1002
1003 /* Sanity check: */
1004 REQUIRE(context != (isc_sha512_t *)0 && data != (isc_uint8_t*)0);
1005
1006 usedspace = (unsigned int)((context->bitcount[0] >> 3) %
1007 ISC_SHA512_BLOCK_LENGTH);
1008 if (usedspace > 0) {
1009 /* Calculate how much free space is available in the buffer */
1010 freespace = ISC_SHA512_BLOCK_LENGTH - usedspace;
1011
1012 if (len >= freespace) {
1013 /* Fill the buffer completely and process it */
1014 memcpy(&context->buffer[usedspace], data, freespace);
1015 ADDINC128(context->bitcount, freespace << 3);
1016 len -= freespace;
1017 data += freespace;
1018 isc_sha512_transform(context,
1019 (isc_uint64_t*)context->buffer);
1020 } else {
1021 /* The buffer is not yet full */
1022 memcpy(&context->buffer[usedspace], data, len);
1023 ADDINC128(context->bitcount, len << 3);
1024 /* Clean up: */
1025 usedspace = freespace = 0;
1026 return;
1027 }
1028 }
1029 while (len >= ISC_SHA512_BLOCK_LENGTH) {
1030 /* Process as many complete blocks as we can */
1031 memcpy(context->buffer, data, ISC_SHA512_BLOCK_LENGTH);
1032 isc_sha512_transform(context, (isc_uint64_t*)context->buffer);
1033 ADDINC128(context->bitcount, ISC_SHA512_BLOCK_LENGTH << 3);
1034 len -= ISC_SHA512_BLOCK_LENGTH;
1035 data += ISC_SHA512_BLOCK_LENGTH;
1036 }
1037 if (len > 0U) {
1038 /* There's left-overs, so save 'em */
1039 memcpy(context->buffer, data, len);
1040 ADDINC128(context->bitcount, len << 3);
1041 }
1042 /* Clean up: */
1043 usedspace = freespace = 0;
1044 }
1045
1046 void isc_sha512_last(isc_sha512_t *context) {
1047 unsigned int usedspace;
1048
1049 usedspace = (unsigned int)((context->bitcount[0] >> 3) %
1050 ISC_SHA512_BLOCK_LENGTH);
1051 #if BYTE_ORDER == LITTLE_ENDIAN
1052 /* Convert FROM host byte order */
1053 REVERSE64(context->bitcount[0],context->bitcount[0]);
1054 REVERSE64(context->bitcount[1],context->bitcount[1]);
1055 #endif
1056 if (usedspace > 0) {
1057 /* Begin padding with a 1 bit: */
1058 context->buffer[usedspace++] = 0x80;
1059
1060 if (usedspace <= ISC_SHA512_SHORT_BLOCK_LENGTH) {
1061 /* Set-up for the last transform: */
1062 memset(&context->buffer[usedspace], 0,
1063 ISC_SHA512_SHORT_BLOCK_LENGTH - usedspace);
1064 } else {
1065 if (usedspace < ISC_SHA512_BLOCK_LENGTH) {
1066 memset(&context->buffer[usedspace], 0,
1067 ISC_SHA512_BLOCK_LENGTH - usedspace);
1068 }
1069 /* Do second-to-last transform: */
1070 isc_sha512_transform(context,
1071 (isc_uint64_t*)context->buffer);
1072
1073 /* And set-up for the last transform: */
1074 memset(context->buffer, 0, ISC_SHA512_BLOCK_LENGTH - 2);
1075 }
1076 } else {
1077 /* Prepare for final transform: */
1078 memset(context->buffer, 0, ISC_SHA512_SHORT_BLOCK_LENGTH);
1079
1080 /* Begin padding with a 1 bit: */
1081 *context->buffer = 0x80;
1082 }
1083 /* Store the length of input data (in bits): */
1084 *(isc_uint64_t*)&context->buffer[ISC_SHA512_SHORT_BLOCK_LENGTH] = context->bitcount[1];
1085 *(isc_uint64_t*)&context->buffer[ISC_SHA512_SHORT_BLOCK_LENGTH+8] = context->bitcount[0];
1086
1087 /* Final transform: */
1088 isc_sha512_transform(context, (isc_uint64_t*)context->buffer);
1089 }
1090
1091 void isc_sha512_final(isc_uint8_t digest[], isc_sha512_t *context) {
1092 isc_uint64_t *d = (isc_uint64_t*)digest;
1093
1094 /* Sanity check: */
1095 REQUIRE(context != (isc_sha512_t *)0);
1096
1097 /* If no digest buffer is passed, we don't bother doing this: */
1098 if (digest != (isc_uint8_t*)0) {
1099 isc_sha512_last(context);
1100
1101 /* Save the hash data for output: */
1102 #if BYTE_ORDER == LITTLE_ENDIAN
1103 {
1104 /* Convert TO host byte order */
1105 int j;
1106 for (j = 0; j < 8; j++) {
1107 REVERSE64(context->state[j],context->state[j]);
1108 *d++ = context->state[j];
1109 }
1110 }
1111 #else
1112 memcpy(d, context->state, ISC_SHA512_DIGESTLENGTH);
1113 #endif
1114 }
1115
1116 /* Zero out state data */
1117 memset(context, 0, sizeof(context));
1118 }
1119
1120 char *
1121 isc_sha512_end(isc_sha512_t *context, char buffer[]) {
1122 isc_uint8_t digest[ISC_SHA512_DIGESTLENGTH], *d = digest;
1123 unsigned int i;
1124
1125 /* Sanity check: */
1126 REQUIRE(context != (isc_sha512_t *)0);
1127
1128 if (buffer != (char*)0) {
1129 isc_sha512_final(digest, context);
1130
1131 for (i = 0; i < ISC_SHA512_DIGESTLENGTH; i++) {
1132 *buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4];
1133 *buffer++ = sha2_hex_digits[*d & 0x0f];
1134 d++;
1135 }
1136 *buffer = (char)0;
1137 } else {
1138 memset(context, 0, sizeof(context));
1139 }
1140 memset(digest, 0, ISC_SHA512_DIGESTLENGTH);
1141 return buffer;
1142 }
1143
1144 char *
1145 isc_sha512_data(const isc_uint8_t *data, size_t len,
1146 char digest[ISC_SHA512_DIGESTSTRINGLENGTH])
1147 {
1148 isc_sha512_t context;
1149
1150 isc_sha512_init(&context);
1151 isc_sha512_update(&context, data, len);
1152 return (isc_sha512_end(&context, digest));
1153 }
1154
1155
1156 /*** SHA-384: *********************************************************/
1157 void
1158 isc_sha384_init(isc_sha384_t *context) {
1159 if (context == (isc_sha384_t *)0) {
1160 return;
1161 }
1162 memcpy(context->state, sha384_initial_hash_value,
1163 ISC_SHA512_DIGESTLENGTH);
1164 memset(context->buffer, 0, ISC_SHA384_BLOCK_LENGTH);
1165 context->bitcount[0] = context->bitcount[1] = 0;
1166 }
1167
1168 void
1169 isc_sha384_update(isc_sha384_t *context, const isc_uint8_t* data, size_t len) {
1170 isc_sha512_update((isc_sha512_t *)context, data, len);
1171 }
1172
1173 void
1174 isc_sha384_final(isc_uint8_t digest[], isc_sha384_t *context) {
1175 isc_uint64_t *d = (isc_uint64_t*)digest;
1176
1177 /* Sanity check: */
1178 REQUIRE(context != (isc_sha384_t *)0);
1179
1180 /* If no digest buffer is passed, we don't bother doing this: */
1181 if (digest != (isc_uint8_t*)0) {
1182 isc_sha512_last((isc_sha512_t *)context);
1183
1184 /* Save the hash data for output: */
1185 #if BYTE_ORDER == LITTLE_ENDIAN
1186 {
1187 /* Convert TO host byte order */
1188 int j;
1189 for (j = 0; j < 6; j++) {
1190 REVERSE64(context->state[j],context->state[j]);
1191 *d++ = context->state[j];
1192 }
1193 }
1194 #else
1195 memcpy(d, context->state, ISC_SHA384_DIGESTLENGTH);
1196 #endif
1197 }
1198
1199 /* Zero out state data */
1200 memset(context, 0, sizeof(context));
1201 }
1202
1203 char *
1204 isc_sha384_end(isc_sha384_t *context, char buffer[]) {
1205 isc_uint8_t digest[ISC_SHA384_DIGESTLENGTH], *d = digest;
1206 unsigned int i;
1207
1208 /* Sanity check: */
1209 REQUIRE(context != (isc_sha384_t *)0);
1210
1211 if (buffer != (char*)0) {
1212 isc_sha384_final(digest, context);
1213
1214 for (i = 0; i < ISC_SHA384_DIGESTLENGTH; i++) {
1215 *buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4];
1216 *buffer++ = sha2_hex_digits[*d & 0x0f];
1217 d++;
1218 }
1219 *buffer = (char)0;
1220 } else {
1221 memset(context, 0, sizeof(context));
1222 }
1223 memset(digest, 0, ISC_SHA384_DIGESTLENGTH);
1224 return buffer;
1225 }
1226
1227 char*
1228 isc_sha384_data(const isc_uint8_t *data, size_t len,
1229 char digest[ISC_SHA384_DIGESTSTRINGLENGTH])
1230 {
1231 isc_sha384_t context;
1232
1233 isc_sha384_init(&context);
1234 isc_sha384_update(&context, data, len);
1235 return (isc_sha384_end(&context, digest));
1236 }
NetBSD on the FriendlyARM MINI2440