Ruby 1.9.3p327(2012-11-10revision37606)
|
00001 /* 00002 * FILE: sha2.c 00003 * AUTHOR: Aaron D. Gifford - http://www.aarongifford.com/ 00004 * 00005 * Copyright (c) 2000-2001, Aaron D. Gifford 00006 * All rights reserved. 00007 * 00008 * Redistribution and use in source and binary forms, with or without 00009 * modification, are permitted provided that the following conditions 00010 * are met: 00011 * 1. Redistributions of source code must retain the above copyright 00012 * notice, this list of conditions and the following disclaimer. 00013 * 2. Redistributions in binary form must reproduce the above copyright 00014 * notice, this list of conditions and the following disclaimer in the 00015 * documentation and/or other materials provided with the distribution. 00016 * 3. Neither the name of the copyright holder nor the names of contributors 00017 * may be used to endorse or promote products derived from this software 00018 * without specific prior written permission. 00019 * 00020 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTOR(S) ``AS IS'' AND 00021 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 00022 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 00023 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTOR(S) BE LIABLE 00024 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 00025 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 00026 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 00027 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 00028 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 00029 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 00030 * SUCH DAMAGE. 00031 * 00032 * $OrigId: sha2.c,v 1.1 2001/11/08 00:01:51 adg Exp adg $ 00033 * $RoughId: sha2.c,v 1.3 2002/02/26 22:03:36 knu Exp $ 00034 * $Id: sha2.c 32547 2011-07-15 03:05:23Z nahi $ 00035 */ 00036 00037 #include "defs.h" 00038 #include <string.h> /* memcpy()/memset() or bcopy()/bzero() */ 00039 #include <assert.h> /* assert() */ 00040 #include "sha2.h" 00041 00042 /* 00043 * ASSERT NOTE: 00044 * Some sanity checking code is included using assert(). On my FreeBSD 00045 * system, this additional code can be removed by compiling with NDEBUG 00046 * defined. Check your own systems manpage on assert() to see how to 00047 * compile WITHOUT the sanity checking code on your system. 00048 * 00049 * UNROLLED TRANSFORM LOOP NOTE: 00050 * You can define SHA2_UNROLL_TRANSFORM to use the unrolled transform 00051 * loop version for the hash transform rounds (defined using macros 00052 * later in this file). Either define on the command line, for example: 00053 * 00054 * cc -DSHA2_UNROLL_TRANSFORM -o sha2 sha2.c sha2prog.c 00055 * 00056 * or define below: 00057 * 00058 * #define SHA2_UNROLL_TRANSFORM 00059 * 00060 */ 00061 00062 00063 /*** SHA-256/384/512 Machine Architecture Definitions *****************/ 00064 /* 00065 * BYTE_ORDER NOTE: 00066 * 00067 * Please make sure that your system defines BYTE_ORDER. If your 00068 * architecture is little-endian, make sure it also defines 00069 * LITTLE_ENDIAN and that the two (BYTE_ORDER and LITTLE_ENDIAN) are 00070 * equivilent. 00071 * 00072 * If your system does not define the above, then you can do so by 00073 * hand like this: 00074 * 00075 * #define LITTLE_ENDIAN 1234 00076 * #define BIG_ENDIAN 4321 00077 * 00078 * And for little-endian machines, add: 00079 * 00080 * #define BYTE_ORDER LITTLE_ENDIAN 00081 * 00082 * Or for big-endian machines: 00083 * 00084 * #define BYTE_ORDER BIG_ENDIAN 00085 * 00086 * The FreeBSD machine this was written on defines BYTE_ORDER 00087 * appropriately by including <sys/types.h> (which in turn includes 00088 * <machine/endian.h> where the appropriate definitions are actually 00089 * made). 00090 */ 00091 #if !defined(BYTE_ORDER) || (BYTE_ORDER != LITTLE_ENDIAN && BYTE_ORDER != BIG_ENDIAN) 00092 #error Define BYTE_ORDER to be equal to either LITTLE_ENDIAN or BIG_ENDIAN 00093 #endif 00094 00095 /* 00096 * Define the followingsha2_* types to types of the correct length on 00097 * the native archtecture. Most BSD systems and Linux define u_intXX_t 00098 * types. Machines with very recent ANSI C headers, can use the 00099 * uintXX_t definintions from inttypes.h by defining SHA2_USE_INTTYPES_H 00100 * during compile or in the sha.h header file. 00101 * 00102 * Machines that support neither u_intXX_t nor inttypes.h's uintXX_t 00103 * will need to define these three typedefs below (and the appropriate 00104 * ones in sha.h too) by hand according to their system architecture. 00105 * 00106 * Thank you, Jun-ichiro itojun Hagino, for suggesting using u_intXX_t 00107 * types and pointing out recent ANSI C support for uintXX_t in inttypes.h. 00108 */ 00109 #ifdef SHA2_USE_INTTYPES_H 00110 00111 typedef uint8_t sha2_byte; /* Exactly 1 byte */ 00112 typedef uint32_t sha2_word32; /* Exactly 4 bytes */ 00113 typedef uint64_t sha2_word64; /* Exactly 8 bytes */ 00114 00115 #else /* SHA2_USE_INTTYPES_H */ 00116 00117 typedef u_int8_t sha2_byte; /* Exactly 1 byte */ 00118 typedef u_int32_t sha2_word32; /* Exactly 4 bytes */ 00119 typedef u_int64_t sha2_word64; /* Exactly 8 bytes */ 00120 00121 #endif /* SHA2_USE_INTTYPES_H */ 00122 00123 00124 /*** SHA-256/384/512 Various Length Definitions ***********************/ 00125 /* NOTE: Most of these are in sha2.h */ 00126 #define SHA256_SHORT_BLOCK_LENGTH (SHA256_BLOCK_LENGTH - 8) 00127 #define SHA384_SHORT_BLOCK_LENGTH (SHA384_BLOCK_LENGTH - 16) 00128 #define SHA512_SHORT_BLOCK_LENGTH (SHA512_BLOCK_LENGTH - 16) 00129 00130 00131 #if (defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L)) || defined(__GNUC__) || defined(_HPUX_SOURCE) || defined(__IBMC__) 00132 #define ULL(number) number##ULL 00133 #else 00134 #define ULL(number) (uint64_t)(number) 00135 #endif 00136 /*** ENDIAN REVERSAL MACROS *******************************************/ 00137 #if BYTE_ORDER == LITTLE_ENDIAN 00138 #define REVERSE32(w,x) { \ 00139 sha2_word32 tmp = (w); \ 00140 tmp = (tmp >> 16) | (tmp << 16); \ 00141 (x) = ((tmp & 0xff00ff00UL) >> 8) | ((tmp & 0x00ff00ffUL) << 8); \ 00142 } 00143 #define REVERSE64(w,x) { \ 00144 sha2_word64 tmp = (w); \ 00145 tmp = (tmp >> 32) | (tmp << 32); \ 00146 tmp = ((tmp & ULL(0xff00ff00ff00ff00)) >> 8) | \ 00147 ((tmp & ULL(0x00ff00ff00ff00ff)) << 8); \ 00148 (x) = ((tmp & ULL(0xffff0000ffff0000)) >> 16) | \ 00149 ((tmp & ULL(0x0000ffff0000ffff)) << 16); \ 00150 } 00151 #endif /* BYTE_ORDER == LITTLE_ENDIAN */ 00152 00153 /* 00154 * Macro for incrementally adding the unsigned 64-bit integer n to the 00155 * unsigned 128-bit integer (represented using a two-element array of 00156 * 64-bit words): 00157 */ 00158 #define ADDINC128(w,n) { \ 00159 (w)[0] += (sha2_word64)(n); \ 00160 if ((w)[0] < (n)) { \ 00161 (w)[1]++; \ 00162 } \ 00163 } 00164 00165 /* 00166 * Macros for copying blocks of memory and for zeroing out ranges 00167 * of memory. Using these macros makes it easy to switch from 00168 * using memset()/memcpy() and using bzero()/bcopy(). 00169 * 00170 * Please define either SHA2_USE_MEMSET_MEMCPY or define 00171 * SHA2_USE_BZERO_BCOPY depending on which function set you 00172 * choose to use: 00173 */ 00174 #if !defined(SHA2_USE_MEMSET_MEMCPY) && !defined(SHA2_USE_BZERO_BCOPY) 00175 /* Default to memset()/memcpy() if no option is specified */ 00176 #define SHA2_USE_MEMSET_MEMCPY 1 00177 #endif 00178 #if defined(SHA2_USE_MEMSET_MEMCPY) && defined(SHA2_USE_BZERO_BCOPY) 00179 /* Abort with an error if BOTH options are defined */ 00180 #error Define either SHA2_USE_MEMSET_MEMCPY or SHA2_USE_BZERO_BCOPY, not both! 00181 #endif 00182 00183 #ifdef SHA2_USE_MEMSET_MEMCPY 00184 #define MEMSET_BZERO(p,l) memset((p), 0, (l)) 00185 #define MEMCPY_BCOPY(d,s,l) memcpy((d), (s), (l)) 00186 #endif 00187 #ifdef SHA2_USE_BZERO_BCOPY 00188 #define MEMSET_BZERO(p,l) bzero((p), (l)) 00189 #define MEMCPY_BCOPY(d,s,l) bcopy((s), (d), (l)) 00190 #endif 00191 00192 00193 /*** THE SIX LOGICAL FUNCTIONS ****************************************/ 00194 /* 00195 * Bit shifting and rotation (used by the six SHA-XYZ logical functions: 00196 * 00197 * NOTE: The naming of R and S appears backwards here (R is a SHIFT and 00198 * S is a ROTATION) because the SHA-256/384/512 description document 00199 * (see http://csrc.nist.gov/cryptval/shs/sha256-384-512.pdf) uses this 00200 * same "backwards" definition. 00201 */ 00202 /* Shift-right (used in SHA-256, SHA-384, and SHA-512): */ 00203 #define R(b,x) ((x) >> (b)) 00204 /* 32-bit Rotate-right (used in SHA-256): */ 00205 #define S32(b,x) (((x) >> (b)) | ((x) << (32 - (b)))) 00206 /* 64-bit Rotate-right (used in SHA-384 and SHA-512): */ 00207 #define S64(b,x) (((x) >> (b)) | ((x) << (64 - (b)))) 00208 00209 /* Two of six logical functions used in SHA-256, SHA-384, and SHA-512: */ 00210 #define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z))) 00211 #define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) 00212 00213 /* Four of six logical functions used in SHA-256: */ 00214 #define Sigma0_256(x) (S32(2, (x)) ^ S32(13, (x)) ^ S32(22, (x))) 00215 #define Sigma1_256(x) (S32(6, (x)) ^ S32(11, (x)) ^ S32(25, (x))) 00216 #define sigma0_256(x) (S32(7, (x)) ^ S32(18, (x)) ^ R(3 , (x))) 00217 #define sigma1_256(x) (S32(17, (x)) ^ S32(19, (x)) ^ R(10, (x))) 00218 00219 /* Four of six logical functions used in SHA-384 and SHA-512: */ 00220 #define Sigma0_512(x) (S64(28, (x)) ^ S64(34, (x)) ^ S64(39, (x))) 00221 #define Sigma1_512(x) (S64(14, (x)) ^ S64(18, (x)) ^ S64(41, (x))) 00222 #define sigma0_512(x) (S64( 1, (x)) ^ S64( 8, (x)) ^ R( 7, (x))) 00223 #define sigma1_512(x) (S64(19, (x)) ^ S64(61, (x)) ^ R( 6, (x))) 00224 00225 /*** INTERNAL FUNCTION PROTOTYPES *************************************/ 00226 /* NOTE: These should not be accessed directly from outside this 00227 * library -- they are intended for private internal visibility/use 00228 * only. 00229 */ 00230 void SHA512_Last(SHA512_CTX*); 00231 void SHA256_Transform(SHA256_CTX*, const sha2_word32*); 00232 void SHA512_Transform(SHA512_CTX*, const sha2_word64*); 00233 00234 00235 /*** SHA-XYZ INITIAL HASH VALUES AND CONSTANTS ************************/ 00236 /* Hash constant words K for SHA-256: */ 00237 static const sha2_word32 K256[64] = { 00238 0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL, 00239 0x3956c25bUL, 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL, 00240 0xd807aa98UL, 0x12835b01UL, 0x243185beUL, 0x550c7dc3UL, 00241 0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL, 0xc19bf174UL, 00242 0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL, 00243 0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL, 00244 0x983e5152UL, 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL, 00245 0xc6e00bf3UL, 0xd5a79147UL, 0x06ca6351UL, 0x14292967UL, 00246 0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL, 0x53380d13UL, 00247 0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL, 00248 0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL, 00249 0xd192e819UL, 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL, 00250 0x19a4c116UL, 0x1e376c08UL, 0x2748774cUL, 0x34b0bcb5UL, 00251 0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL, 0x682e6ff3UL, 00252 0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL, 00253 0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL 00254 }; 00255 00256 /* Initial hash value H for SHA-256: */ 00257 static const sha2_word32 sha256_initial_hash_value[8] = { 00258 0x6a09e667UL, 00259 0xbb67ae85UL, 00260 0x3c6ef372UL, 00261 0xa54ff53aUL, 00262 0x510e527fUL, 00263 0x9b05688cUL, 00264 0x1f83d9abUL, 00265 0x5be0cd19UL 00266 }; 00267 00268 /* Hash constant words K for SHA-384 and SHA-512: */ 00269 static const sha2_word64 K512[80] = { 00270 ULL(0x428a2f98d728ae22), ULL(0x7137449123ef65cd), 00271 ULL(0xb5c0fbcfec4d3b2f), ULL(0xe9b5dba58189dbbc), 00272 ULL(0x3956c25bf348b538), ULL(0x59f111f1b605d019), 00273 ULL(0x923f82a4af194f9b), ULL(0xab1c5ed5da6d8118), 00274 ULL(0xd807aa98a3030242), ULL(0x12835b0145706fbe), 00275 ULL(0x243185be4ee4b28c), ULL(0x550c7dc3d5ffb4e2), 00276 ULL(0x72be5d74f27b896f), ULL(0x80deb1fe3b1696b1), 00277 ULL(0x9bdc06a725c71235), ULL(0xc19bf174cf692694), 00278 ULL(0xe49b69c19ef14ad2), ULL(0xefbe4786384f25e3), 00279 ULL(0x0fc19dc68b8cd5b5), ULL(0x240ca1cc77ac9c65), 00280 ULL(0x2de92c6f592b0275), ULL(0x4a7484aa6ea6e483), 00281 ULL(0x5cb0a9dcbd41fbd4), ULL(0x76f988da831153b5), 00282 ULL(0x983e5152ee66dfab), ULL(0xa831c66d2db43210), 00283 ULL(0xb00327c898fb213f), ULL(0xbf597fc7beef0ee4), 00284 ULL(0xc6e00bf33da88fc2), ULL(0xd5a79147930aa725), 00285 ULL(0x06ca6351e003826f), ULL(0x142929670a0e6e70), 00286 ULL(0x27b70a8546d22ffc), ULL(0x2e1b21385c26c926), 00287 ULL(0x4d2c6dfc5ac42aed), ULL(0x53380d139d95b3df), 00288 ULL(0x650a73548baf63de), ULL(0x766a0abb3c77b2a8), 00289 ULL(0x81c2c92e47edaee6), ULL(0x92722c851482353b), 00290 ULL(0xa2bfe8a14cf10364), ULL(0xa81a664bbc423001), 00291 ULL(0xc24b8b70d0f89791), ULL(0xc76c51a30654be30), 00292 ULL(0xd192e819d6ef5218), ULL(0xd69906245565a910), 00293 ULL(0xf40e35855771202a), ULL(0x106aa07032bbd1b8), 00294 ULL(0x19a4c116b8d2d0c8), ULL(0x1e376c085141ab53), 00295 ULL(0x2748774cdf8eeb99), ULL(0x34b0bcb5e19b48a8), 00296 ULL(0x391c0cb3c5c95a63), ULL(0x4ed8aa4ae3418acb), 00297 ULL(0x5b9cca4f7763e373), ULL(0x682e6ff3d6b2b8a3), 00298 ULL(0x748f82ee5defb2fc), ULL(0x78a5636f43172f60), 00299 ULL(0x84c87814a1f0ab72), ULL(0x8cc702081a6439ec), 00300 ULL(0x90befffa23631e28), ULL(0xa4506cebde82bde9), 00301 ULL(0xbef9a3f7b2c67915), ULL(0xc67178f2e372532b), 00302 ULL(0xca273eceea26619c), ULL(0xd186b8c721c0c207), 00303 ULL(0xeada7dd6cde0eb1e), ULL(0xf57d4f7fee6ed178), 00304 ULL(0x06f067aa72176fba), ULL(0x0a637dc5a2c898a6), 00305 ULL(0x113f9804bef90dae), ULL(0x1b710b35131c471b), 00306 ULL(0x28db77f523047d84), ULL(0x32caab7b40c72493), 00307 ULL(0x3c9ebe0a15c9bebc), ULL(0x431d67c49c100d4c), 00308 ULL(0x4cc5d4becb3e42b6), ULL(0x597f299cfc657e2a), 00309 ULL(0x5fcb6fab3ad6faec), ULL(0x6c44198c4a475817) 00310 }; 00311 00312 /* Initial hash value H for SHA-384 */ 00313 static const sha2_word64 sha384_initial_hash_value[8] = { 00314 ULL(0xcbbb9d5dc1059ed8), 00315 ULL(0x629a292a367cd507), 00316 ULL(0x9159015a3070dd17), 00317 ULL(0x152fecd8f70e5939), 00318 ULL(0x67332667ffc00b31), 00319 ULL(0x8eb44a8768581511), 00320 ULL(0xdb0c2e0d64f98fa7), 00321 ULL(0x47b5481dbefa4fa4) 00322 }; 00323 00324 /* Initial hash value H for SHA-512 */ 00325 static const sha2_word64 sha512_initial_hash_value[8] = { 00326 ULL(0x6a09e667f3bcc908), 00327 ULL(0xbb67ae8584caa73b), 00328 ULL(0x3c6ef372fe94f82b), 00329 ULL(0xa54ff53a5f1d36f1), 00330 ULL(0x510e527fade682d1), 00331 ULL(0x9b05688c2b3e6c1f), 00332 ULL(0x1f83d9abfb41bd6b), 00333 ULL(0x5be0cd19137e2179) 00334 }; 00335 00336 /* 00337 * Constant used by SHA256/384/512_End() functions for converting the 00338 * digest to a readable hexadecimal character string: 00339 */ 00340 static const char *sha2_hex_digits = "0123456789abcdef"; 00341 00342 00343 /*** SHA-256: *********************************************************/ 00344 void SHA256_Init(SHA256_CTX* context) { 00345 if (context == (SHA256_CTX*)0) { 00346 return; 00347 } 00348 MEMCPY_BCOPY(context->state, sha256_initial_hash_value, SHA256_DIGEST_LENGTH); 00349 MEMSET_BZERO(context->buffer, SHA256_BLOCK_LENGTH); 00350 context->bitcount = 0; 00351 } 00352 00353 #ifdef SHA2_UNROLL_TRANSFORM 00354 00355 /* Unrolled SHA-256 round macros: */ 00356 00357 #if BYTE_ORDER == LITTLE_ENDIAN 00358 00359 #define ROUND256_0_TO_15(a,b,c,d,e,f,g,h) \ 00360 REVERSE32(*data++, W256[j]); \ 00361 T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + \ 00362 K256[j] + W256[j]; \ 00363 (d) += T1; \ 00364 (h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \ 00365 j++ 00366 00367 00368 #else /* BYTE_ORDER == LITTLE_ENDIAN */ 00369 00370 #define ROUND256_0_TO_15(a,b,c,d,e,f,g,h) \ 00371 T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + \ 00372 K256[j] + (W256[j] = *data++); \ 00373 (d) += T1; \ 00374 (h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \ 00375 j++ 00376 00377 #endif /* BYTE_ORDER == LITTLE_ENDIAN */ 00378 00379 #define ROUND256(a,b,c,d,e,f,g,h) \ 00380 s0 = W256[(j+1)&0x0f]; \ 00381 s0 = sigma0_256(s0); \ 00382 s1 = W256[(j+14)&0x0f]; \ 00383 s1 = sigma1_256(s1); \ 00384 T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + K256[j] + \ 00385 (W256[j&0x0f] += s1 + W256[(j+9)&0x0f] + s0); \ 00386 (d) += T1; \ 00387 (h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \ 00388 j++ 00389 00390 void SHA256_Transform(SHA256_CTX* context, const sha2_word32* data) { 00391 sha2_word32 a, b, c, d, e, f, g, h, s0, s1; 00392 sha2_word32 T1, *W256; 00393 int j; 00394 00395 W256 = (sha2_word32*)context->buffer; 00396 00397 /* Initialize registers with the prev. intermediate value */ 00398 a = context->state[0]; 00399 b = context->state[1]; 00400 c = context->state[2]; 00401 d = context->state[3]; 00402 e = context->state[4]; 00403 f = context->state[5]; 00404 g = context->state[6]; 00405 h = context->state[7]; 00406 00407 j = 0; 00408 do { 00409 /* Rounds 0 to 15 (unrolled): */ 00410 ROUND256_0_TO_15(a,b,c,d,e,f,g,h); 00411 ROUND256_0_TO_15(h,a,b,c,d,e,f,g); 00412 ROUND256_0_TO_15(g,h,a,b,c,d,e,f); 00413 ROUND256_0_TO_15(f,g,h,a,b,c,d,e); 00414 ROUND256_0_TO_15(e,f,g,h,a,b,c,d); 00415 ROUND256_0_TO_15(d,e,f,g,h,a,b,c); 00416 ROUND256_0_TO_15(c,d,e,f,g,h,a,b); 00417 ROUND256_0_TO_15(b,c,d,e,f,g,h,a); 00418 } while (j < 16); 00419 00420 /* Now for the remaining rounds to 64: */ 00421 do { 00422 ROUND256(a,b,c,d,e,f,g,h); 00423 ROUND256(h,a,b,c,d,e,f,g); 00424 ROUND256(g,h,a,b,c,d,e,f); 00425 ROUND256(f,g,h,a,b,c,d,e); 00426 ROUND256(e,f,g,h,a,b,c,d); 00427 ROUND256(d,e,f,g,h,a,b,c); 00428 ROUND256(c,d,e,f,g,h,a,b); 00429 ROUND256(b,c,d,e,f,g,h,a); 00430 } while (j < 64); 00431 00432 /* Compute the current intermediate hash value */ 00433 context->state[0] += a; 00434 context->state[1] += b; 00435 context->state[2] += c; 00436 context->state[3] += d; 00437 context->state[4] += e; 00438 context->state[5] += f; 00439 context->state[6] += g; 00440 context->state[7] += h; 00441 00442 /* Clean up */ 00443 a = b = c = d = e = f = g = h = T1 = 0; 00444 } 00445 00446 #else /* SHA2_UNROLL_TRANSFORM */ 00447 00448 void SHA256_Transform(SHA256_CTX* context, const sha2_word32* data) { 00449 sha2_word32 a, b, c, d, e, f, g, h, s0, s1; 00450 sha2_word32 T1, T2, *W256; 00451 int j; 00452 00453 W256 = (sha2_word32*)context->buffer; 00454 00455 /* Initialize registers with the prev. intermediate value */ 00456 a = context->state[0]; 00457 b = context->state[1]; 00458 c = context->state[2]; 00459 d = context->state[3]; 00460 e = context->state[4]; 00461 f = context->state[5]; 00462 g = context->state[6]; 00463 h = context->state[7]; 00464 00465 j = 0; 00466 do { 00467 #if BYTE_ORDER == LITTLE_ENDIAN 00468 /* Copy data while converting to host byte order */ 00469 REVERSE32(*data++,W256[j]); 00470 /* Apply the SHA-256 compression function to update a..h */ 00471 T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + W256[j]; 00472 #else /* BYTE_ORDER == LITTLE_ENDIAN */ 00473 /* Apply the SHA-256 compression function to update a..h with copy */ 00474 T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + (W256[j] = *data++); 00475 #endif /* BYTE_ORDER == LITTLE_ENDIAN */ 00476 T2 = Sigma0_256(a) + Maj(a, b, c); 00477 h = g; 00478 g = f; 00479 f = e; 00480 e = d + T1; 00481 d = c; 00482 c = b; 00483 b = a; 00484 a = T1 + T2; 00485 00486 j++; 00487 } while (j < 16); 00488 00489 do { 00490 /* Part of the message block expansion: */ 00491 s0 = W256[(j+1)&0x0f]; 00492 s0 = sigma0_256(s0); 00493 s1 = W256[(j+14)&0x0f]; 00494 s1 = sigma1_256(s1); 00495 00496 /* Apply the SHA-256 compression function to update a..h */ 00497 T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + 00498 (W256[j&0x0f] += s1 + W256[(j+9)&0x0f] + s0); 00499 T2 = Sigma0_256(a) + Maj(a, b, c); 00500 h = g; 00501 g = f; 00502 f = e; 00503 e = d + T1; 00504 d = c; 00505 c = b; 00506 b = a; 00507 a = T1 + T2; 00508 00509 j++; 00510 } while (j < 64); 00511 00512 /* Compute the current intermediate hash value */ 00513 context->state[0] += a; 00514 context->state[1] += b; 00515 context->state[2] += c; 00516 context->state[3] += d; 00517 context->state[4] += e; 00518 context->state[5] += f; 00519 context->state[6] += g; 00520 context->state[7] += h; 00521 00522 /* Clean up */ 00523 a = b = c = d = e = f = g = h = T1 = T2 = 0; 00524 } 00525 00526 #endif /* SHA2_UNROLL_TRANSFORM */ 00527 00528 void SHA256_Update(SHA256_CTX* context, const sha2_byte *data, size_t len) { 00529 unsigned int freespace, usedspace; 00530 00531 if (len == 0) { 00532 /* Calling with no data is valid - we do nothing */ 00533 return; 00534 } 00535 00536 /* Sanity check: */ 00537 assert(context != (SHA256_CTX*)0 && data != (sha2_byte*)0); 00538 00539 usedspace = (unsigned int)((context->bitcount >> 3) % SHA256_BLOCK_LENGTH); 00540 if (usedspace > 0) { 00541 /* Calculate how much free space is available in the buffer */ 00542 freespace = SHA256_BLOCK_LENGTH - usedspace; 00543 00544 if (len >= freespace) { 00545 /* Fill the buffer completely and process it */ 00546 MEMCPY_BCOPY(&context->buffer[usedspace], data, freespace); 00547 context->bitcount += freespace << 3; 00548 len -= freespace; 00549 data += freespace; 00550 SHA256_Transform(context, (sha2_word32*)context->buffer); 00551 } else { 00552 /* The buffer is not yet full */ 00553 MEMCPY_BCOPY(&context->buffer[usedspace], data, len); 00554 context->bitcount += len << 3; 00555 /* Clean up: */ 00556 usedspace = freespace = 0; 00557 return; 00558 } 00559 } 00560 while (len >= SHA256_BLOCK_LENGTH) { 00561 /* Process as many complete blocks as we can */ 00562 MEMCPY_BCOPY(context->buffer, data, SHA256_BLOCK_LENGTH); 00563 SHA256_Transform(context, (sha2_word32*)context->buffer); 00564 context->bitcount += SHA256_BLOCK_LENGTH << 3; 00565 len -= SHA256_BLOCK_LENGTH; 00566 data += SHA256_BLOCK_LENGTH; 00567 } 00568 if (len > 0) { 00569 /* There's left-overs, so save 'em */ 00570 MEMCPY_BCOPY(context->buffer, data, len); 00571 context->bitcount += len << 3; 00572 } 00573 /* Clean up: */ 00574 usedspace = freespace = 0; 00575 } 00576 00577 void SHA256_Final(sha2_byte digest[], SHA256_CTX* context) { 00578 sha2_word32 *d = (sha2_word32*)digest; 00579 unsigned int usedspace; 00580 00581 /* Sanity check: */ 00582 assert(context != (SHA256_CTX*)0); 00583 00584 /* If no digest buffer is passed, we don't bother doing this: */ 00585 if (digest != (sha2_byte*)0) { 00586 usedspace = (unsigned int)((context->bitcount >> 3) % SHA256_BLOCK_LENGTH); 00587 #if BYTE_ORDER == LITTLE_ENDIAN 00588 /* Convert FROM host byte order */ 00589 REVERSE64(context->bitcount,context->bitcount); 00590 #endif 00591 if (usedspace > 0) { 00592 /* Begin padding with a 1 bit: */ 00593 context->buffer[usedspace++] = 0x80; 00594 00595 if (usedspace <= SHA256_SHORT_BLOCK_LENGTH) { 00596 /* Set-up for the last transform: */ 00597 MEMSET_BZERO(&context->buffer[usedspace], SHA256_SHORT_BLOCK_LENGTH - usedspace); 00598 } else { 00599 if (usedspace < SHA256_BLOCK_LENGTH) { 00600 MEMSET_BZERO(&context->buffer[usedspace], SHA256_BLOCK_LENGTH - usedspace); 00601 } 00602 /* Do second-to-last transform: */ 00603 SHA256_Transform(context, (sha2_word32*)context->buffer); 00604 00605 /* And set-up for the last transform: */ 00606 MEMSET_BZERO(context->buffer, SHA256_SHORT_BLOCK_LENGTH); 00607 } 00608 } else { 00609 /* Set-up for the last transform: */ 00610 MEMSET_BZERO(context->buffer, SHA256_SHORT_BLOCK_LENGTH); 00611 00612 /* Begin padding with a 1 bit: */ 00613 *context->buffer = 0x80; 00614 } 00615 /* Set the bit count: */ 00616 *(sha2_word64*)&context->buffer[SHA256_SHORT_BLOCK_LENGTH] = context->bitcount; 00617 00618 /* Final transform: */ 00619 SHA256_Transform(context, (sha2_word32*)context->buffer); 00620 00621 #if BYTE_ORDER == LITTLE_ENDIAN 00622 { 00623 /* Convert TO host byte order */ 00624 int j; 00625 for (j = 0; j < 8; j++) { 00626 REVERSE32(context->state[j],context->state[j]); 00627 *d++ = context->state[j]; 00628 } 00629 } 00630 #else 00631 MEMCPY_BCOPY(d, context->state, SHA256_DIGEST_LENGTH); 00632 #endif 00633 } 00634 00635 /* Clean up state data: */ 00636 MEMSET_BZERO(context, sizeof(context)); 00637 usedspace = 0; 00638 } 00639 00640 char *SHA256_End(SHA256_CTX* context, char buffer[]) { 00641 sha2_byte digest[SHA256_DIGEST_LENGTH], *d = digest; 00642 int i; 00643 00644 /* Sanity check: */ 00645 assert(context != (SHA256_CTX*)0); 00646 00647 if (buffer != (char*)0) { 00648 SHA256_Final(digest, context); 00649 for (i = 0; i < SHA256_DIGEST_LENGTH; i++) { 00650 *buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4]; 00651 *buffer++ = sha2_hex_digits[*d & 0x0f]; 00652 d++; 00653 } 00654 *buffer = (char)0; 00655 } else { 00656 MEMSET_BZERO(context, sizeof(context)); 00657 } 00658 MEMSET_BZERO(digest, SHA256_DIGEST_LENGTH); 00659 return buffer; 00660 } 00661 00662 char* SHA256_Data(const sha2_byte* data, size_t len, char digest[SHA256_DIGEST_STRING_LENGTH]) { 00663 SHA256_CTX context; 00664 00665 SHA256_Init(&context); 00666 SHA256_Update(&context, data, len); 00667 return SHA256_End(&context, digest); 00668 } 00669 00670 00671 /*** SHA-512: *********************************************************/ 00672 void SHA512_Init(SHA512_CTX* context) { 00673 if (context == (SHA512_CTX*)0) { 00674 return; 00675 } 00676 MEMCPY_BCOPY(context->state, sha512_initial_hash_value, SHA512_DIGEST_LENGTH); 00677 MEMSET_BZERO(context->buffer, SHA512_BLOCK_LENGTH); 00678 context->bitcount[0] = context->bitcount[1] = 0; 00679 } 00680 00681 #ifdef SHA2_UNROLL_TRANSFORM 00682 00683 /* Unrolled SHA-512 round macros: */ 00684 #if BYTE_ORDER == LITTLE_ENDIAN 00685 00686 #define ROUND512_0_TO_15(a,b,c,d,e,f,g,h) \ 00687 REVERSE64(*data++, W512[j]); \ 00688 T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + \ 00689 K512[j] + W512[j]; \ 00690 (d) += T1, \ 00691 (h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)), \ 00692 j++ 00693 00694 00695 #else /* BYTE_ORDER == LITTLE_ENDIAN */ 00696 00697 #define ROUND512_0_TO_15(a,b,c,d,e,f,g,h) \ 00698 T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + \ 00699 K512[j] + (W512[j] = *data++); \ 00700 (d) += T1; \ 00701 (h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)); \ 00702 j++ 00703 00704 #endif /* BYTE_ORDER == LITTLE_ENDIAN */ 00705 00706 #define ROUND512(a,b,c,d,e,f,g,h) \ 00707 s0 = W512[(j+1)&0x0f]; \ 00708 s0 = sigma0_512(s0); \ 00709 s1 = W512[(j+14)&0x0f]; \ 00710 s1 = sigma1_512(s1); \ 00711 T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + K512[j] + \ 00712 (W512[j&0x0f] += s1 + W512[(j+9)&0x0f] + s0); \ 00713 (d) += T1; \ 00714 (h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)); \ 00715 j++ 00716 00717 void SHA512_Transform(SHA512_CTX* context, const sha2_word64* data) { 00718 sha2_word64 a, b, c, d, e, f, g, h, s0, s1; 00719 sha2_word64 T1, *W512 = (sha2_word64*)context->buffer; 00720 int j; 00721 00722 /* Initialize registers with the prev. intermediate value */ 00723 a = context->state[0]; 00724 b = context->state[1]; 00725 c = context->state[2]; 00726 d = context->state[3]; 00727 e = context->state[4]; 00728 f = context->state[5]; 00729 g = context->state[6]; 00730 h = context->state[7]; 00731 00732 j = 0; 00733 do { 00734 ROUND512_0_TO_15(a,b,c,d,e,f,g,h); 00735 ROUND512_0_TO_15(h,a,b,c,d,e,f,g); 00736 ROUND512_0_TO_15(g,h,a,b,c,d,e,f); 00737 ROUND512_0_TO_15(f,g,h,a,b,c,d,e); 00738 ROUND512_0_TO_15(e,f,g,h,a,b,c,d); 00739 ROUND512_0_TO_15(d,e,f,g,h,a,b,c); 00740 ROUND512_0_TO_15(c,d,e,f,g,h,a,b); 00741 ROUND512_0_TO_15(b,c,d,e,f,g,h,a); 00742 } while (j < 16); 00743 00744 /* Now for the remaining rounds up to 79: */ 00745 do { 00746 ROUND512(a,b,c,d,e,f,g,h); 00747 ROUND512(h,a,b,c,d,e,f,g); 00748 ROUND512(g,h,a,b,c,d,e,f); 00749 ROUND512(f,g,h,a,b,c,d,e); 00750 ROUND512(e,f,g,h,a,b,c,d); 00751 ROUND512(d,e,f,g,h,a,b,c); 00752 ROUND512(c,d,e,f,g,h,a,b); 00753 ROUND512(b,c,d,e,f,g,h,a); 00754 } while (j < 80); 00755 00756 /* Compute the current intermediate hash value */ 00757 context->state[0] += a; 00758 context->state[1] += b; 00759 context->state[2] += c; 00760 context->state[3] += d; 00761 context->state[4] += e; 00762 context->state[5] += f; 00763 context->state[6] += g; 00764 context->state[7] += h; 00765 00766 /* Clean up */ 00767 a = b = c = d = e = f = g = h = T1 = 0; 00768 } 00769 00770 #else /* SHA2_UNROLL_TRANSFORM */ 00771 00772 void SHA512_Transform(SHA512_CTX* context, const sha2_word64* data) { 00773 sha2_word64 a, b, c, d, e, f, g, h, s0, s1; 00774 sha2_word64 T1, T2, *W512 = (sha2_word64*)context->buffer; 00775 int j; 00776 00777 /* Initialize registers with the prev. intermediate value */ 00778 a = context->state[0]; 00779 b = context->state[1]; 00780 c = context->state[2]; 00781 d = context->state[3]; 00782 e = context->state[4]; 00783 f = context->state[5]; 00784 g = context->state[6]; 00785 h = context->state[7]; 00786 00787 j = 0; 00788 do { 00789 #if BYTE_ORDER == LITTLE_ENDIAN 00790 /* Convert TO host byte order */ 00791 REVERSE64(*data++, W512[j]); 00792 /* Apply the SHA-512 compression function to update a..h */ 00793 T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + W512[j]; 00794 #else /* BYTE_ORDER == LITTLE_ENDIAN */ 00795 /* Apply the SHA-512 compression function to update a..h with copy */ 00796 T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + (W512[j] = *data++); 00797 #endif /* BYTE_ORDER == LITTLE_ENDIAN */ 00798 T2 = Sigma0_512(a) + Maj(a, b, c); 00799 h = g; 00800 g = f; 00801 f = e; 00802 e = d + T1; 00803 d = c; 00804 c = b; 00805 b = a; 00806 a = T1 + T2; 00807 00808 j++; 00809 } while (j < 16); 00810 00811 do { 00812 /* Part of the message block expansion: */ 00813 s0 = W512[(j+1)&0x0f]; 00814 s0 = sigma0_512(s0); 00815 s1 = W512[(j+14)&0x0f]; 00816 s1 = sigma1_512(s1); 00817 00818 /* Apply the SHA-512 compression function to update a..h */ 00819 T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + 00820 (W512[j&0x0f] += s1 + W512[(j+9)&0x0f] + s0); 00821 T2 = Sigma0_512(a) + Maj(a, b, c); 00822 h = g; 00823 g = f; 00824 f = e; 00825 e = d + T1; 00826 d = c; 00827 c = b; 00828 b = a; 00829 a = T1 + T2; 00830 00831 j++; 00832 } while (j < 80); 00833 00834 /* Compute the current intermediate hash value */ 00835 context->state[0] += a; 00836 context->state[1] += b; 00837 context->state[2] += c; 00838 context->state[3] += d; 00839 context->state[4] += e; 00840 context->state[5] += f; 00841 context->state[6] += g; 00842 context->state[7] += h; 00843 00844 /* Clean up */ 00845 a = b = c = d = e = f = g = h = T1 = T2 = 0; 00846 } 00847 00848 #endif /* SHA2_UNROLL_TRANSFORM */ 00849 00850 void SHA512_Update(SHA512_CTX* context, const sha2_byte *data, size_t len) { 00851 unsigned int freespace, usedspace; 00852 00853 if (len == 0) { 00854 /* Calling with no data is valid - we do nothing */ 00855 return; 00856 } 00857 00858 /* Sanity check: */ 00859 assert(context != (SHA512_CTX*)0 && data != (sha2_byte*)0); 00860 00861 usedspace = (unsigned int)((context->bitcount[0] >> 3) % SHA512_BLOCK_LENGTH); 00862 if (usedspace > 0) { 00863 /* Calculate how much free space is available in the buffer */ 00864 freespace = SHA512_BLOCK_LENGTH - usedspace; 00865 00866 if (len >= freespace) { 00867 /* Fill the buffer completely and process it */ 00868 MEMCPY_BCOPY(&context->buffer[usedspace], data, freespace); 00869 ADDINC128(context->bitcount, freespace << 3); 00870 len -= freespace; 00871 data += freespace; 00872 SHA512_Transform(context, (sha2_word64*)context->buffer); 00873 } else { 00874 /* The buffer is not yet full */ 00875 MEMCPY_BCOPY(&context->buffer[usedspace], data, len); 00876 ADDINC128(context->bitcount, len << 3); 00877 /* Clean up: */ 00878 usedspace = freespace = 0; 00879 return; 00880 } 00881 } 00882 while (len >= SHA512_BLOCK_LENGTH) { 00883 /* Process as many complete blocks as we can */ 00884 MEMCPY_BCOPY(context->buffer, data, SHA512_BLOCK_LENGTH); 00885 SHA512_Transform(context, (sha2_word64*)context->buffer); 00886 ADDINC128(context->bitcount, SHA512_BLOCK_LENGTH << 3); 00887 len -= SHA512_BLOCK_LENGTH; 00888 data += SHA512_BLOCK_LENGTH; 00889 } 00890 if (len > 0) { 00891 /* There's left-overs, so save 'em */ 00892 MEMCPY_BCOPY(context->buffer, data, len); 00893 ADDINC128(context->bitcount, len << 3); 00894 } 00895 /* Clean up: */ 00896 usedspace = freespace = 0; 00897 } 00898 00899 void SHA512_Last(SHA512_CTX* context) { 00900 unsigned int usedspace; 00901 00902 usedspace = (unsigned int)((context->bitcount[0] >> 3) % SHA512_BLOCK_LENGTH); 00903 #if BYTE_ORDER == LITTLE_ENDIAN 00904 /* Convert FROM host byte order */ 00905 REVERSE64(context->bitcount[0],context->bitcount[0]); 00906 REVERSE64(context->bitcount[1],context->bitcount[1]); 00907 #endif 00908 if (usedspace > 0) { 00909 /* Begin padding with a 1 bit: */ 00910 context->buffer[usedspace++] = 0x80; 00911 00912 if (usedspace <= SHA512_SHORT_BLOCK_LENGTH) { 00913 /* Set-up for the last transform: */ 00914 MEMSET_BZERO(&context->buffer[usedspace], SHA512_SHORT_BLOCK_LENGTH - usedspace); 00915 } else { 00916 if (usedspace < SHA512_BLOCK_LENGTH) { 00917 MEMSET_BZERO(&context->buffer[usedspace], SHA512_BLOCK_LENGTH - usedspace); 00918 } 00919 /* Do second-to-last transform: */ 00920 SHA512_Transform(context, (sha2_word64*)context->buffer); 00921 00922 /* And set-up for the last transform: */ 00923 MEMSET_BZERO(context->buffer, SHA512_BLOCK_LENGTH - 2); 00924 } 00925 } else { 00926 /* Prepare for final transform: */ 00927 MEMSET_BZERO(context->buffer, SHA512_SHORT_BLOCK_LENGTH); 00928 00929 /* Begin padding with a 1 bit: */ 00930 *context->buffer = 0x80; 00931 } 00932 /* Store the length of input data (in bits): */ 00933 *(sha2_word64*)&context->buffer[SHA512_SHORT_BLOCK_LENGTH] = context->bitcount[1]; 00934 *(sha2_word64*)&context->buffer[SHA512_SHORT_BLOCK_LENGTH+8] = context->bitcount[0]; 00935 00936 /* Final transform: */ 00937 SHA512_Transform(context, (sha2_word64*)context->buffer); 00938 } 00939 00940 void SHA512_Final(sha2_byte digest[], SHA512_CTX* context) { 00941 sha2_word64 *d = (sha2_word64*)digest; 00942 00943 /* Sanity check: */ 00944 assert(context != (SHA512_CTX*)0); 00945 00946 /* If no digest buffer is passed, we don't bother doing this: */ 00947 if (digest != (sha2_byte*)0) { 00948 SHA512_Last(context); 00949 00950 /* Save the hash data for output: */ 00951 #if BYTE_ORDER == LITTLE_ENDIAN 00952 { 00953 /* Convert TO host byte order */ 00954 int j; 00955 for (j = 0; j < 8; j++) { 00956 REVERSE64(context->state[j],context->state[j]); 00957 *d++ = context->state[j]; 00958 } 00959 } 00960 #else 00961 MEMCPY_BCOPY(d, context->state, SHA512_DIGEST_LENGTH); 00962 #endif 00963 } 00964 00965 /* Zero out state data */ 00966 MEMSET_BZERO(context, sizeof(context)); 00967 } 00968 00969 char *SHA512_End(SHA512_CTX* context, char buffer[]) { 00970 sha2_byte digest[SHA512_DIGEST_LENGTH], *d = digest; 00971 int i; 00972 00973 /* Sanity check: */ 00974 assert(context != (SHA512_CTX*)0); 00975 00976 if (buffer != (char*)0) { 00977 SHA512_Final(digest, context); 00978 for (i = 0; i < SHA512_DIGEST_LENGTH; i++) { 00979 *buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4]; 00980 *buffer++ = sha2_hex_digits[*d & 0x0f]; 00981 d++; 00982 } 00983 *buffer = (char)0; 00984 } else { 00985 MEMSET_BZERO(context, sizeof(context)); 00986 } 00987 MEMSET_BZERO(digest, SHA512_DIGEST_LENGTH); 00988 return buffer; 00989 } 00990 00991 char* SHA512_Data(const sha2_byte* data, size_t len, char digest[SHA512_DIGEST_STRING_LENGTH]) { 00992 SHA512_CTX context; 00993 00994 SHA512_Init(&context); 00995 SHA512_Update(&context, data, len); 00996 return SHA512_End(&context, digest); 00997 } 00998 00999 01000 /*** SHA-384: *********************************************************/ 01001 void SHA384_Init(SHA384_CTX* context) { 01002 if (context == (SHA384_CTX*)0) { 01003 return; 01004 } 01005 MEMCPY_BCOPY(context->state, sha384_initial_hash_value, SHA512_DIGEST_LENGTH); 01006 MEMSET_BZERO(context->buffer, SHA384_BLOCK_LENGTH); 01007 context->bitcount[0] = context->bitcount[1] = 0; 01008 } 01009 01010 void SHA384_Update(SHA384_CTX* context, const sha2_byte* data, size_t len) { 01011 SHA512_Update((SHA512_CTX*)context, data, len); 01012 } 01013 01014 void SHA384_Final(sha2_byte digest[], SHA384_CTX* context) { 01015 sha2_word64 *d = (sha2_word64*)digest; 01016 01017 /* Sanity check: */ 01018 assert(context != (SHA384_CTX*)0); 01019 01020 /* If no digest buffer is passed, we don't bother doing this: */ 01021 if (digest != (sha2_byte*)0) { 01022 SHA512_Last((SHA512_CTX*)context); 01023 01024 /* Save the hash data for output: */ 01025 #if BYTE_ORDER == LITTLE_ENDIAN 01026 { 01027 /* Convert TO host byte order */ 01028 int j; 01029 for (j = 0; j < 6; j++) { 01030 REVERSE64(context->state[j],context->state[j]); 01031 *d++ = context->state[j]; 01032 } 01033 } 01034 #else 01035 MEMCPY_BCOPY(d, context->state, SHA384_DIGEST_LENGTH); 01036 #endif 01037 } 01038 01039 /* Zero out state data */ 01040 MEMSET_BZERO(context, sizeof(context)); 01041 } 01042 01043 char *SHA384_End(SHA384_CTX* context, char buffer[]) { 01044 sha2_byte digest[SHA384_DIGEST_LENGTH], *d = digest; 01045 int i; 01046 01047 /* Sanity check: */ 01048 assert(context != (SHA384_CTX*)0); 01049 01050 if (buffer != (char*)0) { 01051 SHA384_Final(digest, context); 01052 for (i = 0; i < SHA384_DIGEST_LENGTH; i++) { 01053 *buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4]; 01054 *buffer++ = sha2_hex_digits[*d & 0x0f]; 01055 d++; 01056 } 01057 *buffer = (char)0; 01058 } else { 01059 MEMSET_BZERO(context, sizeof(context)); 01060 } 01061 MEMSET_BZERO(digest, SHA384_DIGEST_LENGTH); 01062 return buffer; 01063 } 01064 01065 char* SHA384_Data(const sha2_byte* data, size_t len, char digest[SHA384_DIGEST_STRING_LENGTH]) { 01066 SHA384_CTX context; 01067 01068 SHA384_Init(&context); 01069 SHA384_Update(&context, data, len); 01070 return SHA384_End(&context, digest); 01071 } 01072 01073