1*7c2fbfb3SApril Chin /*********************************************************************** 2*7c2fbfb3SApril Chin * * 3*7c2fbfb3SApril Chin * This software is part of the ast package * 4*7c2fbfb3SApril Chin * Copyright (c) 1996-2008 AT&T Intellectual Property * 5*7c2fbfb3SApril Chin * and is licensed under the * 6*7c2fbfb3SApril Chin * Common Public License, Version 1.0 * 7*7c2fbfb3SApril Chin * by AT&T Intellectual Property * 8*7c2fbfb3SApril Chin * * 9*7c2fbfb3SApril Chin * A copy of the License is available at * 10*7c2fbfb3SApril Chin * http://www.opensource.org/licenses/cpl1.0.txt * 11*7c2fbfb3SApril Chin * (with md5 checksum 059e8cd6165cb4c31e351f2b69388fd9) * 12*7c2fbfb3SApril Chin * * 13*7c2fbfb3SApril Chin * Information and Software Systems Research * 14*7c2fbfb3SApril Chin * AT&T Research * 15*7c2fbfb3SApril Chin * Florham Park NJ * 16*7c2fbfb3SApril Chin * * 17*7c2fbfb3SApril Chin * Glenn Fowler <gsf@research.att.com> * 18*7c2fbfb3SApril Chin * * 19*7c2fbfb3SApril Chin ***********************************************************************/ 20*7c2fbfb3SApril Chin #pragma prototyped 21*7c2fbfb3SApril Chin 22*7c2fbfb3SApril Chin #if _typ_int64_t 23*7c2fbfb3SApril Chin 24*7c2fbfb3SApril Chin /* 25*7c2fbfb3SApril Chin * Aaron D. Gifford's SHA {256,384,512} code transcribed into a -lsum method 26*7c2fbfb3SApril Chin */ 27*7c2fbfb3SApril Chin 28*7c2fbfb3SApril Chin /* 29*7c2fbfb3SApril Chin * Copyright (c) 2000-2001, Aaron D. Gifford 30*7c2fbfb3SApril Chin * All rights reserved. 31*7c2fbfb3SApril Chin * 32*7c2fbfb3SApril Chin * Redistribution and use in source and binary forms, with or without 33*7c2fbfb3SApril Chin * modification, are permitted provided that the following conditions 34*7c2fbfb3SApril Chin * are met: 35*7c2fbfb3SApril Chin * 1. Redistributions of source code must retain the above copyright 36*7c2fbfb3SApril Chin * notice, this list of conditions and the following disclaimer. 37*7c2fbfb3SApril Chin * 2. Redistributions in binary form must reproduce the above copyright 38*7c2fbfb3SApril Chin * notice, this list of conditions and the following disclaimer in the 39*7c2fbfb3SApril Chin * documentation and/or other materials provided with the distribution. 40*7c2fbfb3SApril Chin * 3. Neither the name of the copyright holder nor the names of contributors 41*7c2fbfb3SApril Chin * may be used to endorse or promote products derived from this software 42*7c2fbfb3SApril Chin * without specific prior written permission. 43*7c2fbfb3SApril Chin * 44*7c2fbfb3SApril Chin * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTOR(S) ``AS IS'' AND 45*7c2fbfb3SApril Chin * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 46*7c2fbfb3SApril Chin * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 47*7c2fbfb3SApril Chin * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTOR(S) BE LIABLE 48*7c2fbfb3SApril Chin * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 49*7c2fbfb3SApril Chin * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 50*7c2fbfb3SApril Chin * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 51*7c2fbfb3SApril Chin * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 52*7c2fbfb3SApril Chin * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 53*7c2fbfb3SApril Chin * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 54*7c2fbfb3SApril Chin * SUCH DAMAGE. 55*7c2fbfb3SApril Chin */ 56*7c2fbfb3SApril Chin 57*7c2fbfb3SApril Chin /* 58*7c2fbfb3SApril Chin * ASSERT NOTE: 59*7c2fbfb3SApril Chin * Some sanity checking code is included using assert(). On my FreeBSD 60*7c2fbfb3SApril Chin * system, this additional code can be removed by compiling with NDEBUG 61*7c2fbfb3SApril Chin * defined. Check your own systems manpage on assert() to see how to 62*7c2fbfb3SApril Chin * compile WITHOUT the sanity checking code on your system. 63*7c2fbfb3SApril Chin * 64*7c2fbfb3SApril Chin * UNROLLED TRANSFORM LOOP NOTE: 65*7c2fbfb3SApril Chin * You can define SHA2_UNROLL_TRANSFORM to use the unrolled transform 66*7c2fbfb3SApril Chin * loop version for the hash transform rounds (defined using macros 67*7c2fbfb3SApril Chin * later in this file). Either define on the command line, for example: 68*7c2fbfb3SApril Chin * 69*7c2fbfb3SApril Chin * cc -DSHA2_UNROLL_TRANSFORM -o sha2 sha2.c sha2prog.c 70*7c2fbfb3SApril Chin * 71*7c2fbfb3SApril Chin * or define below: 72*7c2fbfb3SApril Chin * 73*7c2fbfb3SApril Chin * #define SHA2_UNROLL_TRANSFORM 74*7c2fbfb3SApril Chin * 75*7c2fbfb3SApril Chin */ 76*7c2fbfb3SApril Chin 77*7c2fbfb3SApril Chin /*** SHA-256/384/512 Machine Architecture Definitions *****************/ 78*7c2fbfb3SApril Chin 79*7c2fbfb3SApril Chin #if _PACKAGE_ast 80*7c2fbfb3SApril Chin 81*7c2fbfb3SApril Chin #ifndef __USE_BSD 82*7c2fbfb3SApril Chin #define __undef__USE_BSD 83*7c2fbfb3SApril Chin #define __USE_BSD 84*7c2fbfb3SApril Chin #endif 85*7c2fbfb3SApril Chin #include <endian.h> 86*7c2fbfb3SApril Chin #ifdef __undef__USE_BSD 87*7c2fbfb3SApril Chin #undef __undef__USE_BSD 88*7c2fbfb3SApril Chin #undef __USE_BSD 89*7c2fbfb3SApril Chin #endif 90*7c2fbfb3SApril Chin 91*7c2fbfb3SApril Chin typedef uint8_t sha2_byte; /* Exactly 1 byte */ 92*7c2fbfb3SApril Chin typedef uint32_t sha2_word32; /* Exactly 4 bytes */ 93*7c2fbfb3SApril Chin typedef uint64_t sha2_word64; /* Exactly 8 bytes */ 94*7c2fbfb3SApril Chin 95*7c2fbfb3SApril Chin #define assert(x) 96*7c2fbfb3SApril Chin 97*7c2fbfb3SApril Chin #undef R 98*7c2fbfb3SApril Chin #undef S32 99*7c2fbfb3SApril Chin #undef S64 100*7c2fbfb3SApril Chin 101*7c2fbfb3SApril Chin #else /* _PACKAGE_ast */ 102*7c2fbfb3SApril Chin 103*7c2fbfb3SApril Chin /* 104*7c2fbfb3SApril Chin * BYTE_ORDER NOTE: 105*7c2fbfb3SApril Chin * 106*7c2fbfb3SApril Chin * Please make sure that your system defines BYTE_ORDER. If your 107*7c2fbfb3SApril Chin * architecture is little-endian, make sure it also defines 108*7c2fbfb3SApril Chin * LITTLE_ENDIAN and that the two (BYTE_ORDER and LITTLE_ENDIAN) are 109*7c2fbfb3SApril Chin * equivilent. 110*7c2fbfb3SApril Chin * 111*7c2fbfb3SApril Chin * If your system does not define the above, then you can do so by 112*7c2fbfb3SApril Chin * hand like this: 113*7c2fbfb3SApril Chin * 114*7c2fbfb3SApril Chin * #define LITTLE_ENDIAN 1234 115*7c2fbfb3SApril Chin * #define BIG_ENDIAN 4321 116*7c2fbfb3SApril Chin * 117*7c2fbfb3SApril Chin * And for little-endian machines, add: 118*7c2fbfb3SApril Chin * 119*7c2fbfb3SApril Chin * #define BYTE_ORDER LITTLE_ENDIAN 120*7c2fbfb3SApril Chin * 121*7c2fbfb3SApril Chin * Or for big-endian machines: 122*7c2fbfb3SApril Chin * 123*7c2fbfb3SApril Chin * #define BYTE_ORDER BIG_ENDIAN 124*7c2fbfb3SApril Chin * 125*7c2fbfb3SApril Chin * The FreeBSD machine this was written on defines BYTE_ORDER 126*7c2fbfb3SApril Chin * appropriately by including <sys/types.h> (which in turn includes 127*7c2fbfb3SApril Chin * <machine/endian.h> where the appropriate definitions are actually 128*7c2fbfb3SApril Chin * made). 129*7c2fbfb3SApril Chin */ 130*7c2fbfb3SApril Chin 131*7c2fbfb3SApril Chin #if !defined(BYTE_ORDER) || (BYTE_ORDER != LITTLE_ENDIAN && BYTE_ORDER != BIG_ENDIAN) 132*7c2fbfb3SApril Chin #error Define BYTE_ORDER to be equal to either LITTLE_ENDIAN or BIG_ENDIAN 133*7c2fbfb3SApril Chin #endif 134*7c2fbfb3SApril Chin 135*7c2fbfb3SApril Chin /* 136*7c2fbfb3SApril Chin * Define the following sha2_* types to types of the correct length on 137*7c2fbfb3SApril Chin * the native archtecture. Most BSD systems and Linux define u_intXX_t 138*7c2fbfb3SApril Chin * types. Machines with very recent ANSI C headers, can use the 139*7c2fbfb3SApril Chin * uintXX_t definintions from inttypes.h by defining SHA2_USE_INTTYPES_H 140*7c2fbfb3SApril Chin * during compile or in the sha.h header file. 141*7c2fbfb3SApril Chin * 142*7c2fbfb3SApril Chin * Machines that support neither u_intXX_t nor inttypes.h's uintXX_t 143*7c2fbfb3SApril Chin * will need to define these three typedefs below (and the appropriate 144*7c2fbfb3SApril Chin * ones in sha.h too) by hand according to their system architecture. 145*7c2fbfb3SApril Chin * 146*7c2fbfb3SApril Chin * Thank you, Jun-ichiro itojun Hagino, for suggesting using u_intXX_t 147*7c2fbfb3SApril Chin * types and pointing out recent ANSI C support for uintXX_t in inttypes.h. 148*7c2fbfb3SApril Chin */ 149*7c2fbfb3SApril Chin 150*7c2fbfb3SApril Chin #ifdef SHA2_USE_INTTYPES_H 151*7c2fbfb3SApril Chin 152*7c2fbfb3SApril Chin typedef uint8_t sha2_byte; /* Exactly 1 byte */ 153*7c2fbfb3SApril Chin typedef uint32_t sha2_word32; /* Exactly 4 bytes */ 154*7c2fbfb3SApril Chin typedef uint64_t sha2_word64; /* Exactly 8 bytes */ 155*7c2fbfb3SApril Chin 156*7c2fbfb3SApril Chin #else /* SHA2_USE_INTTYPES_H */ 157*7c2fbfb3SApril Chin 158*7c2fbfb3SApril Chin typedef u_int8_t sha2_byte; /* Exactly 1 byte */ 159*7c2fbfb3SApril Chin typedef u_int32_t sha2_word32; /* Exactly 4 bytes */ 160*7c2fbfb3SApril Chin typedef u_int64_t sha2_word64; /* Exactly 8 bytes */ 161*7c2fbfb3SApril Chin 162*7c2fbfb3SApril Chin #endif /* SHA2_USE_INTTYPES_H */ 163*7c2fbfb3SApril Chin 164*7c2fbfb3SApril Chin #endif /* _PACKAGE_ast */ 165*7c2fbfb3SApril Chin 166*7c2fbfb3SApril Chin /*** SHA-256/384/512 Various Length Definitions ***********************/ 167*7c2fbfb3SApril Chin 168*7c2fbfb3SApril Chin #define SHA256_BLOCK_LENGTH 64 169*7c2fbfb3SApril Chin #define SHA256_DIGEST_LENGTH 32 170*7c2fbfb3SApril Chin #define SHA384_BLOCK_LENGTH 128 171*7c2fbfb3SApril Chin #define SHA384_DIGEST_LENGTH 48 172*7c2fbfb3SApril Chin #define SHA512_BLOCK_LENGTH 128 173*7c2fbfb3SApril Chin #define SHA512_DIGEST_LENGTH 64 174*7c2fbfb3SApril Chin 175*7c2fbfb3SApril Chin #define SHA256_SHORT_BLOCK_LENGTH (SHA256_BLOCK_LENGTH - 8) 176*7c2fbfb3SApril Chin #define SHA384_SHORT_BLOCK_LENGTH (SHA384_BLOCK_LENGTH - 16) 177*7c2fbfb3SApril Chin #define SHA512_SHORT_BLOCK_LENGTH (SHA512_BLOCK_LENGTH - 16) 178*7c2fbfb3SApril Chin 179*7c2fbfb3SApril Chin /*** ENDIAN REVERSAL MACROS *******************************************/ 180*7c2fbfb3SApril Chin #if BYTE_ORDER == LITTLE_ENDIAN 181*7c2fbfb3SApril Chin #define REVERSE32(w,x) { \ 182*7c2fbfb3SApril Chin sha2_word32 tmp = (w); \ 183*7c2fbfb3SApril Chin tmp = (tmp >> 16) | (tmp << 16); \ 184*7c2fbfb3SApril Chin (x) = ((tmp & 0xff00ff00UL) >> 8) | ((tmp & 0x00ff00ffUL) << 8); \ 185*7c2fbfb3SApril Chin } 186*7c2fbfb3SApril Chin #if _ast_LL 187*7c2fbfb3SApril Chin #define REVERSE64(w,x) { \ 188*7c2fbfb3SApril Chin sha2_word64 tmp = (w); \ 189*7c2fbfb3SApril Chin tmp = (tmp >> 32) | (tmp << 32); \ 190*7c2fbfb3SApril Chin tmp = ((tmp & 0xff00ff00ff00ff00ULL) >> 8) | \ 191*7c2fbfb3SApril Chin ((tmp & 0x00ff00ff00ff00ffULL) << 8); \ 192*7c2fbfb3SApril Chin (x) = ((tmp & 0xffff0000ffff0000ULL) >> 16) | \ 193*7c2fbfb3SApril Chin ((tmp & 0x0000ffff0000ffffULL) << 16); \ 194*7c2fbfb3SApril Chin } 195*7c2fbfb3SApril Chin #else 196*7c2fbfb3SApril Chin #define REVERSE64(w,x) { \ 197*7c2fbfb3SApril Chin sha2_word64 tmp = (w); \ 198*7c2fbfb3SApril Chin tmp = (tmp >> 32) | (tmp << 32); \ 199*7c2fbfb3SApril Chin tmp = ((tmp & ((sha2_word64)0xff00ff00ff00ff00)) >> 8) | \ 200*7c2fbfb3SApril Chin ((tmp & ((sha2_word64)0x00ff00ff00ff00ff)) << 8); \ 201*7c2fbfb3SApril Chin (x) = ((tmp & ((sha2_word64)0xffff0000ffff0000)) >> 16) | \ 202*7c2fbfb3SApril Chin ((tmp & ((sha2_word64)0x0000ffff0000ffff)) << 16); \ 203*7c2fbfb3SApril Chin } 204*7c2fbfb3SApril Chin #endif 205*7c2fbfb3SApril Chin #endif /* BYTE_ORDER == LITTLE_ENDIAN */ 206*7c2fbfb3SApril Chin 207*7c2fbfb3SApril Chin /* 208*7c2fbfb3SApril Chin * Macro for incrementally adding the unsigned 64-bit integer n to the 209*7c2fbfb3SApril Chin * unsigned 128-bit integer (represented using a two-element array of 210*7c2fbfb3SApril Chin * 64-bit words): 211*7c2fbfb3SApril Chin */ 212*7c2fbfb3SApril Chin 213*7c2fbfb3SApril Chin #define ADDINC128(w,n) { \ 214*7c2fbfb3SApril Chin (w)[0] += (sha2_word64)(n); \ 215*7c2fbfb3SApril Chin if ((w)[0] < (n)) { \ 216*7c2fbfb3SApril Chin (w)[1]++; \ 217*7c2fbfb3SApril Chin } \ 218*7c2fbfb3SApril Chin } 219*7c2fbfb3SApril Chin 220*7c2fbfb3SApril Chin /* 221*7c2fbfb3SApril Chin * Macros for copying blocks of memory and for zeroing out ranges 222*7c2fbfb3SApril Chin * of memory. Using these macros makes it easy to switch from 223*7c2fbfb3SApril Chin * using memset()/memcpy() and using bzero()/bcopy(). 224*7c2fbfb3SApril Chin * 225*7c2fbfb3SApril Chin * Please define either SHA2_USE_MEMSET_MEMCPY or define 226*7c2fbfb3SApril Chin * SHA2_USE_BZERO_BCOPY depending on which function set you 227*7c2fbfb3SApril Chin * choose to use: 228*7c2fbfb3SApril Chin */ 229*7c2fbfb3SApril Chin 230*7c2fbfb3SApril Chin #if !defined(SHA2_USE_MEMSET_MEMCPY) && !defined(SHA2_USE_BZERO_BCOPY) 231*7c2fbfb3SApril Chin /* Default to memset()/memcpy() if no option is specified */ 232*7c2fbfb3SApril Chin #define SHA2_USE_MEMSET_MEMCPY 1 233*7c2fbfb3SApril Chin #endif 234*7c2fbfb3SApril Chin #if defined(SHA2_USE_MEMSET_MEMCPY) && defined(SHA2_USE_BZERO_BCOPY) 235*7c2fbfb3SApril Chin /* Abort with an error if BOTH options are defined */ 236*7c2fbfb3SApril Chin #error Define either SHA2_USE_MEMSET_MEMCPY or SHA2_USE_BZERO_BCOPY, not both! 237*7c2fbfb3SApril Chin #endif 238*7c2fbfb3SApril Chin 239*7c2fbfb3SApril Chin #ifdef SHA2_USE_MEMSET_MEMCPY 240*7c2fbfb3SApril Chin #define MEMSET_BZERO(p,l) memset((p), 0, (l)) 241*7c2fbfb3SApril Chin #define MEMCPY_BCOPY(d,s,l) memcpy((d), (s), (l)) 242*7c2fbfb3SApril Chin #endif 243*7c2fbfb3SApril Chin #ifdef SHA2_USE_BZERO_BCOPY 244*7c2fbfb3SApril Chin #define MEMSET_BZERO(p,l) bzero((p), (l)) 245*7c2fbfb3SApril Chin #define MEMCPY_BCOPY(d,s,l) bcopy((s), (d), (l)) 246*7c2fbfb3SApril Chin #endif 247*7c2fbfb3SApril Chin 248*7c2fbfb3SApril Chin 249*7c2fbfb3SApril Chin /*** THE SIX LOGICAL FUNCTIONS ****************************************/ 250*7c2fbfb3SApril Chin /* 251*7c2fbfb3SApril Chin * Bit shifting and rotation (used by the six SHA-XYZ logical functions: 252*7c2fbfb3SApril Chin * 253*7c2fbfb3SApril Chin * NOTE: The naming of R and S appears backwards here (R is a SHIFT and 254*7c2fbfb3SApril Chin * S is a ROTATION) because the SHA-256/384/512 description document 255*7c2fbfb3SApril Chin * (see http://csrc.nist.gov/cryptval/shs/sha256-384-512.pdf) uses this 256*7c2fbfb3SApril Chin * same "backwards" definition. 257*7c2fbfb3SApril Chin */ 258*7c2fbfb3SApril Chin 259*7c2fbfb3SApril Chin /* Shift-right (used in SHA-256, SHA-384, and SHA-512): */ 260*7c2fbfb3SApril Chin #define R(b,x) ((x) >> (b)) 261*7c2fbfb3SApril Chin /* 32-bit Rotate-right (used in SHA-256): */ 262*7c2fbfb3SApril Chin #define S32(b,x) (((x) >> (b)) | ((x) << (32 - (b)))) 263*7c2fbfb3SApril Chin /* 64-bit Rotate-right (used in SHA-384 and SHA-512): */ 264*7c2fbfb3SApril Chin #define S64(b,x) (((x) >> (b)) | ((x) << (64 - (b)))) 265*7c2fbfb3SApril Chin 266*7c2fbfb3SApril Chin /* Two of six logical functions used in SHA-256, SHA-384, and SHA-512: */ 267*7c2fbfb3SApril Chin #define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z))) 268*7c2fbfb3SApril Chin #define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) 269*7c2fbfb3SApril Chin 270*7c2fbfb3SApril Chin /* Four of six logical functions used in SHA-256: */ 271*7c2fbfb3SApril Chin #define Sigma0_256(x) (S32(2, (x)) ^ S32(13, (x)) ^ S32(22, (x))) 272*7c2fbfb3SApril Chin #define Sigma1_256(x) (S32(6, (x)) ^ S32(11, (x)) ^ S32(25, (x))) 273*7c2fbfb3SApril Chin #define sigma0_256(x) (S32(7, (x)) ^ S32(18, (x)) ^ R(3 , (x))) 274*7c2fbfb3SApril Chin #define sigma1_256(x) (S32(17, (x)) ^ S32(19, (x)) ^ R(10, (x))) 275*7c2fbfb3SApril Chin 276*7c2fbfb3SApril Chin /* Four of six logical functions used in SHA-384 and SHA-512: */ 277*7c2fbfb3SApril Chin #define Sigma0_512(x) (S64(28, (x)) ^ S64(34, (x)) ^ S64(39, (x))) 278*7c2fbfb3SApril Chin #define Sigma1_512(x) (S64(14, (x)) ^ S64(18, (x)) ^ S64(41, (x))) 279*7c2fbfb3SApril Chin #define sigma0_512(x) (S64( 1, (x)) ^ S64( 8, (x)) ^ R( 7, (x))) 280*7c2fbfb3SApril Chin #define sigma1_512(x) (S64(19, (x)) ^ S64(61, (x)) ^ R( 6, (x))) 281*7c2fbfb3SApril Chin 282*7c2fbfb3SApril Chin /*** SHA-XYZ INITIAL HASH VALUES AND CONSTANTS ************************/ 283*7c2fbfb3SApril Chin /* Hash constant words K for SHA-256: */ 284*7c2fbfb3SApril Chin static const sha2_word32 K256[64] = { 285*7c2fbfb3SApril Chin 0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL, 286*7c2fbfb3SApril Chin 0x3956c25bUL, 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL, 287*7c2fbfb3SApril Chin 0xd807aa98UL, 0x12835b01UL, 0x243185beUL, 0x550c7dc3UL, 288*7c2fbfb3SApril Chin 0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL, 0xc19bf174UL, 289*7c2fbfb3SApril Chin 0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL, 290*7c2fbfb3SApril Chin 0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL, 291*7c2fbfb3SApril Chin 0x983e5152UL, 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL, 292*7c2fbfb3SApril Chin 0xc6e00bf3UL, 0xd5a79147UL, 0x06ca6351UL, 0x14292967UL, 293*7c2fbfb3SApril Chin 0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL, 0x53380d13UL, 294*7c2fbfb3SApril Chin 0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL, 295*7c2fbfb3SApril Chin 0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL, 296*7c2fbfb3SApril Chin 0xd192e819UL, 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL, 297*7c2fbfb3SApril Chin 0x19a4c116UL, 0x1e376c08UL, 0x2748774cUL, 0x34b0bcb5UL, 298*7c2fbfb3SApril Chin 0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL, 0x682e6ff3UL, 299*7c2fbfb3SApril Chin 0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL, 300*7c2fbfb3SApril Chin 0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL 301*7c2fbfb3SApril Chin }; 302*7c2fbfb3SApril Chin 303*7c2fbfb3SApril Chin /* Initial hash value H for SHA-256: */ 304*7c2fbfb3SApril Chin static const sha2_word32 sha256_initial_hash_value[8] = { 305*7c2fbfb3SApril Chin 0x6a09e667UL, 306*7c2fbfb3SApril Chin 0xbb67ae85UL, 307*7c2fbfb3SApril Chin 0x3c6ef372UL, 308*7c2fbfb3SApril Chin 0xa54ff53aUL, 309*7c2fbfb3SApril Chin 0x510e527fUL, 310*7c2fbfb3SApril Chin 0x9b05688cUL, 311*7c2fbfb3SApril Chin 0x1f83d9abUL, 312*7c2fbfb3SApril Chin 0x5be0cd19UL 313*7c2fbfb3SApril Chin }; 314*7c2fbfb3SApril Chin 315*7c2fbfb3SApril Chin /* Hash constant words K for SHA-384 and SHA-512: */ 316*7c2fbfb3SApril Chin static const sha2_word64 K512[80] = { 317*7c2fbfb3SApril Chin #if _ast_LL 318*7c2fbfb3SApril Chin 0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL, 319*7c2fbfb3SApril Chin 0xb5c0fbcfec4d3b2fULL, 0xe9b5dba58189dbbcULL, 320*7c2fbfb3SApril Chin 0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL, 321*7c2fbfb3SApril Chin 0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL, 322*7c2fbfb3SApril Chin 0xd807aa98a3030242ULL, 0x12835b0145706fbeULL, 323*7c2fbfb3SApril Chin 0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL, 324*7c2fbfb3SApril Chin 0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL, 325*7c2fbfb3SApril Chin 0x9bdc06a725c71235ULL, 0xc19bf174cf692694ULL, 326*7c2fbfb3SApril Chin 0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL, 327*7c2fbfb3SApril Chin 0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL, 328*7c2fbfb3SApril Chin 0x2de92c6f592b0275ULL, 0x4a7484aa6ea6e483ULL, 329*7c2fbfb3SApril Chin 0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL, 330*7c2fbfb3SApril Chin 0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL, 331*7c2fbfb3SApril Chin 0xb00327c898fb213fULL, 0xbf597fc7beef0ee4ULL, 332*7c2fbfb3SApril Chin 0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL, 333*7c2fbfb3SApril Chin 0x06ca6351e003826fULL, 0x142929670a0e6e70ULL, 334*7c2fbfb3SApril Chin 0x27b70a8546d22ffcULL, 0x2e1b21385c26c926ULL, 335*7c2fbfb3SApril Chin 0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL, 336*7c2fbfb3SApril Chin 0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL, 337*7c2fbfb3SApril Chin 0x81c2c92e47edaee6ULL, 0x92722c851482353bULL, 338*7c2fbfb3SApril Chin 0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL, 339*7c2fbfb3SApril Chin 0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL, 340*7c2fbfb3SApril Chin 0xd192e819d6ef5218ULL, 0xd69906245565a910ULL, 341*7c2fbfb3SApril Chin 0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL, 342*7c2fbfb3SApril Chin 0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL, 343*7c2fbfb3SApril Chin 0x2748774cdf8eeb99ULL, 0x34b0bcb5e19b48a8ULL, 344*7c2fbfb3SApril Chin 0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL, 345*7c2fbfb3SApril Chin 0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL, 346*7c2fbfb3SApril Chin 0x748f82ee5defb2fcULL, 0x78a5636f43172f60ULL, 347*7c2fbfb3SApril Chin 0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL, 348*7c2fbfb3SApril Chin 0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL, 349*7c2fbfb3SApril Chin 0xbef9a3f7b2c67915ULL, 0xc67178f2e372532bULL, 350*7c2fbfb3SApril Chin 0xca273eceea26619cULL, 0xd186b8c721c0c207ULL, 351*7c2fbfb3SApril Chin 0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL, 352*7c2fbfb3SApril Chin 0x06f067aa72176fbaULL, 0x0a637dc5a2c898a6ULL, 353*7c2fbfb3SApril Chin 0x113f9804bef90daeULL, 0x1b710b35131c471bULL, 354*7c2fbfb3SApril Chin 0x28db77f523047d84ULL, 0x32caab7b40c72493ULL, 355*7c2fbfb3SApril Chin 0x3c9ebe0a15c9bebcULL, 0x431d67c49c100d4cULL, 356*7c2fbfb3SApril Chin 0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL, 357*7c2fbfb3SApril Chin 0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL 358*7c2fbfb3SApril Chin #else 359*7c2fbfb3SApril Chin ((sha2_word64)0x428a2f98d728ae22), ((sha2_word64)0x7137449123ef65cd), 360*7c2fbfb3SApril Chin ((sha2_word64)0xb5c0fbcfec4d3b2f), ((sha2_word64)0xe9b5dba58189dbbc), 361*7c2fbfb3SApril Chin ((sha2_word64)0x3956c25bf348b538), ((sha2_word64)0x59f111f1b605d019), 362*7c2fbfb3SApril Chin ((sha2_word64)0x923f82a4af194f9b), ((sha2_word64)0xab1c5ed5da6d8118), 363*7c2fbfb3SApril Chin ((sha2_word64)0xd807aa98a3030242), ((sha2_word64)0x12835b0145706fbe), 364*7c2fbfb3SApril Chin ((sha2_word64)0x243185be4ee4b28c), ((sha2_word64)0x550c7dc3d5ffb4e2), 365*7c2fbfb3SApril Chin ((sha2_word64)0x72be5d74f27b896f), ((sha2_word64)0x80deb1fe3b1696b1), 366*7c2fbfb3SApril Chin ((sha2_word64)0x9bdc06a725c71235), ((sha2_word64)0xc19bf174cf692694), 367*7c2fbfb3SApril Chin ((sha2_word64)0xe49b69c19ef14ad2), ((sha2_word64)0xefbe4786384f25e3), 368*7c2fbfb3SApril Chin ((sha2_word64)0x0fc19dc68b8cd5b5), ((sha2_word64)0x240ca1cc77ac9c65), 369*7c2fbfb3SApril Chin ((sha2_word64)0x2de92c6f592b0275), ((sha2_word64)0x4a7484aa6ea6e483), 370*7c2fbfb3SApril Chin ((sha2_word64)0x5cb0a9dcbd41fbd4), ((sha2_word64)0x76f988da831153b5), 371*7c2fbfb3SApril Chin ((sha2_word64)0x983e5152ee66dfab), ((sha2_word64)0xa831c66d2db43210), 372*7c2fbfb3SApril Chin ((sha2_word64)0xb00327c898fb213f), ((sha2_word64)0xbf597fc7beef0ee4), 373*7c2fbfb3SApril Chin ((sha2_word64)0xc6e00bf33da88fc2), ((sha2_word64)0xd5a79147930aa725), 374*7c2fbfb3SApril Chin ((sha2_word64)0x06ca6351e003826f), ((sha2_word64)0x142929670a0e6e70), 375*7c2fbfb3SApril Chin ((sha2_word64)0x27b70a8546d22ffc), ((sha2_word64)0x2e1b21385c26c926), 376*7c2fbfb3SApril Chin ((sha2_word64)0x4d2c6dfc5ac42aed), ((sha2_word64)0x53380d139d95b3df), 377*7c2fbfb3SApril Chin ((sha2_word64)0x650a73548baf63de), ((sha2_word64)0x766a0abb3c77b2a8), 378*7c2fbfb3SApril Chin ((sha2_word64)0x81c2c92e47edaee6), ((sha2_word64)0x92722c851482353b), 379*7c2fbfb3SApril Chin ((sha2_word64)0xa2bfe8a14cf10364), ((sha2_word64)0xa81a664bbc423001), 380*7c2fbfb3SApril Chin ((sha2_word64)0xc24b8b70d0f89791), ((sha2_word64)0xc76c51a30654be30), 381*7c2fbfb3SApril Chin ((sha2_word64)0xd192e819d6ef5218), ((sha2_word64)0xd69906245565a910), 382*7c2fbfb3SApril Chin ((sha2_word64)0xf40e35855771202a), ((sha2_word64)0x106aa07032bbd1b8), 383*7c2fbfb3SApril Chin ((sha2_word64)0x19a4c116b8d2d0c8), ((sha2_word64)0x1e376c085141ab53), 384*7c2fbfb3SApril Chin ((sha2_word64)0x2748774cdf8eeb99), ((sha2_word64)0x34b0bcb5e19b48a8), 385*7c2fbfb3SApril Chin ((sha2_word64)0x391c0cb3c5c95a63), ((sha2_word64)0x4ed8aa4ae3418acb), 386*7c2fbfb3SApril Chin ((sha2_word64)0x5b9cca4f7763e373), ((sha2_word64)0x682e6ff3d6b2b8a3), 387*7c2fbfb3SApril Chin ((sha2_word64)0x748f82ee5defb2fc), ((sha2_word64)0x78a5636f43172f60), 388*7c2fbfb3SApril Chin ((sha2_word64)0x84c87814a1f0ab72), ((sha2_word64)0x8cc702081a6439ec), 389*7c2fbfb3SApril Chin ((sha2_word64)0x90befffa23631e28), ((sha2_word64)0xa4506cebde82bde9), 390*7c2fbfb3SApril Chin ((sha2_word64)0xbef9a3f7b2c67915), ((sha2_word64)0xc67178f2e372532b), 391*7c2fbfb3SApril Chin ((sha2_word64)0xca273eceea26619c), ((sha2_word64)0xd186b8c721c0c207), 392*7c2fbfb3SApril Chin ((sha2_word64)0xeada7dd6cde0eb1e), ((sha2_word64)0xf57d4f7fee6ed178), 393*7c2fbfb3SApril Chin ((sha2_word64)0x06f067aa72176fba), ((sha2_word64)0x0a637dc5a2c898a6), 394*7c2fbfb3SApril Chin ((sha2_word64)0x113f9804bef90dae), ((sha2_word64)0x1b710b35131c471b), 395*7c2fbfb3SApril Chin ((sha2_word64)0x28db77f523047d84), ((sha2_word64)0x32caab7b40c72493), 396*7c2fbfb3SApril Chin ((sha2_word64)0x3c9ebe0a15c9bebc), ((sha2_word64)0x431d67c49c100d4c), 397*7c2fbfb3SApril Chin ((sha2_word64)0x4cc5d4becb3e42b6), ((sha2_word64)0x597f299cfc657e2a), 398*7c2fbfb3SApril Chin ((sha2_word64)0x5fcb6fab3ad6faec), ((sha2_word64)0x6c44198c4a475817) 399*7c2fbfb3SApril Chin #endif 400*7c2fbfb3SApril Chin }; 401*7c2fbfb3SApril Chin 402*7c2fbfb3SApril Chin /* Initial hash value H for SHA-384 */ 403*7c2fbfb3SApril Chin static const sha2_word64 sha384_initial_hash_value[8] = { 404*7c2fbfb3SApril Chin #if _ast_LL 405*7c2fbfb3SApril Chin 0xcbbb9d5dc1059ed8ULL, 406*7c2fbfb3SApril Chin 0x629a292a367cd507ULL, 407*7c2fbfb3SApril Chin 0x9159015a3070dd17ULL, 408*7c2fbfb3SApril Chin 0x152fecd8f70e5939ULL, 409*7c2fbfb3SApril Chin 0x67332667ffc00b31ULL, 410*7c2fbfb3SApril Chin 0x8eb44a8768581511ULL, 411*7c2fbfb3SApril Chin 0xdb0c2e0d64f98fa7ULL, 412*7c2fbfb3SApril Chin 0x47b5481dbefa4fa4ULL 413*7c2fbfb3SApril Chin #else 414*7c2fbfb3SApril Chin ((sha2_word64)0xcbbb9d5dc1059ed8), 415*7c2fbfb3SApril Chin ((sha2_word64)0x629a292a367cd507), 416*7c2fbfb3SApril Chin ((sha2_word64)0x9159015a3070dd17), 417*7c2fbfb3SApril Chin ((sha2_word64)0x152fecd8f70e5939), 418*7c2fbfb3SApril Chin ((sha2_word64)0x67332667ffc00b31), 419*7c2fbfb3SApril Chin ((sha2_word64)0x8eb44a8768581511), 420*7c2fbfb3SApril Chin ((sha2_word64)0xdb0c2e0d64f98fa7), 421*7c2fbfb3SApril Chin ((sha2_word64)0x47b5481dbefa4fa4) 422*7c2fbfb3SApril Chin #endif 423*7c2fbfb3SApril Chin }; 424*7c2fbfb3SApril Chin 425*7c2fbfb3SApril Chin /* Initial hash value H for SHA-512 */ 426*7c2fbfb3SApril Chin static const sha2_word64 sha512_initial_hash_value[8] = { 427*7c2fbfb3SApril Chin #if _ast_LL 428*7c2fbfb3SApril Chin 0x6a09e667f3bcc908ULL, 429*7c2fbfb3SApril Chin 0xbb67ae8584caa73bULL, 430*7c2fbfb3SApril Chin 0x3c6ef372fe94f82bULL, 431*7c2fbfb3SApril Chin 0xa54ff53a5f1d36f1ULL, 432*7c2fbfb3SApril Chin 0x510e527fade682d1ULL, 433*7c2fbfb3SApril Chin 0x9b05688c2b3e6c1fULL, 434*7c2fbfb3SApril Chin 0x1f83d9abfb41bd6bULL, 435*7c2fbfb3SApril Chin 0x5be0cd19137e2179ULL 436*7c2fbfb3SApril Chin #else 437*7c2fbfb3SApril Chin ((sha2_word64)0x6a09e667f3bcc908), 438*7c2fbfb3SApril Chin ((sha2_word64)0xbb67ae8584caa73b), 439*7c2fbfb3SApril Chin ((sha2_word64)0x3c6ef372fe94f82b), 440*7c2fbfb3SApril Chin ((sha2_word64)0xa54ff53a5f1d36f1), 441*7c2fbfb3SApril Chin ((sha2_word64)0x510e527fade682d1), 442*7c2fbfb3SApril Chin ((sha2_word64)0x9b05688c2b3e6c1f), 443*7c2fbfb3SApril Chin ((sha2_word64)0x1f83d9abfb41bd6b), 444*7c2fbfb3SApril Chin ((sha2_word64)0x5be0cd19137e2179) 445*7c2fbfb3SApril Chin #endif 446*7c2fbfb3SApril Chin }; 447*7c2fbfb3SApril Chin 448*7c2fbfb3SApril Chin /*** SHA-256: *********************************************************/ 449*7c2fbfb3SApril Chin 450*7c2fbfb3SApril Chin #define sha256_description "FIPS SHA-256 secure hash algorithm." 451*7c2fbfb3SApril Chin #define sha256_options "\ 452*7c2fbfb3SApril Chin [+(version)?sha-256 (FIPS) 2000-01-01]\ 453*7c2fbfb3SApril Chin [+(author)?Aaron D. Gifford]\ 454*7c2fbfb3SApril Chin " 455*7c2fbfb3SApril Chin #define sha256_match "sha256|sha-256|SHA256|SHA-256" 456*7c2fbfb3SApril Chin #define sha256_scale 0 457*7c2fbfb3SApril Chin 458*7c2fbfb3SApril Chin #define sha256_padding md5_pad 459*7c2fbfb3SApril Chin 460*7c2fbfb3SApril Chin #define SHA256_CTX Sha256_t 461*7c2fbfb3SApril Chin 462*7c2fbfb3SApril Chin typedef struct Sha256_s 463*7c2fbfb3SApril Chin { 464*7c2fbfb3SApril Chin _SUM_PUBLIC_ 465*7c2fbfb3SApril Chin _SUM_PRIVATE_ 466*7c2fbfb3SApril Chin sha2_byte digest[SHA256_DIGEST_LENGTH]; 467*7c2fbfb3SApril Chin sha2_byte digest_sum[SHA256_DIGEST_LENGTH]; 468*7c2fbfb3SApril Chin sha2_word32 state[8]; 469*7c2fbfb3SApril Chin sha2_word64 bitcount; 470*7c2fbfb3SApril Chin sha2_byte buffer[SHA256_BLOCK_LENGTH]; 471*7c2fbfb3SApril Chin } Sha256_t; 472*7c2fbfb3SApril Chin 473*7c2fbfb3SApril Chin #ifdef SHA2_UNROLL_TRANSFORM 474*7c2fbfb3SApril Chin 475*7c2fbfb3SApril Chin /* Unrolled SHA-256 round macros: */ 476*7c2fbfb3SApril Chin 477*7c2fbfb3SApril Chin #if BYTE_ORDER == LITTLE_ENDIAN 478*7c2fbfb3SApril Chin 479*7c2fbfb3SApril Chin #define ROUND256_0_TO_15(a,b,c,d,e,f,g,h) \ 480*7c2fbfb3SApril Chin REVERSE32(*data++, W256[j]); \ 481*7c2fbfb3SApril Chin T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + \ 482*7c2fbfb3SApril Chin K256[j] + W256[j]; \ 483*7c2fbfb3SApril Chin (d) += T1; \ 484*7c2fbfb3SApril Chin (h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \ 485*7c2fbfb3SApril Chin j++ 486*7c2fbfb3SApril Chin 487*7c2fbfb3SApril Chin 488*7c2fbfb3SApril Chin #else /* BYTE_ORDER == LITTLE_ENDIAN */ 489*7c2fbfb3SApril Chin 490*7c2fbfb3SApril Chin #define ROUND256_0_TO_15(a,b,c,d,e,f,g,h) \ 491*7c2fbfb3SApril Chin T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + \ 492*7c2fbfb3SApril Chin K256[j] + (W256[j] = *data++); \ 493*7c2fbfb3SApril Chin (d) += T1; \ 494*7c2fbfb3SApril Chin (h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \ 495*7c2fbfb3SApril Chin j++ 496*7c2fbfb3SApril Chin 497*7c2fbfb3SApril Chin #endif /* BYTE_ORDER == LITTLE_ENDIAN */ 498*7c2fbfb3SApril Chin 499*7c2fbfb3SApril Chin #define ROUND256(a,b,c,d,e,f,g,h) \ 500*7c2fbfb3SApril Chin s0 = W256[(j+1)&0x0f]; \ 501*7c2fbfb3SApril Chin s0 = sigma0_256(s0); \ 502*7c2fbfb3SApril Chin s1 = W256[(j+14)&0x0f]; \ 503*7c2fbfb3SApril Chin s1 = sigma1_256(s1); \ 504*7c2fbfb3SApril Chin T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + K256[j] + \ 505*7c2fbfb3SApril Chin (W256[j&0x0f] += s1 + W256[(j+9)&0x0f] + s0); \ 506*7c2fbfb3SApril Chin (d) += T1; \ 507*7c2fbfb3SApril Chin (h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \ 508*7c2fbfb3SApril Chin j++ 509*7c2fbfb3SApril Chin 510*7c2fbfb3SApril Chin static void SHA256_Transform(SHA256_CTX* sha, const sha2_word32* data) { 511*7c2fbfb3SApril Chin sha2_word32 a, b, c, d, e, f, g, h, s0, s1; 512*7c2fbfb3SApril Chin sha2_word32 T1, *W256; 513*7c2fbfb3SApril Chin int j; 514*7c2fbfb3SApril Chin 515*7c2fbfb3SApril Chin W256 = (sha2_word32*)sha->buffer; 516*7c2fbfb3SApril Chin 517*7c2fbfb3SApril Chin /* Initialize registers with the prev. intermediate value */ 518*7c2fbfb3SApril Chin a = sha->state[0]; 519*7c2fbfb3SApril Chin b = sha->state[1]; 520*7c2fbfb3SApril Chin c = sha->state[2]; 521*7c2fbfb3SApril Chin d = sha->state[3]; 522*7c2fbfb3SApril Chin e = sha->state[4]; 523*7c2fbfb3SApril Chin f = sha->state[5]; 524*7c2fbfb3SApril Chin g = sha->state[6]; 525*7c2fbfb3SApril Chin h = sha->state[7]; 526*7c2fbfb3SApril Chin 527*7c2fbfb3SApril Chin j = 0; 528*7c2fbfb3SApril Chin do { 529*7c2fbfb3SApril Chin /* Rounds 0 to 15 (unrolled): */ 530*7c2fbfb3SApril Chin ROUND256_0_TO_15(a,b,c,d,e,f,g,h); 531*7c2fbfb3SApril Chin ROUND256_0_TO_15(h,a,b,c,d,e,f,g); 532*7c2fbfb3SApril Chin ROUND256_0_TO_15(g,h,a,b,c,d,e,f); 533*7c2fbfb3SApril Chin ROUND256_0_TO_15(f,g,h,a,b,c,d,e); 534*7c2fbfb3SApril Chin ROUND256_0_TO_15(e,f,g,h,a,b,c,d); 535*7c2fbfb3SApril Chin ROUND256_0_TO_15(d,e,f,g,h,a,b,c); 536*7c2fbfb3SApril Chin ROUND256_0_TO_15(c,d,e,f,g,h,a,b); 537*7c2fbfb3SApril Chin ROUND256_0_TO_15(b,c,d,e,f,g,h,a); 538*7c2fbfb3SApril Chin } while (j < 16); 539*7c2fbfb3SApril Chin 540*7c2fbfb3SApril Chin /* Now for the remaining rounds to 64: */ 541*7c2fbfb3SApril Chin do { 542*7c2fbfb3SApril Chin ROUND256(a,b,c,d,e,f,g,h); 543*7c2fbfb3SApril Chin ROUND256(h,a,b,c,d,e,f,g); 544*7c2fbfb3SApril Chin ROUND256(g,h,a,b,c,d,e,f); 545*7c2fbfb3SApril Chin ROUND256(f,g,h,a,b,c,d,e); 546*7c2fbfb3SApril Chin ROUND256(e,f,g,h,a,b,c,d); 547*7c2fbfb3SApril Chin ROUND256(d,e,f,g,h,a,b,c); 548*7c2fbfb3SApril Chin ROUND256(c,d,e,f,g,h,a,b); 549*7c2fbfb3SApril Chin ROUND256(b,c,d,e,f,g,h,a); 550*7c2fbfb3SApril Chin } while (j < 64); 551*7c2fbfb3SApril Chin 552*7c2fbfb3SApril Chin /* Compute the current intermediate hash value */ 553*7c2fbfb3SApril Chin sha->state[0] += a; 554*7c2fbfb3SApril Chin sha->state[1] += b; 555*7c2fbfb3SApril Chin sha->state[2] += c; 556*7c2fbfb3SApril Chin sha->state[3] += d; 557*7c2fbfb3SApril Chin sha->state[4] += e; 558*7c2fbfb3SApril Chin sha->state[5] += f; 559*7c2fbfb3SApril Chin sha->state[6] += g; 560*7c2fbfb3SApril Chin sha->state[7] += h; 561*7c2fbfb3SApril Chin 562*7c2fbfb3SApril Chin /* Clean up */ 563*7c2fbfb3SApril Chin a = b = c = d = e = f = g = h = T1 = 0; 564*7c2fbfb3SApril Chin } 565*7c2fbfb3SApril Chin 566*7c2fbfb3SApril Chin #else /* SHA2_UNROLL_TRANSFORM */ 567*7c2fbfb3SApril Chin 568*7c2fbfb3SApril Chin static void SHA256_Transform(SHA256_CTX* sha, const sha2_word32* data) { 569*7c2fbfb3SApril Chin sha2_word32 a, b, c, d, e, f, g, h, s0, s1; 570*7c2fbfb3SApril Chin sha2_word32 T1, T2, *W256; 571*7c2fbfb3SApril Chin int j; 572*7c2fbfb3SApril Chin 573*7c2fbfb3SApril Chin W256 = (sha2_word32*)sha->buffer; 574*7c2fbfb3SApril Chin 575*7c2fbfb3SApril Chin /* Initialize registers with the prev. intermediate value */ 576*7c2fbfb3SApril Chin a = sha->state[0]; 577*7c2fbfb3SApril Chin b = sha->state[1]; 578*7c2fbfb3SApril Chin c = sha->state[2]; 579*7c2fbfb3SApril Chin d = sha->state[3]; 580*7c2fbfb3SApril Chin e = sha->state[4]; 581*7c2fbfb3SApril Chin f = sha->state[5]; 582*7c2fbfb3SApril Chin g = sha->state[6]; 583*7c2fbfb3SApril Chin h = sha->state[7]; 584*7c2fbfb3SApril Chin 585*7c2fbfb3SApril Chin j = 0; 586*7c2fbfb3SApril Chin do { 587*7c2fbfb3SApril Chin #if BYTE_ORDER == LITTLE_ENDIAN 588*7c2fbfb3SApril Chin /* Copy data while converting to host byte order */ 589*7c2fbfb3SApril Chin REVERSE32(*data++,W256[j]); 590*7c2fbfb3SApril Chin /* Apply the SHA-256 compression function to update a..h */ 591*7c2fbfb3SApril Chin T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + W256[j]; 592*7c2fbfb3SApril Chin #else /* BYTE_ORDER == LITTLE_ENDIAN */ 593*7c2fbfb3SApril Chin /* Apply the SHA-256 compression function to update a..h with copy */ 594*7c2fbfb3SApril Chin T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + (W256[j] = *data++); 595*7c2fbfb3SApril Chin #endif /* BYTE_ORDER == LITTLE_ENDIAN */ 596*7c2fbfb3SApril Chin T2 = Sigma0_256(a) + Maj(a, b, c); 597*7c2fbfb3SApril Chin h = g; 598*7c2fbfb3SApril Chin g = f; 599*7c2fbfb3SApril Chin f = e; 600*7c2fbfb3SApril Chin e = d + T1; 601*7c2fbfb3SApril Chin d = c; 602*7c2fbfb3SApril Chin c = b; 603*7c2fbfb3SApril Chin b = a; 604*7c2fbfb3SApril Chin a = T1 + T2; 605*7c2fbfb3SApril Chin 606*7c2fbfb3SApril Chin j++; 607*7c2fbfb3SApril Chin } while (j < 16); 608*7c2fbfb3SApril Chin 609*7c2fbfb3SApril Chin do { 610*7c2fbfb3SApril Chin /* Part of the message block expansion: */ 611*7c2fbfb3SApril Chin s0 = W256[(j+1)&0x0f]; 612*7c2fbfb3SApril Chin s0 = sigma0_256(s0); 613*7c2fbfb3SApril Chin s1 = W256[(j+14)&0x0f]; 614*7c2fbfb3SApril Chin s1 = sigma1_256(s1); 615*7c2fbfb3SApril Chin 616*7c2fbfb3SApril Chin /* Apply the SHA-256 compression function to update a..h */ 617*7c2fbfb3SApril Chin T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + 618*7c2fbfb3SApril Chin (W256[j&0x0f] += s1 + W256[(j+9)&0x0f] + s0); 619*7c2fbfb3SApril Chin T2 = Sigma0_256(a) + Maj(a, b, c); 620*7c2fbfb3SApril Chin h = g; 621*7c2fbfb3SApril Chin g = f; 622*7c2fbfb3SApril Chin f = e; 623*7c2fbfb3SApril Chin e = d + T1; 624*7c2fbfb3SApril Chin d = c; 625*7c2fbfb3SApril Chin c = b; 626*7c2fbfb3SApril Chin b = a; 627*7c2fbfb3SApril Chin a = T1 + T2; 628*7c2fbfb3SApril Chin 629*7c2fbfb3SApril Chin j++; 630*7c2fbfb3SApril Chin } while (j < 64); 631*7c2fbfb3SApril Chin 632*7c2fbfb3SApril Chin /* Compute the current intermediate hash value */ 633*7c2fbfb3SApril Chin sha->state[0] += a; 634*7c2fbfb3SApril Chin sha->state[1] += b; 635*7c2fbfb3SApril Chin sha->state[2] += c; 636*7c2fbfb3SApril Chin sha->state[3] += d; 637*7c2fbfb3SApril Chin sha->state[4] += e; 638*7c2fbfb3SApril Chin sha->state[5] += f; 639*7c2fbfb3SApril Chin sha->state[6] += g; 640*7c2fbfb3SApril Chin sha->state[7] += h; 641*7c2fbfb3SApril Chin 642*7c2fbfb3SApril Chin /* Clean up */ 643*7c2fbfb3SApril Chin a = b = c = d = e = f = g = h = T1 = T2 = 0; 644*7c2fbfb3SApril Chin } 645*7c2fbfb3SApril Chin 646*7c2fbfb3SApril Chin #endif /* SHA2_UNROLL_TRANSFORM */ 647*7c2fbfb3SApril Chin 648*7c2fbfb3SApril Chin static int 649*7c2fbfb3SApril Chin sha256_block(register Sum_t* p, const void* s, size_t len) 650*7c2fbfb3SApril Chin { 651*7c2fbfb3SApril Chin Sha256_t* sha = (Sha256_t*)p; 652*7c2fbfb3SApril Chin sha2_byte* data = (sha2_byte*)s; 653*7c2fbfb3SApril Chin unsigned int freespace, usedspace; 654*7c2fbfb3SApril Chin 655*7c2fbfb3SApril Chin if (!len) 656*7c2fbfb3SApril Chin return 0; 657*7c2fbfb3SApril Chin usedspace = (sha->bitcount >> 3) % SHA256_BLOCK_LENGTH; 658*7c2fbfb3SApril Chin if (usedspace > 0) { 659*7c2fbfb3SApril Chin /* Calculate how much free space is available in the buffer */ 660*7c2fbfb3SApril Chin freespace = SHA256_BLOCK_LENGTH - usedspace; 661*7c2fbfb3SApril Chin 662*7c2fbfb3SApril Chin if (len >= freespace) { 663*7c2fbfb3SApril Chin /* Fill the buffer completely and process it */ 664*7c2fbfb3SApril Chin MEMCPY_BCOPY(&sha->buffer[usedspace], data, freespace); 665*7c2fbfb3SApril Chin sha->bitcount += freespace << 3; 666*7c2fbfb3SApril Chin len -= freespace; 667*7c2fbfb3SApril Chin data += freespace; 668*7c2fbfb3SApril Chin SHA256_Transform(sha, (sha2_word32*)sha->buffer); 669*7c2fbfb3SApril Chin } else { 670*7c2fbfb3SApril Chin /* The buffer is not yet full */ 671*7c2fbfb3SApril Chin MEMCPY_BCOPY(&sha->buffer[usedspace], data, len); 672*7c2fbfb3SApril Chin sha->bitcount += len << 3; 673*7c2fbfb3SApril Chin /* Clean up: */ 674*7c2fbfb3SApril Chin usedspace = freespace = 0; 675*7c2fbfb3SApril Chin return 0; 676*7c2fbfb3SApril Chin } 677*7c2fbfb3SApril Chin } 678*7c2fbfb3SApril Chin while (len >= SHA256_BLOCK_LENGTH) { 679*7c2fbfb3SApril Chin /* Process as many complete blocks as we can */ 680*7c2fbfb3SApril Chin SHA256_Transform(sha, (sha2_word32*)data); 681*7c2fbfb3SApril Chin sha->bitcount += SHA256_BLOCK_LENGTH << 3; 682*7c2fbfb3SApril Chin len -= SHA256_BLOCK_LENGTH; 683*7c2fbfb3SApril Chin data += SHA256_BLOCK_LENGTH; 684*7c2fbfb3SApril Chin } 685*7c2fbfb3SApril Chin if (len > 0) { 686*7c2fbfb3SApril Chin /* There's left-overs, so save 'em */ 687*7c2fbfb3SApril Chin MEMCPY_BCOPY(sha->buffer, data, len); 688*7c2fbfb3SApril Chin sha->bitcount += len << 3; 689*7c2fbfb3SApril Chin } 690*7c2fbfb3SApril Chin /* Clean up: */ 691*7c2fbfb3SApril Chin usedspace = freespace = 0; 692*7c2fbfb3SApril Chin 693*7c2fbfb3SApril Chin return 0; 694*7c2fbfb3SApril Chin } 695*7c2fbfb3SApril Chin 696*7c2fbfb3SApril Chin static int 697*7c2fbfb3SApril Chin sha256_init(Sum_t* p) 698*7c2fbfb3SApril Chin { 699*7c2fbfb3SApril Chin register Sha256_t* sha = (Sha256_t*)p; 700*7c2fbfb3SApril Chin 701*7c2fbfb3SApril Chin MEMCPY_BCOPY(sha->state, sha256_initial_hash_value, SHA256_DIGEST_LENGTH); 702*7c2fbfb3SApril Chin MEMSET_BZERO(sha->buffer, SHA256_BLOCK_LENGTH); 703*7c2fbfb3SApril Chin sha->bitcount = 0; 704*7c2fbfb3SApril Chin 705*7c2fbfb3SApril Chin return 0; 706*7c2fbfb3SApril Chin } 707*7c2fbfb3SApril Chin 708*7c2fbfb3SApril Chin static Sum_t* 709*7c2fbfb3SApril Chin sha256_open(const Method_t* method, const char* name) 710*7c2fbfb3SApril Chin { 711*7c2fbfb3SApril Chin Sha256_t* sha; 712*7c2fbfb3SApril Chin 713*7c2fbfb3SApril Chin if (sha = newof(0, Sha256_t, 1, 0)) 714*7c2fbfb3SApril Chin { 715*7c2fbfb3SApril Chin sha->method = (Method_t*)method; 716*7c2fbfb3SApril Chin sha->name = name; 717*7c2fbfb3SApril Chin sha256_init((Sum_t*)sha); 718*7c2fbfb3SApril Chin } 719*7c2fbfb3SApril Chin return (Sum_t*)sha; 720*7c2fbfb3SApril Chin } 721*7c2fbfb3SApril Chin 722*7c2fbfb3SApril Chin static int 723*7c2fbfb3SApril Chin sha256_done(Sum_t* p) 724*7c2fbfb3SApril Chin { 725*7c2fbfb3SApril Chin Sha256_t* sha = (Sha256_t*)p; 726*7c2fbfb3SApril Chin unsigned int usedspace; 727*7c2fbfb3SApril Chin register int i; 728*7c2fbfb3SApril Chin 729*7c2fbfb3SApril Chin /* Sanity check: */ 730*7c2fbfb3SApril Chin assert(sha != (SHA256_CTX*)0); 731*7c2fbfb3SApril Chin 732*7c2fbfb3SApril Chin usedspace = (sha->bitcount >> 3) % SHA256_BLOCK_LENGTH; 733*7c2fbfb3SApril Chin #if BYTE_ORDER == LITTLE_ENDIAN 734*7c2fbfb3SApril Chin /* Convert FROM host byte order */ 735*7c2fbfb3SApril Chin REVERSE64(sha->bitcount,sha->bitcount); 736*7c2fbfb3SApril Chin #endif 737*7c2fbfb3SApril Chin if (usedspace > 0) { 738*7c2fbfb3SApril Chin /* Begin padding with a 1 bit: */ 739*7c2fbfb3SApril Chin sha->buffer[usedspace++] = 0x80; 740*7c2fbfb3SApril Chin 741*7c2fbfb3SApril Chin if (usedspace <= SHA256_SHORT_BLOCK_LENGTH) { 742*7c2fbfb3SApril Chin /* Set-up for the last transform: */ 743*7c2fbfb3SApril Chin MEMSET_BZERO(&sha->buffer[usedspace], SHA256_SHORT_BLOCK_LENGTH - usedspace); 744*7c2fbfb3SApril Chin } else { 745*7c2fbfb3SApril Chin if (usedspace < SHA256_BLOCK_LENGTH) { 746*7c2fbfb3SApril Chin MEMSET_BZERO(&sha->buffer[usedspace], SHA256_BLOCK_LENGTH - usedspace); 747*7c2fbfb3SApril Chin } 748*7c2fbfb3SApril Chin /* Do second-to-last transform: */ 749*7c2fbfb3SApril Chin SHA256_Transform(sha, (sha2_word32*)sha->buffer); 750*7c2fbfb3SApril Chin 751*7c2fbfb3SApril Chin /* And set-up for the last transform: */ 752*7c2fbfb3SApril Chin MEMSET_BZERO(sha->buffer, SHA256_SHORT_BLOCK_LENGTH); 753*7c2fbfb3SApril Chin } 754*7c2fbfb3SApril Chin } else { 755*7c2fbfb3SApril Chin /* Set-up for the last transform: */ 756*7c2fbfb3SApril Chin MEMSET_BZERO(sha->buffer, SHA256_SHORT_BLOCK_LENGTH); 757*7c2fbfb3SApril Chin 758*7c2fbfb3SApril Chin /* Begin padding with a 1 bit: */ 759*7c2fbfb3SApril Chin *sha->buffer = 0x80; 760*7c2fbfb3SApril Chin } 761*7c2fbfb3SApril Chin /* Set the bit count: */ 762*7c2fbfb3SApril Chin *(sha2_word64*)&sha->buffer[SHA256_SHORT_BLOCK_LENGTH] = sha->bitcount; 763*7c2fbfb3SApril Chin 764*7c2fbfb3SApril Chin /* Final transform: */ 765*7c2fbfb3SApril Chin SHA256_Transform(sha, (sha2_word32*)sha->buffer); 766*7c2fbfb3SApril Chin 767*7c2fbfb3SApril Chin #if BYTE_ORDER == LITTLE_ENDIAN 768*7c2fbfb3SApril Chin { 769*7c2fbfb3SApril Chin /* Convert TO host byte order */ 770*7c2fbfb3SApril Chin int j; 771*7c2fbfb3SApril Chin sha2_word32* d = (sha2_word32*)sha->digest; 772*7c2fbfb3SApril Chin for (j = 0; j < 8; j++) { 773*7c2fbfb3SApril Chin REVERSE32(sha->state[j],sha->state[j]); 774*7c2fbfb3SApril Chin *d++ = sha->state[j]; 775*7c2fbfb3SApril Chin } 776*7c2fbfb3SApril Chin } 777*7c2fbfb3SApril Chin #else 778*7c2fbfb3SApril Chin MEMCPY_BCOPY(sha->digest, sha->state, SHA256_DIGEST_LENGTH); 779*7c2fbfb3SApril Chin #endif 780*7c2fbfb3SApril Chin 781*7c2fbfb3SApril Chin /* accumulate the digests */ 782*7c2fbfb3SApril Chin for (i = 0; i < SHA256_DIGEST_LENGTH; i++) 783*7c2fbfb3SApril Chin sha->digest_sum[i] ^= sha->digest[i]; 784*7c2fbfb3SApril Chin 785*7c2fbfb3SApril Chin /* Clean up state data: */ 786*7c2fbfb3SApril Chin MEMSET_BZERO(&sha->state, sizeof(*sha) - offsetof(Sha256_t, state)); 787*7c2fbfb3SApril Chin usedspace = 0; 788*7c2fbfb3SApril Chin 789*7c2fbfb3SApril Chin return 0; 790*7c2fbfb3SApril Chin } 791*7c2fbfb3SApril Chin 792*7c2fbfb3SApril Chin static int 793*7c2fbfb3SApril Chin sha256_print(Sum_t* p, Sfio_t* sp, register int flags, size_t scale) 794*7c2fbfb3SApril Chin { 795*7c2fbfb3SApril Chin register Sha256_t* sha = (Sha256_t*)p; 796*7c2fbfb3SApril Chin register sha2_byte* d; 797*7c2fbfb3SApril Chin register sha2_byte* e; 798*7c2fbfb3SApril Chin 799*7c2fbfb3SApril Chin d = (flags & SUM_TOTAL) ? sha->digest_sum : sha->digest; 800*7c2fbfb3SApril Chin e = d + SHA256_DIGEST_LENGTH; 801*7c2fbfb3SApril Chin while (d < e) 802*7c2fbfb3SApril Chin sfprintf(sp, "%02x", *d++); 803*7c2fbfb3SApril Chin return 0; 804*7c2fbfb3SApril Chin } 805*7c2fbfb3SApril Chin 806*7c2fbfb3SApril Chin static int 807*7c2fbfb3SApril Chin sha256_data(Sum_t* p, Sumdata_t* data) 808*7c2fbfb3SApril Chin { 809*7c2fbfb3SApril Chin register Sha256_t* sha = (Sha256_t*)p; 810*7c2fbfb3SApril Chin 811*7c2fbfb3SApril Chin data->size = SHA256_DIGEST_LENGTH; 812*7c2fbfb3SApril Chin data->num = 0; 813*7c2fbfb3SApril Chin data->buf = sha->digest; 814*7c2fbfb3SApril Chin return 0; 815*7c2fbfb3SApril Chin } 816*7c2fbfb3SApril Chin 817*7c2fbfb3SApril Chin /*** SHA-512: *********************************************************/ 818*7c2fbfb3SApril Chin 819*7c2fbfb3SApril Chin #define sha512_description "FIPS SHA-512 secure hash algorithm." 820*7c2fbfb3SApril Chin #define sha512_options "\ 821*7c2fbfb3SApril Chin [+(version)?sha-512 (FIPS) 2000-01-01]\ 822*7c2fbfb3SApril Chin [+(author)?Aaron D. Gifford]\ 823*7c2fbfb3SApril Chin " 824*7c2fbfb3SApril Chin #define sha512_match "sha512|sha-512|SHA512|SHA-512" 825*7c2fbfb3SApril Chin #define sha512_scale 0 826*7c2fbfb3SApril Chin 827*7c2fbfb3SApril Chin #define sha512_padding md5_pad 828*7c2fbfb3SApril Chin 829*7c2fbfb3SApril Chin #define SHA512_CTX Sha512_t 830*7c2fbfb3SApril Chin 831*7c2fbfb3SApril Chin typedef struct Sha512_s 832*7c2fbfb3SApril Chin { 833*7c2fbfb3SApril Chin _SUM_PUBLIC_ 834*7c2fbfb3SApril Chin _SUM_PRIVATE_ 835*7c2fbfb3SApril Chin sha2_byte digest[SHA512_DIGEST_LENGTH]; 836*7c2fbfb3SApril Chin sha2_byte digest_sum[SHA512_DIGEST_LENGTH]; 837*7c2fbfb3SApril Chin sha2_word64 state[8]; 838*7c2fbfb3SApril Chin sha2_word64 bitcount[2]; 839*7c2fbfb3SApril Chin sha2_byte buffer[SHA512_BLOCK_LENGTH]; 840*7c2fbfb3SApril Chin } Sha512_t; 841*7c2fbfb3SApril Chin 842*7c2fbfb3SApril Chin #ifdef SHA2_UNROLL_TRANSFORM 843*7c2fbfb3SApril Chin 844*7c2fbfb3SApril Chin /* Unrolled SHA-512 round macros: */ 845*7c2fbfb3SApril Chin #if BYTE_ORDER == LITTLE_ENDIAN 846*7c2fbfb3SApril Chin 847*7c2fbfb3SApril Chin #define ROUND512_0_TO_15(a,b,c,d,e,f,g,h) \ 848*7c2fbfb3SApril Chin REVERSE64(*data++, W512[j]); \ 849*7c2fbfb3SApril Chin T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + \ 850*7c2fbfb3SApril Chin K512[j] + W512[j]; \ 851*7c2fbfb3SApril Chin (d) += T1, \ 852*7c2fbfb3SApril Chin (h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)), \ 853*7c2fbfb3SApril Chin j++ 854*7c2fbfb3SApril Chin 855*7c2fbfb3SApril Chin 856*7c2fbfb3SApril Chin #else /* BYTE_ORDER == LITTLE_ENDIAN */ 857*7c2fbfb3SApril Chin 858*7c2fbfb3SApril Chin #define ROUND512_0_TO_15(a,b,c,d,e,f,g,h) \ 859*7c2fbfb3SApril Chin T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + \ 860*7c2fbfb3SApril Chin K512[j] + (W512[j] = *data++); \ 861*7c2fbfb3SApril Chin (d) += T1; \ 862*7c2fbfb3SApril Chin (h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)); \ 863*7c2fbfb3SApril Chin j++ 864*7c2fbfb3SApril Chin 865*7c2fbfb3SApril Chin #endif /* BYTE_ORDER == LITTLE_ENDIAN */ 866*7c2fbfb3SApril Chin 867*7c2fbfb3SApril Chin #define ROUND512(a,b,c,d,e,f,g,h) \ 868*7c2fbfb3SApril Chin s0 = W512[(j+1)&0x0f]; \ 869*7c2fbfb3SApril Chin s0 = sigma0_512(s0); \ 870*7c2fbfb3SApril Chin s1 = W512[(j+14)&0x0f]; \ 871*7c2fbfb3SApril Chin s1 = sigma1_512(s1); \ 872*7c2fbfb3SApril Chin T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + K512[j] + \ 873*7c2fbfb3SApril Chin (W512[j&0x0f] += s1 + W512[(j+9)&0x0f] + s0); \ 874*7c2fbfb3SApril Chin (d) += T1; \ 875*7c2fbfb3SApril Chin (h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)); \ 876*7c2fbfb3SApril Chin j++ 877*7c2fbfb3SApril Chin 878*7c2fbfb3SApril Chin static void SHA512_Transform(SHA512_CTX* sha, const sha2_word64* data) { 879*7c2fbfb3SApril Chin sha2_word64 a, b, c, d, e, f, g, h, s0, s1; 880*7c2fbfb3SApril Chin sha2_word64 T1, *W512 = (sha2_word64*)sha->buffer; 881*7c2fbfb3SApril Chin int j; 882*7c2fbfb3SApril Chin 883*7c2fbfb3SApril Chin /* Initialize registers with the prev. intermediate value */ 884*7c2fbfb3SApril Chin a = sha->state[0]; 885*7c2fbfb3SApril Chin b = sha->state[1]; 886*7c2fbfb3SApril Chin c = sha->state[2]; 887*7c2fbfb3SApril Chin d = sha->state[3]; 888*7c2fbfb3SApril Chin e = sha->state[4]; 889*7c2fbfb3SApril Chin f = sha->state[5]; 890*7c2fbfb3SApril Chin g = sha->state[6]; 891*7c2fbfb3SApril Chin h = sha->state[7]; 892*7c2fbfb3SApril Chin 893*7c2fbfb3SApril Chin j = 0; 894*7c2fbfb3SApril Chin do { 895*7c2fbfb3SApril Chin ROUND512_0_TO_15(a,b,c,d,e,f,g,h); 896*7c2fbfb3SApril Chin ROUND512_0_TO_15(h,a,b,c,d,e,f,g); 897*7c2fbfb3SApril Chin ROUND512_0_TO_15(g,h,a,b,c,d,e,f); 898*7c2fbfb3SApril Chin ROUND512_0_TO_15(f,g,h,a,b,c,d,e); 899*7c2fbfb3SApril Chin ROUND512_0_TO_15(e,f,g,h,a,b,c,d); 900*7c2fbfb3SApril Chin ROUND512_0_TO_15(d,e,f,g,h,a,b,c); 901*7c2fbfb3SApril Chin ROUND512_0_TO_15(c,d,e,f,g,h,a,b); 902*7c2fbfb3SApril Chin ROUND512_0_TO_15(b,c,d,e,f,g,h,a); 903*7c2fbfb3SApril Chin } while (j < 16); 904*7c2fbfb3SApril Chin 905*7c2fbfb3SApril Chin /* Now for the remaining rounds up to 79: */ 906*7c2fbfb3SApril Chin do { 907*7c2fbfb3SApril Chin ROUND512(a,b,c,d,e,f,g,h); 908*7c2fbfb3SApril Chin ROUND512(h,a,b,c,d,e,f,g); 909*7c2fbfb3SApril Chin ROUND512(g,h,a,b,c,d,e,f); 910*7c2fbfb3SApril Chin ROUND512(f,g,h,a,b,c,d,e); 911*7c2fbfb3SApril Chin ROUND512(e,f,g,h,a,b,c,d); 912*7c2fbfb3SApril Chin ROUND512(d,e,f,g,h,a,b,c); 913*7c2fbfb3SApril Chin ROUND512(c,d,e,f,g,h,a,b); 914*7c2fbfb3SApril Chin ROUND512(b,c,d,e,f,g,h,a); 915*7c2fbfb3SApril Chin } while (j < 80); 916*7c2fbfb3SApril Chin 917*7c2fbfb3SApril Chin /* Compute the current intermediate hash value */ 918*7c2fbfb3SApril Chin sha->state[0] += a; 919*7c2fbfb3SApril Chin sha->state[1] += b; 920*7c2fbfb3SApril Chin sha->state[2] += c; 921*7c2fbfb3SApril Chin sha->state[3] += d; 922*7c2fbfb3SApril Chin sha->state[4] += e; 923*7c2fbfb3SApril Chin sha->state[5] += f; 924*7c2fbfb3SApril Chin sha->state[6] += g; 925*7c2fbfb3SApril Chin sha->state[7] += h; 926*7c2fbfb3SApril Chin 927*7c2fbfb3SApril Chin /* Clean up */ 928*7c2fbfb3SApril Chin a = b = c = d = e = f = g = h = T1 = 0; 929*7c2fbfb3SApril Chin } 930*7c2fbfb3SApril Chin 931*7c2fbfb3SApril Chin #else /* SHA2_UNROLL_TRANSFORM */ 932*7c2fbfb3SApril Chin 933*7c2fbfb3SApril Chin static void SHA512_Transform(SHA512_CTX* sha, const sha2_word64* data) { 934*7c2fbfb3SApril Chin sha2_word64 a, b, c, d, e, f, g, h, s0, s1; 935*7c2fbfb3SApril Chin sha2_word64 T1, T2, *W512 = (sha2_word64*)sha->buffer; 936*7c2fbfb3SApril Chin int j; 937*7c2fbfb3SApril Chin 938*7c2fbfb3SApril Chin /* Initialize registers with the prev. intermediate value */ 939*7c2fbfb3SApril Chin a = sha->state[0]; 940*7c2fbfb3SApril Chin b = sha->state[1]; 941*7c2fbfb3SApril Chin c = sha->state[2]; 942*7c2fbfb3SApril Chin d = sha->state[3]; 943*7c2fbfb3SApril Chin e = sha->state[4]; 944*7c2fbfb3SApril Chin f = sha->state[5]; 945*7c2fbfb3SApril Chin g = sha->state[6]; 946*7c2fbfb3SApril Chin h = sha->state[7]; 947*7c2fbfb3SApril Chin 948*7c2fbfb3SApril Chin j = 0; 949*7c2fbfb3SApril Chin do { 950*7c2fbfb3SApril Chin #if BYTE_ORDER == LITTLE_ENDIAN 951*7c2fbfb3SApril Chin /* Convert TO host byte order */ 952*7c2fbfb3SApril Chin REVERSE64(*data++, W512[j]); 953*7c2fbfb3SApril Chin /* Apply the SHA-512 compression function to update a..h */ 954*7c2fbfb3SApril Chin T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + W512[j]; 955*7c2fbfb3SApril Chin #else /* BYTE_ORDER == LITTLE_ENDIAN */ 956*7c2fbfb3SApril Chin /* Apply the SHA-512 compression function to update a..h with copy */ 957*7c2fbfb3SApril Chin T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + (W512[j] = *data++); 958*7c2fbfb3SApril Chin #endif /* BYTE_ORDER == LITTLE_ENDIAN */ 959*7c2fbfb3SApril Chin T2 = Sigma0_512(a) + Maj(a, b, c); 960*7c2fbfb3SApril Chin h = g; 961*7c2fbfb3SApril Chin g = f; 962*7c2fbfb3SApril Chin f = e; 963*7c2fbfb3SApril Chin e = d + T1; 964*7c2fbfb3SApril Chin d = c; 965*7c2fbfb3SApril Chin c = b; 966*7c2fbfb3SApril Chin b = a; 967*7c2fbfb3SApril Chin a = T1 + T2; 968*7c2fbfb3SApril Chin 969*7c2fbfb3SApril Chin j++; 970*7c2fbfb3SApril Chin } while (j < 16); 971*7c2fbfb3SApril Chin 972*7c2fbfb3SApril Chin do { 973*7c2fbfb3SApril Chin /* Part of the message block expansion: */ 974*7c2fbfb3SApril Chin s0 = W512[(j+1)&0x0f]; 975*7c2fbfb3SApril Chin s0 = sigma0_512(s0); 976*7c2fbfb3SApril Chin s1 = W512[(j+14)&0x0f]; 977*7c2fbfb3SApril Chin s1 = sigma1_512(s1); 978*7c2fbfb3SApril Chin 979*7c2fbfb3SApril Chin /* Apply the SHA-512 compression function to update a..h */ 980*7c2fbfb3SApril Chin T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + 981*7c2fbfb3SApril Chin (W512[j&0x0f] += s1 + W512[(j+9)&0x0f] + s0); 982*7c2fbfb3SApril Chin T2 = Sigma0_512(a) + Maj(a, b, c); 983*7c2fbfb3SApril Chin h = g; 984*7c2fbfb3SApril Chin g = f; 985*7c2fbfb3SApril Chin f = e; 986*7c2fbfb3SApril Chin e = d + T1; 987*7c2fbfb3SApril Chin d = c; 988*7c2fbfb3SApril Chin c = b; 989*7c2fbfb3SApril Chin b = a; 990*7c2fbfb3SApril Chin a = T1 + T2; 991*7c2fbfb3SApril Chin 992*7c2fbfb3SApril Chin j++; 993*7c2fbfb3SApril Chin } while (j < 80); 994*7c2fbfb3SApril Chin 995*7c2fbfb3SApril Chin /* Compute the current intermediate hash value */ 996*7c2fbfb3SApril Chin sha->state[0] += a; 997*7c2fbfb3SApril Chin sha->state[1] += b; 998*7c2fbfb3SApril Chin sha->state[2] += c; 999*7c2fbfb3SApril Chin sha->state[3] += d; 1000*7c2fbfb3SApril Chin sha->state[4] += e; 1001*7c2fbfb3SApril Chin sha->state[5] += f; 1002*7c2fbfb3SApril Chin sha->state[6] += g; 1003*7c2fbfb3SApril Chin sha->state[7] += h; 1004*7c2fbfb3SApril Chin 1005*7c2fbfb3SApril Chin /* Clean up */ 1006*7c2fbfb3SApril Chin a = b = c = d = e = f = g = h = T1 = T2 = 0; 1007*7c2fbfb3SApril Chin } 1008*7c2fbfb3SApril Chin 1009*7c2fbfb3SApril Chin #endif /* SHA2_UNROLL_TRANSFORM */ 1010*7c2fbfb3SApril Chin 1011*7c2fbfb3SApril Chin static int 1012*7c2fbfb3SApril Chin sha512_block(register Sum_t* p, const void* s, size_t len) 1013*7c2fbfb3SApril Chin { 1014*7c2fbfb3SApril Chin Sha512_t* sha = (Sha512_t*)p; 1015*7c2fbfb3SApril Chin sha2_byte* data = (sha2_byte*)s; 1016*7c2fbfb3SApril Chin unsigned int freespace, usedspace; 1017*7c2fbfb3SApril Chin 1018*7c2fbfb3SApril Chin if (!len) 1019*7c2fbfb3SApril Chin return 0; 1020*7c2fbfb3SApril Chin usedspace = (sha->bitcount[0] >> 3) % SHA512_BLOCK_LENGTH; 1021*7c2fbfb3SApril Chin if (usedspace > 0) { 1022*7c2fbfb3SApril Chin /* Calculate how much free space is available in the buffer */ 1023*7c2fbfb3SApril Chin freespace = SHA512_BLOCK_LENGTH - usedspace; 1024*7c2fbfb3SApril Chin 1025*7c2fbfb3SApril Chin if (len >= freespace) { 1026*7c2fbfb3SApril Chin /* Fill the buffer completely and process it */ 1027*7c2fbfb3SApril Chin MEMCPY_BCOPY(&sha->buffer[usedspace], data, freespace); 1028*7c2fbfb3SApril Chin ADDINC128(sha->bitcount, freespace << 3); 1029*7c2fbfb3SApril Chin len -= freespace; 1030*7c2fbfb3SApril Chin data += freespace; 1031*7c2fbfb3SApril Chin SHA512_Transform(sha, (sha2_word64*)sha->buffer); 1032*7c2fbfb3SApril Chin } else { 1033*7c2fbfb3SApril Chin /* The buffer is not yet full */ 1034*7c2fbfb3SApril Chin MEMCPY_BCOPY(&sha->buffer[usedspace], data, len); 1035*7c2fbfb3SApril Chin ADDINC128(sha->bitcount, len << 3); 1036*7c2fbfb3SApril Chin /* Clean up: */ 1037*7c2fbfb3SApril Chin usedspace = freespace = 0; 1038*7c2fbfb3SApril Chin return 0; 1039*7c2fbfb3SApril Chin } 1040*7c2fbfb3SApril Chin } 1041*7c2fbfb3SApril Chin while (len >= SHA512_BLOCK_LENGTH) { 1042*7c2fbfb3SApril Chin /* Process as many complete blocks as we can */ 1043*7c2fbfb3SApril Chin SHA512_Transform(sha, (sha2_word64*)data); 1044*7c2fbfb3SApril Chin ADDINC128(sha->bitcount, SHA512_BLOCK_LENGTH << 3); 1045*7c2fbfb3SApril Chin len -= SHA512_BLOCK_LENGTH; 1046*7c2fbfb3SApril Chin data += SHA512_BLOCK_LENGTH; 1047*7c2fbfb3SApril Chin } 1048*7c2fbfb3SApril Chin if (len > 0) { 1049*7c2fbfb3SApril Chin /* There's left-overs, so save 'em */ 1050*7c2fbfb3SApril Chin MEMCPY_BCOPY(sha->buffer, data, len); 1051*7c2fbfb3SApril Chin ADDINC128(sha->bitcount, len << 3); 1052*7c2fbfb3SApril Chin } 1053*7c2fbfb3SApril Chin /* Clean up: */ 1054*7c2fbfb3SApril Chin usedspace = freespace = 0; 1055*7c2fbfb3SApril Chin 1056*7c2fbfb3SApril Chin return 0; 1057*7c2fbfb3SApril Chin } 1058*7c2fbfb3SApril Chin 1059*7c2fbfb3SApril Chin static int 1060*7c2fbfb3SApril Chin sha512_init(Sum_t* p) 1061*7c2fbfb3SApril Chin { 1062*7c2fbfb3SApril Chin register Sha512_t* sha = (Sha512_t*)p; 1063*7c2fbfb3SApril Chin 1064*7c2fbfb3SApril Chin MEMCPY_BCOPY(sha->state, sha512_initial_hash_value, SHA512_DIGEST_LENGTH); 1065*7c2fbfb3SApril Chin MEMSET_BZERO(sha->buffer, SHA512_BLOCK_LENGTH); 1066*7c2fbfb3SApril Chin sha->bitcount[0] = sha->bitcount[1] = 0; 1067*7c2fbfb3SApril Chin 1068*7c2fbfb3SApril Chin return 0; 1069*7c2fbfb3SApril Chin } 1070*7c2fbfb3SApril Chin 1071*7c2fbfb3SApril Chin static Sum_t* 1072*7c2fbfb3SApril Chin sha512_open(const Method_t* method, const char* name) 1073*7c2fbfb3SApril Chin { 1074*7c2fbfb3SApril Chin Sha512_t* sha; 1075*7c2fbfb3SApril Chin 1076*7c2fbfb3SApril Chin if (sha = newof(0, Sha512_t, 1, 0)) 1077*7c2fbfb3SApril Chin { 1078*7c2fbfb3SApril Chin sha->method = (Method_t*)method; 1079*7c2fbfb3SApril Chin sha->name = name; 1080*7c2fbfb3SApril Chin sha512_init((Sum_t*)sha); 1081*7c2fbfb3SApril Chin } 1082*7c2fbfb3SApril Chin return (Sum_t*)sha; 1083*7c2fbfb3SApril Chin } 1084*7c2fbfb3SApril Chin 1085*7c2fbfb3SApril Chin static int 1086*7c2fbfb3SApril Chin sha512_done(Sum_t* p) 1087*7c2fbfb3SApril Chin { 1088*7c2fbfb3SApril Chin Sha512_t* sha = (Sha512_t*)p; 1089*7c2fbfb3SApril Chin unsigned int usedspace; 1090*7c2fbfb3SApril Chin register int i; 1091*7c2fbfb3SApril Chin 1092*7c2fbfb3SApril Chin usedspace = (sha->bitcount[0] >> 3) % SHA512_BLOCK_LENGTH; 1093*7c2fbfb3SApril Chin #if BYTE_ORDER == LITTLE_ENDIAN 1094*7c2fbfb3SApril Chin /* Convert FROM host byte order */ 1095*7c2fbfb3SApril Chin REVERSE64(sha->bitcount[0],sha->bitcount[0]); 1096*7c2fbfb3SApril Chin REVERSE64(sha->bitcount[1],sha->bitcount[1]); 1097*7c2fbfb3SApril Chin #endif 1098*7c2fbfb3SApril Chin if (usedspace > 0) { 1099*7c2fbfb3SApril Chin /* Begin padding with a 1 bit: */ 1100*7c2fbfb3SApril Chin sha->buffer[usedspace++] = 0x80; 1101*7c2fbfb3SApril Chin 1102*7c2fbfb3SApril Chin if (usedspace <= SHA512_SHORT_BLOCK_LENGTH) { 1103*7c2fbfb3SApril Chin /* Set-up for the last transform: */ 1104*7c2fbfb3SApril Chin MEMSET_BZERO(&sha->buffer[usedspace], SHA512_SHORT_BLOCK_LENGTH - usedspace); 1105*7c2fbfb3SApril Chin } else { 1106*7c2fbfb3SApril Chin if (usedspace < SHA512_BLOCK_LENGTH) { 1107*7c2fbfb3SApril Chin MEMSET_BZERO(&sha->buffer[usedspace], SHA512_BLOCK_LENGTH - usedspace); 1108*7c2fbfb3SApril Chin } 1109*7c2fbfb3SApril Chin /* Do second-to-last transform: */ 1110*7c2fbfb3SApril Chin SHA512_Transform(sha, (sha2_word64*)sha->buffer); 1111*7c2fbfb3SApril Chin 1112*7c2fbfb3SApril Chin /* And set-up for the last transform: */ 1113*7c2fbfb3SApril Chin MEMSET_BZERO(sha->buffer, SHA512_BLOCK_LENGTH - 2); 1114*7c2fbfb3SApril Chin } 1115*7c2fbfb3SApril Chin } else { 1116*7c2fbfb3SApril Chin /* Prepare for final transform: */ 1117*7c2fbfb3SApril Chin MEMSET_BZERO(sha->buffer, SHA512_SHORT_BLOCK_LENGTH); 1118*7c2fbfb3SApril Chin 1119*7c2fbfb3SApril Chin /* Begin padding with a 1 bit: */ 1120*7c2fbfb3SApril Chin *sha->buffer = 0x80; 1121*7c2fbfb3SApril Chin } 1122*7c2fbfb3SApril Chin /* Store the length of input data (in bits): */ 1123*7c2fbfb3SApril Chin *(sha2_word64*)&sha->buffer[SHA512_SHORT_BLOCK_LENGTH] = sha->bitcount[1]; 1124*7c2fbfb3SApril Chin *(sha2_word64*)&sha->buffer[SHA512_SHORT_BLOCK_LENGTH+8] = sha->bitcount[0]; 1125*7c2fbfb3SApril Chin 1126*7c2fbfb3SApril Chin /* Final transform: */ 1127*7c2fbfb3SApril Chin SHA512_Transform(sha, (sha2_word64*)sha->buffer); 1128*7c2fbfb3SApril Chin 1129*7c2fbfb3SApril Chin #if BYTE_ORDER == LITTLE_ENDIAN 1130*7c2fbfb3SApril Chin { 1131*7c2fbfb3SApril Chin /* Convert TO host byte order */ 1132*7c2fbfb3SApril Chin sha2_word64* d = (sha2_word64*)sha->digest; 1133*7c2fbfb3SApril Chin int j; 1134*7c2fbfb3SApril Chin for (j = 0; j < 8; j++) { 1135*7c2fbfb3SApril Chin REVERSE64(sha->state[j],sha->state[j]); 1136*7c2fbfb3SApril Chin *d++ = sha->state[j]; 1137*7c2fbfb3SApril Chin } 1138*7c2fbfb3SApril Chin } 1139*7c2fbfb3SApril Chin #else 1140*7c2fbfb3SApril Chin MEMCPY_BCOPY(sha->digest, sha->state, SHA512_DIGEST_LENGTH); 1141*7c2fbfb3SApril Chin #endif 1142*7c2fbfb3SApril Chin 1143*7c2fbfb3SApril Chin /* accumulate the digests */ 1144*7c2fbfb3SApril Chin for (i = 0; i < SHA512_DIGEST_LENGTH; i++) 1145*7c2fbfb3SApril Chin sha->digest_sum[i] ^= sha->digest[i]; 1146*7c2fbfb3SApril Chin 1147*7c2fbfb3SApril Chin /* Clean up state data: */ 1148*7c2fbfb3SApril Chin MEMSET_BZERO(&sha->state, sizeof(*sha) - offsetof(Sha512_t, state)); 1149*7c2fbfb3SApril Chin usedspace = 0; 1150*7c2fbfb3SApril Chin 1151*7c2fbfb3SApril Chin return 0; 1152*7c2fbfb3SApril Chin } 1153*7c2fbfb3SApril Chin 1154*7c2fbfb3SApril Chin static int 1155*7c2fbfb3SApril Chin sha512_print(Sum_t* p, Sfio_t* sp, register int flags, size_t scale) 1156*7c2fbfb3SApril Chin { 1157*7c2fbfb3SApril Chin register Sha512_t* sha = (Sha512_t*)p; 1158*7c2fbfb3SApril Chin register sha2_byte* d; 1159*7c2fbfb3SApril Chin register sha2_byte* e; 1160*7c2fbfb3SApril Chin 1161*7c2fbfb3SApril Chin d = (flags & SUM_TOTAL) ? sha->digest_sum : sha->digest; 1162*7c2fbfb3SApril Chin e = d + SHA512_DIGEST_LENGTH; 1163*7c2fbfb3SApril Chin while (d < e) 1164*7c2fbfb3SApril Chin sfprintf(sp, "%02x", *d++); 1165*7c2fbfb3SApril Chin return 0; 1166*7c2fbfb3SApril Chin } 1167*7c2fbfb3SApril Chin 1168*7c2fbfb3SApril Chin static int 1169*7c2fbfb3SApril Chin sha512_data(Sum_t* p, Sumdata_t* data) 1170*7c2fbfb3SApril Chin { 1171*7c2fbfb3SApril Chin register Sha512_t* sha = (Sha512_t*)p; 1172*7c2fbfb3SApril Chin 1173*7c2fbfb3SApril Chin data->size = SHA512_DIGEST_LENGTH; 1174*7c2fbfb3SApril Chin data->num = 0; 1175*7c2fbfb3SApril Chin data->buf = sha->digest; 1176*7c2fbfb3SApril Chin return 0; 1177*7c2fbfb3SApril Chin } 1178*7c2fbfb3SApril Chin 1179*7c2fbfb3SApril Chin /*** SHA-384: *********************************************************/ 1180*7c2fbfb3SApril Chin 1181*7c2fbfb3SApril Chin #define sha384_description "FIPS SHA-384 secure hash algorithm." 1182*7c2fbfb3SApril Chin #define sha384_options "\ 1183*7c2fbfb3SApril Chin [+(version)?sha-384 (FIPS) 2000-01-01]\ 1184*7c2fbfb3SApril Chin [+(author)?Aaron D. Gifford]\ 1185*7c2fbfb3SApril Chin " 1186*7c2fbfb3SApril Chin #define sha384_match "sha384|sha-384|SHA384|SHA-384" 1187*7c2fbfb3SApril Chin #define sha384_scale 0 1188*7c2fbfb3SApril Chin #define sha384_block sha512_block 1189*7c2fbfb3SApril Chin #define sha384_done sha512_done 1190*7c2fbfb3SApril Chin 1191*7c2fbfb3SApril Chin #define sha384_padding md5_pad 1192*7c2fbfb3SApril Chin 1193*7c2fbfb3SApril Chin #define Sha384_t Sha512_t 1194*7c2fbfb3SApril Chin #define SHA384_CTX Sha384_t 1195*7c2fbfb3SApril Chin #define SHA384_DIGEST_LENGTH 48 1196*7c2fbfb3SApril Chin 1197*7c2fbfb3SApril Chin static int 1198*7c2fbfb3SApril Chin sha384_init(Sum_t* p) 1199*7c2fbfb3SApril Chin { 1200*7c2fbfb3SApril Chin register Sha384_t* sha = (Sha384_t*)p; 1201*7c2fbfb3SApril Chin 1202*7c2fbfb3SApril Chin MEMCPY_BCOPY(sha->state, sha384_initial_hash_value, SHA512_DIGEST_LENGTH); 1203*7c2fbfb3SApril Chin MEMSET_BZERO(sha->buffer, SHA384_BLOCK_LENGTH); 1204*7c2fbfb3SApril Chin sha->bitcount[0] = sha->bitcount[1] = 0; 1205*7c2fbfb3SApril Chin 1206*7c2fbfb3SApril Chin return 0; 1207*7c2fbfb3SApril Chin } 1208*7c2fbfb3SApril Chin 1209*7c2fbfb3SApril Chin static Sum_t* 1210*7c2fbfb3SApril Chin sha384_open(const Method_t* method, const char* name) 1211*7c2fbfb3SApril Chin { 1212*7c2fbfb3SApril Chin Sha384_t* sha; 1213*7c2fbfb3SApril Chin 1214*7c2fbfb3SApril Chin if (sha = newof(0, Sha384_t, 1, 0)) 1215*7c2fbfb3SApril Chin { 1216*7c2fbfb3SApril Chin sha->method = (Method_t*)method; 1217*7c2fbfb3SApril Chin sha->name = name; 1218*7c2fbfb3SApril Chin sha384_init((Sum_t*)sha); 1219*7c2fbfb3SApril Chin } 1220*7c2fbfb3SApril Chin return (Sum_t*)sha; 1221*7c2fbfb3SApril Chin } 1222*7c2fbfb3SApril Chin 1223*7c2fbfb3SApril Chin static int 1224*7c2fbfb3SApril Chin sha384_print(Sum_t* p, Sfio_t* sp, register int flags, size_t scale) 1225*7c2fbfb3SApril Chin { 1226*7c2fbfb3SApril Chin register Sha384_t* sha = (Sha384_t*)p; 1227*7c2fbfb3SApril Chin register sha2_byte* d; 1228*7c2fbfb3SApril Chin register sha2_byte* e; 1229*7c2fbfb3SApril Chin 1230*7c2fbfb3SApril Chin d = (flags & SUM_TOTAL) ? sha->digest_sum : sha->digest; 1231*7c2fbfb3SApril Chin e = d + SHA384_DIGEST_LENGTH; 1232*7c2fbfb3SApril Chin while (d < e) 1233*7c2fbfb3SApril Chin sfprintf(sp, "%02x", *d++); 1234*7c2fbfb3SApril Chin return 0; 1235*7c2fbfb3SApril Chin } 1236*7c2fbfb3SApril Chin 1237*7c2fbfb3SApril Chin static int 1238*7c2fbfb3SApril Chin sha384_data(Sum_t* p, Sumdata_t* data) 1239*7c2fbfb3SApril Chin { 1240*7c2fbfb3SApril Chin register Sha384_t* sha = (Sha384_t*)p; 1241*7c2fbfb3SApril Chin 1242*7c2fbfb3SApril Chin data->size = SHA384_DIGEST_LENGTH; 1243*7c2fbfb3SApril Chin data->num = 0; 1244*7c2fbfb3SApril Chin data->buf = sha->digest; 1245*7c2fbfb3SApril Chin return 0; 1246*7c2fbfb3SApril Chin } 1247*7c2fbfb3SApril Chin 1248*7c2fbfb3SApril Chin #endif /* _typ_int64_t */ 1249