1 /*********************************************************************** 2 * * 3 * This software is part of the ast package * 4 * Copyright (c) 1996-2009 AT&T Intellectual Property * 5 * and is licensed under the * 6 * Common Public License, Version 1.0 * 7 * by AT&T Intellectual Property * 8 * * 9 * A copy of the License is available at * 10 * http://www.opensource.org/licenses/cpl1.0.txt * 11 * (with md5 checksum 059e8cd6165cb4c31e351f2b69388fd9) * 12 * * 13 * Information and Software Systems Research * 14 * AT&T Research * 15 * Florham Park NJ * 16 * * 17 * Glenn Fowler <gsf@research.att.com> * 18 * * 19 ***********************************************************************/ 20 #pragma prototyped 21 22 #if _typ_int64_t 23 24 /* 25 * Aaron D. Gifford's SHA {256,384,512} code transcribed into a -lsum method 26 */ 27 28 /* 29 * Copyright (c) 2000-2001, Aaron D. Gifford 30 * All rights reserved. 31 * 32 * Redistribution and use in source and binary forms, with or without 33 * modification, are permitted provided that the following conditions 34 * are met: 35 * 1. Redistributions of source code must retain the above copyright 36 * notice, this list of conditions and the following disclaimer. 37 * 2. Redistributions in binary form must reproduce the above copyright 38 * notice, this list of conditions and the following disclaimer in the 39 * documentation and/or other materials provided with the distribution. 40 * 3. Neither the name of the copyright holder nor the names of contributors 41 * may be used to endorse or promote products derived from this software 42 * without specific prior written permission. 43 * 44 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTOR(S) ``AS IS'' AND 45 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 46 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 47 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTOR(S) BE LIABLE 48 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 49 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 50 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 51 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 52 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 53 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 54 * SUCH DAMAGE. 55 */ 56 57 /* 58 * ASSERT NOTE: 59 * Some sanity checking code is included using assert(). On my FreeBSD 60 * system, this additional code can be removed by compiling with NDEBUG 61 * defined. Check your own systems manpage on assert() to see how to 62 * compile WITHOUT the sanity checking code on your system. 63 * 64 * UNROLLED TRANSFORM LOOP NOTE: 65 * You can define SHA2_UNROLL_TRANSFORM to use the unrolled transform 66 * loop version for the hash transform rounds (defined using macros 67 * later in this file). Either define on the command line, for example: 68 * 69 * cc -DSHA2_UNROLL_TRANSFORM -o sha2 sha2.c sha2prog.c 70 * 71 * or define below: 72 * 73 * #define SHA2_UNROLL_TRANSFORM 74 * 75 */ 76 77 /*** SHA-256/384/512 Machine Architecture Definitions *****************/ 78 79 #if _PACKAGE_ast 80 81 #ifndef __USE_BSD 82 #define __undef__USE_BSD 83 #define __USE_BSD 84 #endif 85 #include <endian.h> 86 #ifdef __undef__USE_BSD 87 #undef __undef__USE_BSD 88 #undef __USE_BSD 89 #endif 90 91 typedef uint8_t sha2_byte; /* Exactly 1 byte */ 92 typedef uint32_t sha2_word32; /* Exactly 4 bytes */ 93 typedef uint64_t sha2_word64; /* Exactly 8 bytes */ 94 95 #define assert(x) 96 97 #undef R 98 #undef S32 99 #undef S64 100 101 #else /* _PACKAGE_ast */ 102 103 /* 104 * BYTE_ORDER NOTE: 105 * 106 * Please make sure that your system defines BYTE_ORDER. If your 107 * architecture is little-endian, make sure it also defines 108 * LITTLE_ENDIAN and that the two (BYTE_ORDER and LITTLE_ENDIAN) are 109 * equivilent. 110 * 111 * If your system does not define the above, then you can do so by 112 * hand like this: 113 * 114 * #define LITTLE_ENDIAN 1234 115 * #define BIG_ENDIAN 4321 116 * 117 * And for little-endian machines, add: 118 * 119 * #define BYTE_ORDER LITTLE_ENDIAN 120 * 121 * Or for big-endian machines: 122 * 123 * #define BYTE_ORDER BIG_ENDIAN 124 * 125 * The FreeBSD machine this was written on defines BYTE_ORDER 126 * appropriately by including <sys/types.h> (which in turn includes 127 * <machine/endian.h> where the appropriate definitions are actually 128 * made). 129 */ 130 131 #if !defined(BYTE_ORDER) || (BYTE_ORDER != LITTLE_ENDIAN && BYTE_ORDER != BIG_ENDIAN) 132 #error Define BYTE_ORDER to be equal to either LITTLE_ENDIAN or BIG_ENDIAN 133 #endif 134 135 /* 136 * Define the following sha2_* types to types of the correct length on 137 * the native archtecture. Most BSD systems and Linux define u_intXX_t 138 * types. Machines with very recent ANSI C headers, can use the 139 * uintXX_t definintions from inttypes.h by defining SHA2_USE_INTTYPES_H 140 * during compile or in the sha.h header file. 141 * 142 * Machines that support neither u_intXX_t nor inttypes.h's uintXX_t 143 * will need to define these three typedefs below (and the appropriate 144 * ones in sha.h too) by hand according to their system architecture. 145 * 146 * Thank you, Jun-ichiro itojun Hagino, for suggesting using u_intXX_t 147 * types and pointing out recent ANSI C support for uintXX_t in inttypes.h. 148 */ 149 150 #ifdef SHA2_USE_INTTYPES_H 151 152 typedef uint8_t sha2_byte; /* Exactly 1 byte */ 153 typedef uint32_t sha2_word32; /* Exactly 4 bytes */ 154 typedef uint64_t sha2_word64; /* Exactly 8 bytes */ 155 156 #else /* SHA2_USE_INTTYPES_H */ 157 158 typedef u_int8_t sha2_byte; /* Exactly 1 byte */ 159 typedef u_int32_t sha2_word32; /* Exactly 4 bytes */ 160 typedef u_int64_t sha2_word64; /* Exactly 8 bytes */ 161 162 #endif /* SHA2_USE_INTTYPES_H */ 163 164 #endif /* _PACKAGE_ast */ 165 166 /*** SHA-256/384/512 Various Length Definitions ***********************/ 167 168 #define SHA256_BLOCK_LENGTH 64 169 #define SHA256_DIGEST_LENGTH 32 170 #define SHA384_BLOCK_LENGTH 128 171 #define SHA384_DIGEST_LENGTH 48 172 #define SHA512_BLOCK_LENGTH 128 173 #define SHA512_DIGEST_LENGTH 64 174 175 #define SHA256_SHORT_BLOCK_LENGTH (SHA256_BLOCK_LENGTH - 8) 176 #define SHA384_SHORT_BLOCK_LENGTH (SHA384_BLOCK_LENGTH - 16) 177 #define SHA512_SHORT_BLOCK_LENGTH (SHA512_BLOCK_LENGTH - 16) 178 179 /*** ENDIAN REVERSAL MACROS *******************************************/ 180 #if BYTE_ORDER == LITTLE_ENDIAN 181 #define REVERSE32(w,x) { \ 182 sha2_word32 tmp = (w); \ 183 tmp = (tmp >> 16) | (tmp << 16); \ 184 (x) = ((tmp & 0xff00ff00UL) >> 8) | ((tmp & 0x00ff00ffUL) << 8); \ 185 } 186 #if _ast_LL 187 #define REVERSE64(w,x) { \ 188 sha2_word64 tmp = (w); \ 189 tmp = (tmp >> 32) | (tmp << 32); \ 190 tmp = ((tmp & 0xff00ff00ff00ff00ULL) >> 8) | \ 191 ((tmp & 0x00ff00ff00ff00ffULL) << 8); \ 192 (x) = ((tmp & 0xffff0000ffff0000ULL) >> 16) | \ 193 ((tmp & 0x0000ffff0000ffffULL) << 16); \ 194 } 195 #else 196 #define REVERSE64(w,x) { \ 197 sha2_word64 tmp = (w); \ 198 tmp = (tmp >> 32) | (tmp << 32); \ 199 tmp = ((tmp & ((sha2_word64)0xff00ff00ff00ff00)) >> 8) | \ 200 ((tmp & ((sha2_word64)0x00ff00ff00ff00ff)) << 8); \ 201 (x) = ((tmp & ((sha2_word64)0xffff0000ffff0000)) >> 16) | \ 202 ((tmp & ((sha2_word64)0x0000ffff0000ffff)) << 16); \ 203 } 204 #endif 205 #endif /* BYTE_ORDER == LITTLE_ENDIAN */ 206 207 /* 208 * Macro for incrementally adding the unsigned 64-bit integer n to the 209 * unsigned 128-bit integer (represented using a two-element array of 210 * 64-bit words): 211 */ 212 213 #define ADDINC128(w,n) { \ 214 (w)[0] += (sha2_word64)(n); \ 215 if ((w)[0] < (n)) { \ 216 (w)[1]++; \ 217 } \ 218 } 219 220 /* 221 * Macros for copying blocks of memory and for zeroing out ranges 222 * of memory. Using these macros makes it easy to switch from 223 * using memset()/memcpy() and using bzero()/bcopy(). 224 * 225 * Please define either SHA2_USE_MEMSET_MEMCPY or define 226 * SHA2_USE_BZERO_BCOPY depending on which function set you 227 * choose to use: 228 */ 229 230 #if !defined(SHA2_USE_MEMSET_MEMCPY) && !defined(SHA2_USE_BZERO_BCOPY) 231 /* Default to memset()/memcpy() if no option is specified */ 232 #define SHA2_USE_MEMSET_MEMCPY 1 233 #endif 234 #if defined(SHA2_USE_MEMSET_MEMCPY) && defined(SHA2_USE_BZERO_BCOPY) 235 /* Abort with an error if BOTH options are defined */ 236 #error Define either SHA2_USE_MEMSET_MEMCPY or SHA2_USE_BZERO_BCOPY, not both! 237 #endif 238 239 #ifdef SHA2_USE_MEMSET_MEMCPY 240 #define MEMSET_BZERO(p,l) memset((p), 0, (l)) 241 #define MEMCPY_BCOPY(d,s,l) memcpy((d), (s), (l)) 242 #endif 243 #ifdef SHA2_USE_BZERO_BCOPY 244 #define MEMSET_BZERO(p,l) bzero((p), (l)) 245 #define MEMCPY_BCOPY(d,s,l) bcopy((s), (d), (l)) 246 #endif 247 248 249 /*** THE SIX LOGICAL FUNCTIONS ****************************************/ 250 /* 251 * Bit shifting and rotation (used by the six SHA-XYZ logical functions: 252 * 253 * NOTE: The naming of R and S appears backwards here (R is a SHIFT and 254 * S is a ROTATION) because the SHA-256/384/512 description document 255 * (see http://csrc.nist.gov/cryptval/shs/sha256-384-512.pdf) uses this 256 * same "backwards" definition. 257 */ 258 259 /* Shift-right (used in SHA-256, SHA-384, and SHA-512): */ 260 #define R(b,x) ((x) >> (b)) 261 /* 32-bit Rotate-right (used in SHA-256): */ 262 #define S32(b,x) (((x) >> (b)) | ((x) << (32 - (b)))) 263 /* 64-bit Rotate-right (used in SHA-384 and SHA-512): */ 264 #define S64(b,x) (((x) >> (b)) | ((x) << (64 - (b)))) 265 266 /* Two of six logical functions used in SHA-256, SHA-384, and SHA-512: */ 267 #define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z))) 268 #define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) 269 270 /* Four of six logical functions used in SHA-256: */ 271 #define Sigma0_256(x) (S32(2, (x)) ^ S32(13, (x)) ^ S32(22, (x))) 272 #define Sigma1_256(x) (S32(6, (x)) ^ S32(11, (x)) ^ S32(25, (x))) 273 #define sigma0_256(x) (S32(7, (x)) ^ S32(18, (x)) ^ R(3 , (x))) 274 #define sigma1_256(x) (S32(17, (x)) ^ S32(19, (x)) ^ R(10, (x))) 275 276 /* Four of six logical functions used in SHA-384 and SHA-512: */ 277 #define Sigma0_512(x) (S64(28, (x)) ^ S64(34, (x)) ^ S64(39, (x))) 278 #define Sigma1_512(x) (S64(14, (x)) ^ S64(18, (x)) ^ S64(41, (x))) 279 #define sigma0_512(x) (S64( 1, (x)) ^ S64( 8, (x)) ^ R( 7, (x))) 280 #define sigma1_512(x) (S64(19, (x)) ^ S64(61, (x)) ^ R( 6, (x))) 281 282 /*** SHA-XYZ INITIAL HASH VALUES AND CONSTANTS ************************/ 283 /* Hash constant words K for SHA-256: */ 284 static const sha2_word32 K256[64] = { 285 0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL, 286 0x3956c25bUL, 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL, 287 0xd807aa98UL, 0x12835b01UL, 0x243185beUL, 0x550c7dc3UL, 288 0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL, 0xc19bf174UL, 289 0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL, 290 0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL, 291 0x983e5152UL, 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL, 292 0xc6e00bf3UL, 0xd5a79147UL, 0x06ca6351UL, 0x14292967UL, 293 0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL, 0x53380d13UL, 294 0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL, 295 0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL, 296 0xd192e819UL, 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL, 297 0x19a4c116UL, 0x1e376c08UL, 0x2748774cUL, 0x34b0bcb5UL, 298 0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL, 0x682e6ff3UL, 299 0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL, 300 0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL 301 }; 302 303 /* Initial hash value H for SHA-256: */ 304 static const sha2_word32 sha256_initial_hash_value[8] = { 305 0x6a09e667UL, 306 0xbb67ae85UL, 307 0x3c6ef372UL, 308 0xa54ff53aUL, 309 0x510e527fUL, 310 0x9b05688cUL, 311 0x1f83d9abUL, 312 0x5be0cd19UL 313 }; 314 315 /* Hash constant words K for SHA-384 and SHA-512: */ 316 static const sha2_word64 K512[80] = { 317 #if _ast_LL 318 0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL, 319 0xb5c0fbcfec4d3b2fULL, 0xe9b5dba58189dbbcULL, 320 0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL, 321 0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL, 322 0xd807aa98a3030242ULL, 0x12835b0145706fbeULL, 323 0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL, 324 0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL, 325 0x9bdc06a725c71235ULL, 0xc19bf174cf692694ULL, 326 0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL, 327 0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL, 328 0x2de92c6f592b0275ULL, 0x4a7484aa6ea6e483ULL, 329 0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL, 330 0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL, 331 0xb00327c898fb213fULL, 0xbf597fc7beef0ee4ULL, 332 0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL, 333 0x06ca6351e003826fULL, 0x142929670a0e6e70ULL, 334 0x27b70a8546d22ffcULL, 0x2e1b21385c26c926ULL, 335 0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL, 336 0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL, 337 0x81c2c92e47edaee6ULL, 0x92722c851482353bULL, 338 0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL, 339 0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL, 340 0xd192e819d6ef5218ULL, 0xd69906245565a910ULL, 341 0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL, 342 0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL, 343 0x2748774cdf8eeb99ULL, 0x34b0bcb5e19b48a8ULL, 344 0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL, 345 0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL, 346 0x748f82ee5defb2fcULL, 0x78a5636f43172f60ULL, 347 0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL, 348 0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL, 349 0xbef9a3f7b2c67915ULL, 0xc67178f2e372532bULL, 350 0xca273eceea26619cULL, 0xd186b8c721c0c207ULL, 351 0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL, 352 0x06f067aa72176fbaULL, 0x0a637dc5a2c898a6ULL, 353 0x113f9804bef90daeULL, 0x1b710b35131c471bULL, 354 0x28db77f523047d84ULL, 0x32caab7b40c72493ULL, 355 0x3c9ebe0a15c9bebcULL, 0x431d67c49c100d4cULL, 356 0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL, 357 0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL 358 #else 359 ((sha2_word64)0x428a2f98d728ae22), ((sha2_word64)0x7137449123ef65cd), 360 ((sha2_word64)0xb5c0fbcfec4d3b2f), ((sha2_word64)0xe9b5dba58189dbbc), 361 ((sha2_word64)0x3956c25bf348b538), ((sha2_word64)0x59f111f1b605d019), 362 ((sha2_word64)0x923f82a4af194f9b), ((sha2_word64)0xab1c5ed5da6d8118), 363 ((sha2_word64)0xd807aa98a3030242), ((sha2_word64)0x12835b0145706fbe), 364 ((sha2_word64)0x243185be4ee4b28c), ((sha2_word64)0x550c7dc3d5ffb4e2), 365 ((sha2_word64)0x72be5d74f27b896f), ((sha2_word64)0x80deb1fe3b1696b1), 366 ((sha2_word64)0x9bdc06a725c71235), ((sha2_word64)0xc19bf174cf692694), 367 ((sha2_word64)0xe49b69c19ef14ad2), ((sha2_word64)0xefbe4786384f25e3), 368 ((sha2_word64)0x0fc19dc68b8cd5b5), ((sha2_word64)0x240ca1cc77ac9c65), 369 ((sha2_word64)0x2de92c6f592b0275), ((sha2_word64)0x4a7484aa6ea6e483), 370 ((sha2_word64)0x5cb0a9dcbd41fbd4), ((sha2_word64)0x76f988da831153b5), 371 ((sha2_word64)0x983e5152ee66dfab), ((sha2_word64)0xa831c66d2db43210), 372 ((sha2_word64)0xb00327c898fb213f), ((sha2_word64)0xbf597fc7beef0ee4), 373 ((sha2_word64)0xc6e00bf33da88fc2), ((sha2_word64)0xd5a79147930aa725), 374 ((sha2_word64)0x06ca6351e003826f), ((sha2_word64)0x142929670a0e6e70), 375 ((sha2_word64)0x27b70a8546d22ffc), ((sha2_word64)0x2e1b21385c26c926), 376 ((sha2_word64)0x4d2c6dfc5ac42aed), ((sha2_word64)0x53380d139d95b3df), 377 ((sha2_word64)0x650a73548baf63de), ((sha2_word64)0x766a0abb3c77b2a8), 378 ((sha2_word64)0x81c2c92e47edaee6), ((sha2_word64)0x92722c851482353b), 379 ((sha2_word64)0xa2bfe8a14cf10364), ((sha2_word64)0xa81a664bbc423001), 380 ((sha2_word64)0xc24b8b70d0f89791), ((sha2_word64)0xc76c51a30654be30), 381 ((sha2_word64)0xd192e819d6ef5218), ((sha2_word64)0xd69906245565a910), 382 ((sha2_word64)0xf40e35855771202a), ((sha2_word64)0x106aa07032bbd1b8), 383 ((sha2_word64)0x19a4c116b8d2d0c8), ((sha2_word64)0x1e376c085141ab53), 384 ((sha2_word64)0x2748774cdf8eeb99), ((sha2_word64)0x34b0bcb5e19b48a8), 385 ((sha2_word64)0x391c0cb3c5c95a63), ((sha2_word64)0x4ed8aa4ae3418acb), 386 ((sha2_word64)0x5b9cca4f7763e373), ((sha2_word64)0x682e6ff3d6b2b8a3), 387 ((sha2_word64)0x748f82ee5defb2fc), ((sha2_word64)0x78a5636f43172f60), 388 ((sha2_word64)0x84c87814a1f0ab72), ((sha2_word64)0x8cc702081a6439ec), 389 ((sha2_word64)0x90befffa23631e28), ((sha2_word64)0xa4506cebde82bde9), 390 ((sha2_word64)0xbef9a3f7b2c67915), ((sha2_word64)0xc67178f2e372532b), 391 ((sha2_word64)0xca273eceea26619c), ((sha2_word64)0xd186b8c721c0c207), 392 ((sha2_word64)0xeada7dd6cde0eb1e), ((sha2_word64)0xf57d4f7fee6ed178), 393 ((sha2_word64)0x06f067aa72176fba), ((sha2_word64)0x0a637dc5a2c898a6), 394 ((sha2_word64)0x113f9804bef90dae), ((sha2_word64)0x1b710b35131c471b), 395 ((sha2_word64)0x28db77f523047d84), ((sha2_word64)0x32caab7b40c72493), 396 ((sha2_word64)0x3c9ebe0a15c9bebc), ((sha2_word64)0x431d67c49c100d4c), 397 ((sha2_word64)0x4cc5d4becb3e42b6), ((sha2_word64)0x597f299cfc657e2a), 398 ((sha2_word64)0x5fcb6fab3ad6faec), ((sha2_word64)0x6c44198c4a475817) 399 #endif 400 }; 401 402 /* Initial hash value H for SHA-384 */ 403 static const sha2_word64 sha384_initial_hash_value[8] = { 404 #if _ast_LL 405 0xcbbb9d5dc1059ed8ULL, 406 0x629a292a367cd507ULL, 407 0x9159015a3070dd17ULL, 408 0x152fecd8f70e5939ULL, 409 0x67332667ffc00b31ULL, 410 0x8eb44a8768581511ULL, 411 0xdb0c2e0d64f98fa7ULL, 412 0x47b5481dbefa4fa4ULL 413 #else 414 ((sha2_word64)0xcbbb9d5dc1059ed8), 415 ((sha2_word64)0x629a292a367cd507), 416 ((sha2_word64)0x9159015a3070dd17), 417 ((sha2_word64)0x152fecd8f70e5939), 418 ((sha2_word64)0x67332667ffc00b31), 419 ((sha2_word64)0x8eb44a8768581511), 420 ((sha2_word64)0xdb0c2e0d64f98fa7), 421 ((sha2_word64)0x47b5481dbefa4fa4) 422 #endif 423 }; 424 425 /* Initial hash value H for SHA-512 */ 426 static const sha2_word64 sha512_initial_hash_value[8] = { 427 #if _ast_LL 428 0x6a09e667f3bcc908ULL, 429 0xbb67ae8584caa73bULL, 430 0x3c6ef372fe94f82bULL, 431 0xa54ff53a5f1d36f1ULL, 432 0x510e527fade682d1ULL, 433 0x9b05688c2b3e6c1fULL, 434 0x1f83d9abfb41bd6bULL, 435 0x5be0cd19137e2179ULL 436 #else 437 ((sha2_word64)0x6a09e667f3bcc908), 438 ((sha2_word64)0xbb67ae8584caa73b), 439 ((sha2_word64)0x3c6ef372fe94f82b), 440 ((sha2_word64)0xa54ff53a5f1d36f1), 441 ((sha2_word64)0x510e527fade682d1), 442 ((sha2_word64)0x9b05688c2b3e6c1f), 443 ((sha2_word64)0x1f83d9abfb41bd6b), 444 ((sha2_word64)0x5be0cd19137e2179) 445 #endif 446 }; 447 448 /*** SHA-256: *********************************************************/ 449 450 #define sha256_description "FIPS SHA-256 secure hash algorithm." 451 #define sha256_options "\ 452 [+(version)?sha-256 (FIPS) 2000-01-01]\ 453 [+(author)?Aaron D. Gifford]\ 454 " 455 #define sha256_match "sha256|sha-256|SHA256|SHA-256" 456 #define sha256_scale 0 457 458 #define sha256_padding md5_pad 459 460 #define SHA256_CTX Sha256_t 461 462 typedef struct Sha256_s 463 { 464 _SUM_PUBLIC_ 465 _SUM_PRIVATE_ 466 sha2_byte digest[SHA256_DIGEST_LENGTH]; 467 sha2_byte digest_sum[SHA256_DIGEST_LENGTH]; 468 sha2_word32 state[8]; 469 sha2_word64 bitcount; 470 sha2_byte buffer[SHA256_BLOCK_LENGTH]; 471 } Sha256_t; 472 473 #ifdef SHA2_UNROLL_TRANSFORM 474 475 /* Unrolled SHA-256 round macros: */ 476 477 #if BYTE_ORDER == LITTLE_ENDIAN 478 479 #define ROUND256_0_TO_15(a,b,c,d,e,f,g,h) \ 480 REVERSE32(*data++, W256[j]); \ 481 T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + \ 482 K256[j] + W256[j]; \ 483 (d) += T1; \ 484 (h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \ 485 j++ 486 487 488 #else /* BYTE_ORDER == LITTLE_ENDIAN */ 489 490 #define ROUND256_0_TO_15(a,b,c,d,e,f,g,h) \ 491 T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + \ 492 K256[j] + (W256[j] = *data++); \ 493 (d) += T1; \ 494 (h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \ 495 j++ 496 497 #endif /* BYTE_ORDER == LITTLE_ENDIAN */ 498 499 #define ROUND256(a,b,c,d,e,f,g,h) \ 500 s0 = W256[(j+1)&0x0f]; \ 501 s0 = sigma0_256(s0); \ 502 s1 = W256[(j+14)&0x0f]; \ 503 s1 = sigma1_256(s1); \ 504 T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + K256[j] + \ 505 (W256[j&0x0f] += s1 + W256[(j+9)&0x0f] + s0); \ 506 (d) += T1; \ 507 (h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \ 508 j++ 509 510 static void SHA256_Transform(SHA256_CTX* sha, const sha2_word32* data) { 511 sha2_word32 a, b, c, d, e, f, g, h, s0, s1; 512 sha2_word32 T1, *W256; 513 int j; 514 515 W256 = (sha2_word32*)sha->buffer; 516 517 /* Initialize registers with the prev. intermediate value */ 518 a = sha->state[0]; 519 b = sha->state[1]; 520 c = sha->state[2]; 521 d = sha->state[3]; 522 e = sha->state[4]; 523 f = sha->state[5]; 524 g = sha->state[6]; 525 h = sha->state[7]; 526 527 j = 0; 528 do { 529 /* Rounds 0 to 15 (unrolled): */ 530 ROUND256_0_TO_15(a,b,c,d,e,f,g,h); 531 ROUND256_0_TO_15(h,a,b,c,d,e,f,g); 532 ROUND256_0_TO_15(g,h,a,b,c,d,e,f); 533 ROUND256_0_TO_15(f,g,h,a,b,c,d,e); 534 ROUND256_0_TO_15(e,f,g,h,a,b,c,d); 535 ROUND256_0_TO_15(d,e,f,g,h,a,b,c); 536 ROUND256_0_TO_15(c,d,e,f,g,h,a,b); 537 ROUND256_0_TO_15(b,c,d,e,f,g,h,a); 538 } while (j < 16); 539 540 /* Now for the remaining rounds to 64: */ 541 do { 542 ROUND256(a,b,c,d,e,f,g,h); 543 ROUND256(h,a,b,c,d,e,f,g); 544 ROUND256(g,h,a,b,c,d,e,f); 545 ROUND256(f,g,h,a,b,c,d,e); 546 ROUND256(e,f,g,h,a,b,c,d); 547 ROUND256(d,e,f,g,h,a,b,c); 548 ROUND256(c,d,e,f,g,h,a,b); 549 ROUND256(b,c,d,e,f,g,h,a); 550 } while (j < 64); 551 552 /* Compute the current intermediate hash value */ 553 sha->state[0] += a; 554 sha->state[1] += b; 555 sha->state[2] += c; 556 sha->state[3] += d; 557 sha->state[4] += e; 558 sha->state[5] += f; 559 sha->state[6] += g; 560 sha->state[7] += h; 561 562 /* Clean up */ 563 a = b = c = d = e = f = g = h = T1 = 0; 564 } 565 566 #else /* SHA2_UNROLL_TRANSFORM */ 567 568 static void SHA256_Transform(SHA256_CTX* sha, const sha2_word32* data) { 569 sha2_word32 a, b, c, d, e, f, g, h, s0, s1; 570 sha2_word32 T1, T2, *W256; 571 int j; 572 573 W256 = (sha2_word32*)sha->buffer; 574 575 /* Initialize registers with the prev. intermediate value */ 576 a = sha->state[0]; 577 b = sha->state[1]; 578 c = sha->state[2]; 579 d = sha->state[3]; 580 e = sha->state[4]; 581 f = sha->state[5]; 582 g = sha->state[6]; 583 h = sha->state[7]; 584 585 j = 0; 586 do { 587 #if BYTE_ORDER == LITTLE_ENDIAN 588 /* Copy data while converting to host byte order */ 589 REVERSE32(*data++,W256[j]); 590 /* Apply the SHA-256 compression function to update a..h */ 591 T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + W256[j]; 592 #else /* BYTE_ORDER == LITTLE_ENDIAN */ 593 /* Apply the SHA-256 compression function to update a..h with copy */ 594 T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + (W256[j] = *data++); 595 #endif /* BYTE_ORDER == LITTLE_ENDIAN */ 596 T2 = Sigma0_256(a) + Maj(a, b, c); 597 h = g; 598 g = f; 599 f = e; 600 e = d + T1; 601 d = c; 602 c = b; 603 b = a; 604 a = T1 + T2; 605 606 j++; 607 } while (j < 16); 608 609 do { 610 /* Part of the message block expansion: */ 611 s0 = W256[(j+1)&0x0f]; 612 s0 = sigma0_256(s0); 613 s1 = W256[(j+14)&0x0f]; 614 s1 = sigma1_256(s1); 615 616 /* Apply the SHA-256 compression function to update a..h */ 617 T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + 618 (W256[j&0x0f] += s1 + W256[(j+9)&0x0f] + s0); 619 T2 = Sigma0_256(a) + Maj(a, b, c); 620 h = g; 621 g = f; 622 f = e; 623 e = d + T1; 624 d = c; 625 c = b; 626 b = a; 627 a = T1 + T2; 628 629 j++; 630 } while (j < 64); 631 632 /* Compute the current intermediate hash value */ 633 sha->state[0] += a; 634 sha->state[1] += b; 635 sha->state[2] += c; 636 sha->state[3] += d; 637 sha->state[4] += e; 638 sha->state[5] += f; 639 sha->state[6] += g; 640 sha->state[7] += h; 641 642 /* Clean up */ 643 a = b = c = d = e = f = g = h = T1 = T2 = 0; 644 } 645 646 #endif /* SHA2_UNROLL_TRANSFORM */ 647 648 static int 649 sha256_block(register Sum_t* p, const void* s, size_t len) 650 { 651 Sha256_t* sha = (Sha256_t*)p; 652 sha2_byte* data = (sha2_byte*)s; 653 unsigned int freespace, usedspace; 654 655 if (!len) 656 return 0; 657 usedspace = (sha->bitcount >> 3) % SHA256_BLOCK_LENGTH; 658 if (usedspace > 0) { 659 /* Calculate how much free space is available in the buffer */ 660 freespace = SHA256_BLOCK_LENGTH - usedspace; 661 662 if (len >= freespace) { 663 /* Fill the buffer completely and process it */ 664 MEMCPY_BCOPY(&sha->buffer[usedspace], data, freespace); 665 sha->bitcount += freespace << 3; 666 len -= freespace; 667 data += freespace; 668 SHA256_Transform(sha, (sha2_word32*)sha->buffer); 669 } else { 670 /* The buffer is not yet full */ 671 MEMCPY_BCOPY(&sha->buffer[usedspace], data, len); 672 sha->bitcount += len << 3; 673 /* Clean up: */ 674 usedspace = freespace = 0; 675 return 0; 676 } 677 } 678 while (len >= SHA256_BLOCK_LENGTH) { 679 /* Process as many complete blocks as we can */ 680 SHA256_Transform(sha, (sha2_word32*)data); 681 sha->bitcount += SHA256_BLOCK_LENGTH << 3; 682 len -= SHA256_BLOCK_LENGTH; 683 data += SHA256_BLOCK_LENGTH; 684 } 685 if (len > 0) { 686 /* There's left-overs, so save 'em */ 687 MEMCPY_BCOPY(sha->buffer, data, len); 688 sha->bitcount += len << 3; 689 } 690 /* Clean up: */ 691 usedspace = freespace = 0; 692 693 return 0; 694 } 695 696 static int 697 sha256_init(Sum_t* p) 698 { 699 register Sha256_t* sha = (Sha256_t*)p; 700 701 MEMCPY_BCOPY(sha->state, sha256_initial_hash_value, SHA256_DIGEST_LENGTH); 702 MEMSET_BZERO(sha->buffer, SHA256_BLOCK_LENGTH); 703 sha->bitcount = 0; 704 705 return 0; 706 } 707 708 static Sum_t* 709 sha256_open(const Method_t* method, const char* name) 710 { 711 Sha256_t* sha; 712 713 if (sha = newof(0, Sha256_t, 1, 0)) 714 { 715 sha->method = (Method_t*)method; 716 sha->name = name; 717 sha256_init((Sum_t*)sha); 718 } 719 return (Sum_t*)sha; 720 } 721 722 static int 723 sha256_done(Sum_t* p) 724 { 725 Sha256_t* sha = (Sha256_t*)p; 726 unsigned int usedspace; 727 register int i; 728 729 /* Sanity check: */ 730 assert(sha != (SHA256_CTX*)0); 731 732 usedspace = (sha->bitcount >> 3) % SHA256_BLOCK_LENGTH; 733 #if BYTE_ORDER == LITTLE_ENDIAN 734 /* Convert FROM host byte order */ 735 REVERSE64(sha->bitcount,sha->bitcount); 736 #endif 737 if (usedspace > 0) { 738 /* Begin padding with a 1 bit: */ 739 sha->buffer[usedspace++] = 0x80; 740 741 if (usedspace <= SHA256_SHORT_BLOCK_LENGTH) { 742 /* Set-up for the last transform: */ 743 MEMSET_BZERO(&sha->buffer[usedspace], SHA256_SHORT_BLOCK_LENGTH - usedspace); 744 } else { 745 if (usedspace < SHA256_BLOCK_LENGTH) { 746 MEMSET_BZERO(&sha->buffer[usedspace], SHA256_BLOCK_LENGTH - usedspace); 747 } 748 /* Do second-to-last transform: */ 749 SHA256_Transform(sha, (sha2_word32*)sha->buffer); 750 751 /* And set-up for the last transform: */ 752 MEMSET_BZERO(sha->buffer, SHA256_SHORT_BLOCK_LENGTH); 753 } 754 } else { 755 /* Set-up for the last transform: */ 756 MEMSET_BZERO(sha->buffer, SHA256_SHORT_BLOCK_LENGTH); 757 758 /* Begin padding with a 1 bit: */ 759 *sha->buffer = 0x80; 760 } 761 /* Set the bit count: */ 762 *(sha2_word64*)&sha->buffer[SHA256_SHORT_BLOCK_LENGTH] = sha->bitcount; 763 764 /* Final transform: */ 765 SHA256_Transform(sha, (sha2_word32*)sha->buffer); 766 767 #if BYTE_ORDER == LITTLE_ENDIAN 768 { 769 /* Convert TO host byte order */ 770 int j; 771 sha2_word32* d = (sha2_word32*)sha->digest; 772 for (j = 0; j < 8; j++) { 773 REVERSE32(sha->state[j],sha->state[j]); 774 *d++ = sha->state[j]; 775 } 776 } 777 #else 778 MEMCPY_BCOPY(sha->digest, sha->state, SHA256_DIGEST_LENGTH); 779 #endif 780 781 /* accumulate the digests */ 782 for (i = 0; i < SHA256_DIGEST_LENGTH; i++) 783 sha->digest_sum[i] ^= sha->digest[i]; 784 785 /* Clean up state data: */ 786 MEMSET_BZERO(&sha->state, sizeof(*sha) - offsetof(Sha256_t, state)); 787 usedspace = 0; 788 789 return 0; 790 } 791 792 static int 793 sha256_print(Sum_t* p, Sfio_t* sp, register int flags, size_t scale) 794 { 795 register Sha256_t* sha = (Sha256_t*)p; 796 register sha2_byte* d; 797 register sha2_byte* e; 798 799 d = (flags & SUM_TOTAL) ? sha->digest_sum : sha->digest; 800 e = d + SHA256_DIGEST_LENGTH; 801 while (d < e) 802 sfprintf(sp, "%02x", *d++); 803 return 0; 804 } 805 806 static int 807 sha256_data(Sum_t* p, Sumdata_t* data) 808 { 809 register Sha256_t* sha = (Sha256_t*)p; 810 811 data->size = SHA256_DIGEST_LENGTH; 812 data->num = 0; 813 data->buf = sha->digest; 814 return 0; 815 } 816 817 /*** SHA-512: *********************************************************/ 818 819 #define sha512_description "FIPS SHA-512 secure hash algorithm." 820 #define sha512_options "\ 821 [+(version)?sha-512 (FIPS) 2000-01-01]\ 822 [+(author)?Aaron D. Gifford]\ 823 " 824 #define sha512_match "sha512|sha-512|SHA512|SHA-512" 825 #define sha512_scale 0 826 827 #define sha512_padding md5_pad 828 829 #define SHA512_CTX Sha512_t 830 831 typedef struct Sha512_s 832 { 833 _SUM_PUBLIC_ 834 _SUM_PRIVATE_ 835 sha2_byte digest[SHA512_DIGEST_LENGTH]; 836 sha2_byte digest_sum[SHA512_DIGEST_LENGTH]; 837 sha2_word64 state[8]; 838 sha2_word64 bitcount[2]; 839 sha2_byte buffer[SHA512_BLOCK_LENGTH]; 840 } Sha512_t; 841 842 #ifdef SHA2_UNROLL_TRANSFORM 843 844 /* Unrolled SHA-512 round macros: */ 845 #if BYTE_ORDER == LITTLE_ENDIAN 846 847 #define ROUND512_0_TO_15(a,b,c,d,e,f,g,h) \ 848 REVERSE64(*data++, W512[j]); \ 849 T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + \ 850 K512[j] + W512[j]; \ 851 (d) += T1, \ 852 (h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)), \ 853 j++ 854 855 856 #else /* BYTE_ORDER == LITTLE_ENDIAN */ 857 858 #define ROUND512_0_TO_15(a,b,c,d,e,f,g,h) \ 859 T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + \ 860 K512[j] + (W512[j] = *data++); \ 861 (d) += T1; \ 862 (h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)); \ 863 j++ 864 865 #endif /* BYTE_ORDER == LITTLE_ENDIAN */ 866 867 #define ROUND512(a,b,c,d,e,f,g,h) \ 868 s0 = W512[(j+1)&0x0f]; \ 869 s0 = sigma0_512(s0); \ 870 s1 = W512[(j+14)&0x0f]; \ 871 s1 = sigma1_512(s1); \ 872 T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + K512[j] + \ 873 (W512[j&0x0f] += s1 + W512[(j+9)&0x0f] + s0); \ 874 (d) += T1; \ 875 (h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)); \ 876 j++ 877 878 static void SHA512_Transform(SHA512_CTX* sha, const sha2_word64* data) { 879 sha2_word64 a, b, c, d, e, f, g, h, s0, s1; 880 sha2_word64 T1, *W512 = (sha2_word64*)sha->buffer; 881 int j; 882 883 /* Initialize registers with the prev. intermediate value */ 884 a = sha->state[0]; 885 b = sha->state[1]; 886 c = sha->state[2]; 887 d = sha->state[3]; 888 e = sha->state[4]; 889 f = sha->state[5]; 890 g = sha->state[6]; 891 h = sha->state[7]; 892 893 j = 0; 894 do { 895 ROUND512_0_TO_15(a,b,c,d,e,f,g,h); 896 ROUND512_0_TO_15(h,a,b,c,d,e,f,g); 897 ROUND512_0_TO_15(g,h,a,b,c,d,e,f); 898 ROUND512_0_TO_15(f,g,h,a,b,c,d,e); 899 ROUND512_0_TO_15(e,f,g,h,a,b,c,d); 900 ROUND512_0_TO_15(d,e,f,g,h,a,b,c); 901 ROUND512_0_TO_15(c,d,e,f,g,h,a,b); 902 ROUND512_0_TO_15(b,c,d,e,f,g,h,a); 903 } while (j < 16); 904 905 /* Now for the remaining rounds up to 79: */ 906 do { 907 ROUND512(a,b,c,d,e,f,g,h); 908 ROUND512(h,a,b,c,d,e,f,g); 909 ROUND512(g,h,a,b,c,d,e,f); 910 ROUND512(f,g,h,a,b,c,d,e); 911 ROUND512(e,f,g,h,a,b,c,d); 912 ROUND512(d,e,f,g,h,a,b,c); 913 ROUND512(c,d,e,f,g,h,a,b); 914 ROUND512(b,c,d,e,f,g,h,a); 915 } while (j < 80); 916 917 /* Compute the current intermediate hash value */ 918 sha->state[0] += a; 919 sha->state[1] += b; 920 sha->state[2] += c; 921 sha->state[3] += d; 922 sha->state[4] += e; 923 sha->state[5] += f; 924 sha->state[6] += g; 925 sha->state[7] += h; 926 927 /* Clean up */ 928 a = b = c = d = e = f = g = h = T1 = 0; 929 } 930 931 #else /* SHA2_UNROLL_TRANSFORM */ 932 933 static void SHA512_Transform(SHA512_CTX* sha, const sha2_word64* data) { 934 sha2_word64 a, b, c, d, e, f, g, h, s0, s1; 935 sha2_word64 T1, T2, *W512 = (sha2_word64*)sha->buffer; 936 int j; 937 938 /* Initialize registers with the prev. intermediate value */ 939 a = sha->state[0]; 940 b = sha->state[1]; 941 c = sha->state[2]; 942 d = sha->state[3]; 943 e = sha->state[4]; 944 f = sha->state[5]; 945 g = sha->state[6]; 946 h = sha->state[7]; 947 948 j = 0; 949 do { 950 #if BYTE_ORDER == LITTLE_ENDIAN 951 /* Convert TO host byte order */ 952 REVERSE64(*data++, W512[j]); 953 /* Apply the SHA-512 compression function to update a..h */ 954 T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + W512[j]; 955 #else /* BYTE_ORDER == LITTLE_ENDIAN */ 956 /* Apply the SHA-512 compression function to update a..h with copy */ 957 T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + (W512[j] = *data++); 958 #endif /* BYTE_ORDER == LITTLE_ENDIAN */ 959 T2 = Sigma0_512(a) + Maj(a, b, c); 960 h = g; 961 g = f; 962 f = e; 963 e = d + T1; 964 d = c; 965 c = b; 966 b = a; 967 a = T1 + T2; 968 969 j++; 970 } while (j < 16); 971 972 do { 973 /* Part of the message block expansion: */ 974 s0 = W512[(j+1)&0x0f]; 975 s0 = sigma0_512(s0); 976 s1 = W512[(j+14)&0x0f]; 977 s1 = sigma1_512(s1); 978 979 /* Apply the SHA-512 compression function to update a..h */ 980 T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + 981 (W512[j&0x0f] += s1 + W512[(j+9)&0x0f] + s0); 982 T2 = Sigma0_512(a) + Maj(a, b, c); 983 h = g; 984 g = f; 985 f = e; 986 e = d + T1; 987 d = c; 988 c = b; 989 b = a; 990 a = T1 + T2; 991 992 j++; 993 } while (j < 80); 994 995 /* Compute the current intermediate hash value */ 996 sha->state[0] += a; 997 sha->state[1] += b; 998 sha->state[2] += c; 999 sha->state[3] += d; 1000 sha->state[4] += e; 1001 sha->state[5] += f; 1002 sha->state[6] += g; 1003 sha->state[7] += h; 1004 1005 /* Clean up */ 1006 a = b = c = d = e = f = g = h = T1 = T2 = 0; 1007 } 1008 1009 #endif /* SHA2_UNROLL_TRANSFORM */ 1010 1011 static int 1012 sha512_block(register Sum_t* p, const void* s, size_t len) 1013 { 1014 Sha512_t* sha = (Sha512_t*)p; 1015 sha2_byte* data = (sha2_byte*)s; 1016 unsigned int freespace, usedspace; 1017 1018 if (!len) 1019 return 0; 1020 usedspace = (sha->bitcount[0] >> 3) % SHA512_BLOCK_LENGTH; 1021 if (usedspace > 0) { 1022 /* Calculate how much free space is available in the buffer */ 1023 freespace = SHA512_BLOCK_LENGTH - usedspace; 1024 1025 if (len >= freespace) { 1026 /* Fill the buffer completely and process it */ 1027 MEMCPY_BCOPY(&sha->buffer[usedspace], data, freespace); 1028 ADDINC128(sha->bitcount, freespace << 3); 1029 len -= freespace; 1030 data += freespace; 1031 SHA512_Transform(sha, (sha2_word64*)sha->buffer); 1032 } else { 1033 /* The buffer is not yet full */ 1034 MEMCPY_BCOPY(&sha->buffer[usedspace], data, len); 1035 ADDINC128(sha->bitcount, len << 3); 1036 /* Clean up: */ 1037 usedspace = freespace = 0; 1038 return 0; 1039 } 1040 } 1041 while (len >= SHA512_BLOCK_LENGTH) { 1042 /* Process as many complete blocks as we can */ 1043 SHA512_Transform(sha, (sha2_word64*)data); 1044 ADDINC128(sha->bitcount, SHA512_BLOCK_LENGTH << 3); 1045 len -= SHA512_BLOCK_LENGTH; 1046 data += SHA512_BLOCK_LENGTH; 1047 } 1048 if (len > 0) { 1049 /* There's left-overs, so save 'em */ 1050 MEMCPY_BCOPY(sha->buffer, data, len); 1051 ADDINC128(sha->bitcount, len << 3); 1052 } 1053 /* Clean up: */ 1054 usedspace = freespace = 0; 1055 1056 return 0; 1057 } 1058 1059 static int 1060 sha512_init(Sum_t* p) 1061 { 1062 register Sha512_t* sha = (Sha512_t*)p; 1063 1064 MEMCPY_BCOPY(sha->state, sha512_initial_hash_value, SHA512_DIGEST_LENGTH); 1065 MEMSET_BZERO(sha->buffer, SHA512_BLOCK_LENGTH); 1066 sha->bitcount[0] = sha->bitcount[1] = 0; 1067 1068 return 0; 1069 } 1070 1071 static Sum_t* 1072 sha512_open(const Method_t* method, const char* name) 1073 { 1074 Sha512_t* sha; 1075 1076 if (sha = newof(0, Sha512_t, 1, 0)) 1077 { 1078 sha->method = (Method_t*)method; 1079 sha->name = name; 1080 sha512_init((Sum_t*)sha); 1081 } 1082 return (Sum_t*)sha; 1083 } 1084 1085 static int 1086 sha512_done(Sum_t* p) 1087 { 1088 Sha512_t* sha = (Sha512_t*)p; 1089 unsigned int usedspace; 1090 register int i; 1091 1092 usedspace = (sha->bitcount[0] >> 3) % SHA512_BLOCK_LENGTH; 1093 #if BYTE_ORDER == LITTLE_ENDIAN 1094 /* Convert FROM host byte order */ 1095 REVERSE64(sha->bitcount[0],sha->bitcount[0]); 1096 REVERSE64(sha->bitcount[1],sha->bitcount[1]); 1097 #endif 1098 if (usedspace > 0) { 1099 /* Begin padding with a 1 bit: */ 1100 sha->buffer[usedspace++] = 0x80; 1101 1102 if (usedspace <= SHA512_SHORT_BLOCK_LENGTH) { 1103 /* Set-up for the last transform: */ 1104 MEMSET_BZERO(&sha->buffer[usedspace], SHA512_SHORT_BLOCK_LENGTH - usedspace); 1105 } else { 1106 if (usedspace < SHA512_BLOCK_LENGTH) { 1107 MEMSET_BZERO(&sha->buffer[usedspace], SHA512_BLOCK_LENGTH - usedspace); 1108 } 1109 /* Do second-to-last transform: */ 1110 SHA512_Transform(sha, (sha2_word64*)sha->buffer); 1111 1112 /* And set-up for the last transform: */ 1113 MEMSET_BZERO(sha->buffer, SHA512_BLOCK_LENGTH - 2); 1114 } 1115 } else { 1116 /* Prepare for final transform: */ 1117 MEMSET_BZERO(sha->buffer, SHA512_SHORT_BLOCK_LENGTH); 1118 1119 /* Begin padding with a 1 bit: */ 1120 *sha->buffer = 0x80; 1121 } 1122 /* Store the length of input data (in bits): */ 1123 *(sha2_word64*)&sha->buffer[SHA512_SHORT_BLOCK_LENGTH] = sha->bitcount[1]; 1124 *(sha2_word64*)&sha->buffer[SHA512_SHORT_BLOCK_LENGTH+8] = sha->bitcount[0]; 1125 1126 /* Final transform: */ 1127 SHA512_Transform(sha, (sha2_word64*)sha->buffer); 1128 1129 #if BYTE_ORDER == LITTLE_ENDIAN 1130 { 1131 /* Convert TO host byte order */ 1132 sha2_word64* d = (sha2_word64*)sha->digest; 1133 int j; 1134 for (j = 0; j < 8; j++) { 1135 REVERSE64(sha->state[j],sha->state[j]); 1136 *d++ = sha->state[j]; 1137 } 1138 } 1139 #else 1140 MEMCPY_BCOPY(sha->digest, sha->state, SHA512_DIGEST_LENGTH); 1141 #endif 1142 1143 /* accumulate the digests */ 1144 for (i = 0; i < SHA512_DIGEST_LENGTH; i++) 1145 sha->digest_sum[i] ^= sha->digest[i]; 1146 1147 /* Clean up state data: */ 1148 MEMSET_BZERO(&sha->state, sizeof(*sha) - offsetof(Sha512_t, state)); 1149 usedspace = 0; 1150 1151 return 0; 1152 } 1153 1154 static int 1155 sha512_print(Sum_t* p, Sfio_t* sp, register int flags, size_t scale) 1156 { 1157 register Sha512_t* sha = (Sha512_t*)p; 1158 register sha2_byte* d; 1159 register sha2_byte* e; 1160 1161 d = (flags & SUM_TOTAL) ? sha->digest_sum : sha->digest; 1162 e = d + SHA512_DIGEST_LENGTH; 1163 while (d < e) 1164 sfprintf(sp, "%02x", *d++); 1165 return 0; 1166 } 1167 1168 static int 1169 sha512_data(Sum_t* p, Sumdata_t* data) 1170 { 1171 register Sha512_t* sha = (Sha512_t*)p; 1172 1173 data->size = SHA512_DIGEST_LENGTH; 1174 data->num = 0; 1175 data->buf = sha->digest; 1176 return 0; 1177 } 1178 1179 /*** SHA-384: *********************************************************/ 1180 1181 #define sha384_description "FIPS SHA-384 secure hash algorithm." 1182 #define sha384_options "\ 1183 [+(version)?sha-384 (FIPS) 2000-01-01]\ 1184 [+(author)?Aaron D. Gifford]\ 1185 " 1186 #define sha384_match "sha384|sha-384|SHA384|SHA-384" 1187 #define sha384_scale 0 1188 #define sha384_block sha512_block 1189 #define sha384_done sha512_done 1190 1191 #define sha384_padding md5_pad 1192 1193 #define Sha384_t Sha512_t 1194 #define SHA384_CTX Sha384_t 1195 #define SHA384_DIGEST_LENGTH 48 1196 1197 static int 1198 sha384_init(Sum_t* p) 1199 { 1200 register Sha384_t* sha = (Sha384_t*)p; 1201 1202 MEMCPY_BCOPY(sha->state, sha384_initial_hash_value, SHA512_DIGEST_LENGTH); 1203 MEMSET_BZERO(sha->buffer, SHA384_BLOCK_LENGTH); 1204 sha->bitcount[0] = sha->bitcount[1] = 0; 1205 1206 return 0; 1207 } 1208 1209 static Sum_t* 1210 sha384_open(const Method_t* method, const char* name) 1211 { 1212 Sha384_t* sha; 1213 1214 if (sha = newof(0, Sha384_t, 1, 0)) 1215 { 1216 sha->method = (Method_t*)method; 1217 sha->name = name; 1218 sha384_init((Sum_t*)sha); 1219 } 1220 return (Sum_t*)sha; 1221 } 1222 1223 static int 1224 sha384_print(Sum_t* p, Sfio_t* sp, register int flags, size_t scale) 1225 { 1226 register Sha384_t* sha = (Sha384_t*)p; 1227 register sha2_byte* d; 1228 register sha2_byte* e; 1229 1230 d = (flags & SUM_TOTAL) ? sha->digest_sum : sha->digest; 1231 e = d + SHA384_DIGEST_LENGTH; 1232 while (d < e) 1233 sfprintf(sp, "%02x", *d++); 1234 return 0; 1235 } 1236 1237 static int 1238 sha384_data(Sum_t* p, Sumdata_t* data) 1239 { 1240 register Sha384_t* sha = (Sha384_t*)p; 1241 1242 data->size = SHA384_DIGEST_LENGTH; 1243 data->num = 0; 1244 data->buf = sha->digest; 1245 return 0; 1246 } 1247 1248 #endif /* _typ_int64_t */ 1249