Lines Matching +full:sha +full:- +full:256
7 * Copyright (c) 2000-2001, Aaron D. Gifford
44 /* no-op out, similar to DEF_WEAK but only needed here */
48 #include "openbsd-compat/sha2.h"
56 * cc -DSHA2_UNROLL_TRANSFORM -o sha2 sha2.c sha2prog.c
69 /*** SHA-224/256/384/512 Machine Architecture Definitions *****************/
74 * architecture is little-endian, make sure it also defines
84 * And for little-endian machines, add:
88 * Or for big-endian machines:
102 /*** SHA-224/256/384/512 Various Length Definitions ***********************/
104 #define SHA224_SHORT_BLOCK_LENGTH (SHA224_BLOCK_LENGTH - 8)
105 #define SHA256_SHORT_BLOCK_LENGTH (SHA256_BLOCK_LENGTH - 8)
106 #define SHA384_SHORT_BLOCK_LENGTH (SHA384_BLOCK_LENGTH - 16)
107 #define SHA512_SHORT_BLOCK_LENGTH (SHA512_BLOCK_LENGTH - 16)
141 * Macro for incrementally adding the unsigned 64-bit integer n to the
142 * unsigned 128-bit integer (represented using a two-element array of
143 * 64-bit words):
154 * Bit shifting and rotation (used by the six SHA-XYZ logical functions:
157 * S is a ROTATION) because the SHA-224/256/384/512 description document
158 * (see http://csrc.nist.gov/cryptval/shs/sha256-384-512.pdf) uses this
161 /* Shift-right (used in SHA-224, SHA-256, SHA-384, and SHA-512): */
163 /* 32-bit Rotate-right (used in SHA-224 and SHA-256): */
164 #define S32(b,x) (((x) >> (b)) | ((x) << (32 - (b))))
165 /* 64-bit Rotate-right (used in SHA-384 and SHA-512): */
166 #define S64(b,x) (((x) >> (b)) | ((x) << (64 - (b))))
168 /* Two of six logical functions used in SHA-224, SHA-256, SHA-384, and SHA-512: */
172 /* Four of six logical functions used in SHA-224 and SHA-256: */
178 /* Four of six logical functions used in SHA-384 and SHA-512: */
185 /*** SHA-XYZ INITIAL HASH VALUES AND CONSTANTS ************************/
186 /* Hash constant words K for SHA-224 and SHA-256: */
206 /* Initial hash value H for SHA-256: */
218 /* Hash constant words K for SHA-384 and SHA-512: */
262 /* Initial hash value H for SHA-512 */
276 /* Initial hash value H for SHA-224: */
289 /* Initial hash value H for SHA-384 */
302 /* Initial hash value H for SHA-512-256 */
314 /*** SHA-224: *********************************************************/
318 memcpy(context->state.st32, sha224_initial_hash_value,
320 memset(context->buffer, 0, sizeof(context->buffer));
321 context->bitcount[0] = 0;
342 BE_32_TO_8(digest + i * 4, context->state.st32[i]);
344 memcpy(digest, context->state.st32, SHA224_DIGEST_LENGTH);
352 /*** SHA-256: *********************************************************/
356 memcpy(context->state.st32, sha256_initial_hash_value, in SHA256Init()
358 memset(context->buffer, 0, sizeof(context->buffer)); in SHA256Init()
359 context->bitcount[0] = 0; in SHA256Init()
365 /* Unrolled SHA-256 round macros: */
467 /* Apply the SHA-256 compression function to update a..h */ in SHA256Transform()
489 /* Apply the SHA-256 compression function to update a..h */ in SHA256Transform()
531 usedspace = (context->bitcount[0] >> 3) % SHA256_BLOCK_LENGTH; in SHA256Update()
534 freespace = SHA256_BLOCK_LENGTH - usedspace; in SHA256Update()
538 memcpy(&context->buffer[usedspace], data, freespace); in SHA256Update()
539 context->bitcount[0] += freespace << 3; in SHA256Update()
540 len -= freespace; in SHA256Update()
542 SHA256Transform(context->state.st32, context->buffer); in SHA256Update()
545 memcpy(&context->buffer[usedspace], data, len); in SHA256Update()
546 context->bitcount[0] += (u_int64_t)len << 3; in SHA256Update()
554 SHA256Transform(context->state.st32, data); in SHA256Update()
555 context->bitcount[0] += SHA256_BLOCK_LENGTH << 3; in SHA256Update()
556 len -= SHA256_BLOCK_LENGTH; in SHA256Update()
560 /* There's left-overs, so save 'em */ in SHA256Update()
561 memcpy(context->buffer, data, len); in SHA256Update()
562 context->bitcount[0] += len << 3; in SHA256Update()
574 usedspace = (context->bitcount[0] >> 3) % SHA256_BLOCK_LENGTH; in SHA256Pad()
577 context->buffer[usedspace++] = 0x80; in SHA256Pad()
580 /* Set-up for the last transform: */ in SHA256Pad()
581 memset(&context->buffer[usedspace], 0, in SHA256Pad()
582 SHA256_SHORT_BLOCK_LENGTH - usedspace); in SHA256Pad()
585 memset(&context->buffer[usedspace], 0, in SHA256Pad()
586 SHA256_BLOCK_LENGTH - usedspace); in SHA256Pad()
588 /* Do second-to-last transform: */ in SHA256Pad()
589 SHA256Transform(context->state.st32, context->buffer); in SHA256Pad()
592 memset(context->buffer, 0, SHA256_SHORT_BLOCK_LENGTH); in SHA256Pad()
595 /* Set-up for the last transform: */ in SHA256Pad()
596 memset(context->buffer, 0, SHA256_SHORT_BLOCK_LENGTH); in SHA256Pad()
599 *context->buffer = 0x80; in SHA256Pad()
602 BE_64_TO_8(&context->buffer[SHA256_SHORT_BLOCK_LENGTH], in SHA256Pad()
603 context->bitcount[0]); in SHA256Pad()
606 SHA256Transform(context->state.st32, context->buffer); in SHA256Pad()
623 BE_32_TO_8(digest + i * 4, context->state.st32[i]); in SHA256Final()
625 memcpy(digest, context->state.st32, SHA256_DIGEST_LENGTH); in SHA256Final()
632 /*** SHA-512: *********************************************************/
636 memcpy(context->state.st64, sha512_initial_hash_value, in SHA512Init()
638 memset(context->buffer, 0, sizeof(context->buffer)); in SHA512Init()
639 context->bitcount[0] = context->bitcount[1] = 0; in SHA512Init()
645 /* Unrolled SHA-512 round macros: */
748 /* Apply the SHA-512 compression function to update a..h */ in SHA512Transform()
770 /* Apply the SHA-512 compression function to update a..h */ in SHA512Transform()
812 usedspace = (context->bitcount[0] >> 3) % SHA512_BLOCK_LENGTH; in SHA512Update()
815 freespace = SHA512_BLOCK_LENGTH - usedspace; in SHA512Update()
819 memcpy(&context->buffer[usedspace], data, freespace); in SHA512Update()
820 ADDINC128(context->bitcount, freespace << 3); in SHA512Update()
821 len -= freespace; in SHA512Update()
823 SHA512Transform(context->state.st64, context->buffer); in SHA512Update()
826 memcpy(&context->buffer[usedspace], data, len); in SHA512Update()
827 ADDINC128(context->bitcount, len << 3); in SHA512Update()
835 SHA512Transform(context->state.st64, data); in SHA512Update()
836 ADDINC128(context->bitcount, SHA512_BLOCK_LENGTH << 3); in SHA512Update()
837 len -= SHA512_BLOCK_LENGTH; in SHA512Update()
841 /* There's left-overs, so save 'em */ in SHA512Update()
842 memcpy(context->buffer, data, len); in SHA512Update()
843 ADDINC128(context->bitcount, len << 3); in SHA512Update()
855 usedspace = (context->bitcount[0] >> 3) % SHA512_BLOCK_LENGTH; in SHA512Pad()
858 context->buffer[usedspace++] = 0x80; in SHA512Pad()
861 /* Set-up for the last transform: */ in SHA512Pad()
862 memset(&context->buffer[usedspace], 0, SHA512_SHORT_BLOCK_LENGTH - usedspace); in SHA512Pad()
865 memset(&context->buffer[usedspace], 0, SHA512_BLOCK_LENGTH - usedspace); in SHA512Pad()
867 /* Do second-to-last transform: */ in SHA512Pad()
868 SHA512Transform(context->state.st64, context->buffer); in SHA512Pad()
870 /* And set-up for the last transform: */ in SHA512Pad()
871 memset(context->buffer, 0, SHA512_BLOCK_LENGTH - 2); in SHA512Pad()
875 memset(context->buffer, 0, SHA512_SHORT_BLOCK_LENGTH); in SHA512Pad()
878 *context->buffer = 0x80; in SHA512Pad()
881 BE_64_TO_8(&context->buffer[SHA512_SHORT_BLOCK_LENGTH], in SHA512Pad()
882 context->bitcount[1]); in SHA512Pad()
883 BE_64_TO_8(&context->buffer[SHA512_SHORT_BLOCK_LENGTH + 8], in SHA512Pad()
884 context->bitcount[0]); in SHA512Pad()
887 SHA512Transform(context->state.st64, context->buffer); in SHA512Pad()
904 BE_64_TO_8(digest + i * 8, context->state.st64[i]); in SHA512Final()
906 memcpy(digest, context->state.st64, SHA512_DIGEST_LENGTH); in SHA512Final()
914 /*** SHA-384: *********************************************************/
918 memcpy(context->state.st64, sha384_initial_hash_value, in SHA384Init()
920 memset(context->buffer, 0, sizeof(context->buffer)); in SHA384Init()
921 context->bitcount[0] = context->bitcount[1] = 0; in SHA384Init()
932 /* Equivalent of MAKE_CLONE (which is a no-op) for SHA384 funcs */
961 BE_64_TO_8(digest + i * 8, context->state.st64[i]); in SHA384Final()
963 memcpy(digest, context->state.st64, SHA384_DIGEST_LENGTH); in SHA384Final()
971 /*** SHA-512/256: *********************************************************/
975 memcpy(context->state.st64, sha512_256_initial_hash_value,
977 memset(context->buffer, 0, sizeof(context->buffer));
978 context->bitcount[0] = context->bitcount[1] = 0;
999 BE_64_TO_8(digest + i * 8, context->state.st64[i]);
1001 memcpy(digest, context->state.st64, SHA512_256_DIGEST_LENGTH);
1010 #endif /* HAVE_SHA{256,384,512}UPDATE */