search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Detect FPU by checking CPUID features.
[dragonfly.git] / contrib / bind-9.5.2 / lib / isc / sha2.c
blob76aa711457b6050f902f3c876e5a060fbba3104e
1 /*
2 * Copyright (C) 2005-2007, 2009 Internet Systems Consortium, Inc. ("ISC")
3 *
4 * Permission to use, copy, modify, and/or distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
7 *
8 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
9 * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
10 * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
11 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
12 * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
13 * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
14 * PERFORMANCE OF THIS SOFTWARE.
15 */
16
17 /* $Id: sha2.c,v 1.13.128.2 2009/01/19 23:47:03 tbox Exp $ */
18
19 /* $FreeBSD: src/sys/crypto/sha2/sha2.c,v 1.2.2.2 2002/03/05 08:36:47 ume Exp $ */
20 /* $KAME: sha2.c,v 1.8 2001/11/08 01:07:52 itojun Exp $ */
21
22 /*
23 * sha2.c
24 *
25 * Version 1.0.0beta1
26 *
27 * Written by Aaron D. Gifford <me@aarongifford.com>
28 *
29 * Copyright 2000 Aaron D. Gifford. All rights reserved.
30 *
31 * Redistribution and use in source and binary forms, with or without
32 * modification, are permitted provided that the following conditions
33 * are met:
34 * 1. Redistributions of source code must retain the above copyright
35 * notice, this list of conditions and the following disclaimer.
36 * 2. Redistributions in binary form must reproduce the above copyright
37 * notice, this list of conditions and the following disclaimer in the
38 * documentation and/or other materials provided with the distribution.
39 * 3. Neither the name of the copyright holder nor the names of contributors
40 * may be used to endorse or promote products derived from this software
41 * without specific prior written permission.
42 *
43 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) AND CONTRIBUTOR(S) ``AS IS'' AND
44 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
45 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
46 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR(S) OR CONTRIBUTOR(S) BE LIABLE
47 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
48 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
49 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
50 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
51 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
52 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
53 * SUCH DAMAGE.
54 *
55 */
56
57
58 #include <config.h>
59
60 #include <isc/assertions.h>
61 #include <isc/sha2.h>
62 #include <isc/string.h>
63 #include <isc/util.h>
64
65 /*
66 * UNROLLED TRANSFORM LOOP NOTE:
67 * You can define SHA2_UNROLL_TRANSFORM to use the unrolled transform
68 * loop version for the hash transform rounds (defined using macros
69 * later in this file). Either define on the command line, for example:
70 *
71 * cc -DISC_SHA2_UNROLL_TRANSFORM -o sha2 sha2.c sha2prog.c
72 *
73 * or define below:
74 *
75 * \#define ISC_SHA2_UNROLL_TRANSFORM
76 *
77 */
78
79 /*** SHA-256/384/512 Machine Architecture Definitions *****************/
80 /*
81 * BYTE_ORDER NOTE:
82 *
83 * Please make sure that your system defines BYTE_ORDER. If your
84 * architecture is little-endian, make sure it also defines
85 * LITTLE_ENDIAN and that the two (BYTE_ORDER and LITTLE_ENDIAN) are
86 * equivalent.
87 *
88 * If your system does not define the above, then you can do so by
89 * hand like this:
90 *
91 * \#define LITTLE_ENDIAN 1234
92 * \#define BIG_ENDIAN 4321
93 *
94 * And for little-endian machines, add:
95 *
96 * \#define BYTE_ORDER LITTLE_ENDIAN
97 *
98 * Or for big-endian machines:
99 *
100 * \#define BYTE_ORDER BIG_ENDIAN
101 *
102 * The FreeBSD machine this was written on defines BYTE_ORDER
103 * appropriately by including <sys/types.h> (which in turn includes
104 * <machine/endian.h> where the appropriate definitions are actually
105 * made).
106 */
107 #if !defined(BYTE_ORDER) || (BYTE_ORDER != LITTLE_ENDIAN && BYTE_ORDER != BIG_ENDIAN)
108 #ifndef BYTE_ORDER
109 #ifndef BIG_ENDIAN
110 #define BIG_ENDIAN 4321
111 #endif
112 #ifndef LITTLE_ENDIAN
113 #define LITTLE_ENDIAN 1234
114 #endif
115 #ifdef WORDS_BIGENDIAN
116 #define BYTE_ORDER BIG_ENDIAN
117 #else
118 #define BYTE_ORDER LITTLE_ENDIAN
119 #endif
120 #else
121 #error Define BYTE_ORDER to be equal to either LITTLE_ENDIAN or BIG_ENDIAN
122 #endif
123 #endif
124
125 /*** SHA-256/384/512 Various Length Definitions ***********************/
126 /* NOTE: Most of these are in sha2.h */
127 #define ISC_SHA256_SHORT_BLOCK_LENGTH (ISC_SHA256_BLOCK_LENGTH - 8)
128 #define ISC_SHA384_SHORT_BLOCK_LENGTH (ISC_SHA384_BLOCK_LENGTH - 16)
129 #define ISC_SHA512_SHORT_BLOCK_LENGTH (ISC_SHA512_BLOCK_LENGTH - 16)
130
131
132 /*** ENDIAN REVERSAL MACROS *******************************************/
133 #if BYTE_ORDER == LITTLE_ENDIAN
134 #define REVERSE32(w,x) { \
135 isc_uint32_t tmp = (w); \
136 tmp = (tmp >> 16) | (tmp << 16); \
137 (x) = ((tmp & 0xff00ff00UL) >> 8) | ((tmp & 0x00ff00ffUL) << 8); \
138 }
139 #ifdef WIN32
140 #define REVERSE64(w,x) { \
141 isc_uint64_t tmp = (w); \
142 tmp = (tmp >> 32) | (tmp << 32); \
143 tmp = ((tmp & 0xff00ff00ff00ff00UL) >> 8) | \
144 ((tmp & 0x00ff00ff00ff00ffUL) << 8); \
145 (x) = ((tmp & 0xffff0000ffff0000UL) >> 16) | \
146 ((tmp & 0x0000ffff0000ffffUL) << 16); \
147 }
148 #else
149 #define REVERSE64(w,x) { \
150 isc_uint64_t tmp = (w); \
151 tmp = (tmp >> 32) | (tmp << 32); \
152 tmp = ((tmp & 0xff00ff00ff00ff00ULL) >> 8) | \
153 ((tmp & 0x00ff00ff00ff00ffULL) << 8); \
154 (x) = ((tmp & 0xffff0000ffff0000ULL) >> 16) | \
155 ((tmp & 0x0000ffff0000ffffULL) << 16); \
156 }
157 #endif
158 #endif /* BYTE_ORDER == LITTLE_ENDIAN */
159
160 /*
161 * Macro for incrementally adding the unsigned 64-bit integer n to the
162 * unsigned 128-bit integer (represented using a two-element array of
163 * 64-bit words):
164 */
165 #define ADDINC128(w,n) { \
166 (w)[0] += (isc_uint64_t)(n); \
167 if ((w)[0] < (n)) { \
168 (w)[1]++; \
169 } \
170 }
171
172 /*** THE SIX LOGICAL FUNCTIONS ****************************************/
173 /*
174 * Bit shifting and rotation (used by the six SHA-XYZ logical functions:
175 *
176 * NOTE: The naming of R and S appears backwards here (R is a SHIFT and
177 * S is a ROTATION) because the SHA-256/384/512 description document
178 * (see http://csrc.nist.gov/cryptval/shs/sha256-384-512.pdf) uses this
179 * same "backwards" definition.
180 */
181 /* Shift-right (used in SHA-256, SHA-384, and SHA-512): */
182 #define R(b,x) ((x) >> (b))
183 /* 32-bit Rotate-right (used in SHA-256): */
184 #define S32(b,x) (((x) >> (b)) | ((x) << (32 - (b))))
185 /* 64-bit Rotate-right (used in SHA-384 and SHA-512): */
186 #define S64(b,x) (((x) >> (b)) | ((x) << (64 - (b))))
187
188 /* Two of six logical functions used in SHA-256, SHA-384, and SHA-512: */
189 #define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z)))
190 #define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
191
192 /* Four of six logical functions used in SHA-256: */
193 #define Sigma0_256(x) (S32(2, (x)) ^ S32(13, (x)) ^ S32(22, (x)))
194 #define Sigma1_256(x) (S32(6, (x)) ^ S32(11, (x)) ^ S32(25, (x)))
195 #define sigma0_256(x) (S32(7, (x)) ^ S32(18, (x)) ^ R(3 , (x)))
196 #define sigma1_256(x) (S32(17, (x)) ^ S32(19, (x)) ^ R(10, (x)))
197
198 /* Four of six logical functions used in SHA-384 and SHA-512: */
199 #define Sigma0_512(x) (S64(28, (x)) ^ S64(34, (x)) ^ S64(39, (x)))
200 #define Sigma1_512(x) (S64(14, (x)) ^ S64(18, (x)) ^ S64(41, (x)))
201 #define sigma0_512(x) (S64( 1, (x)) ^ S64( 8, (x)) ^ R( 7, (x)))
202 #define sigma1_512(x) (S64(19, (x)) ^ S64(61, (x)) ^ R( 6, (x)))
203
204 /*** INTERNAL FUNCTION PROTOTYPES *************************************/
205 /* NOTE: These should not be accessed directly from outside this
206 * library -- they are intended for private internal visibility/use
207 * only.
208 */
209 void isc_sha512_last(isc_sha512_t *);
210 void isc_sha256_transform(isc_sha256_t *, const isc_uint32_t*);
211 void isc_sha512_transform(isc_sha512_t *, const isc_uint64_t*);
212
213
214 /*** SHA-XYZ INITIAL HASH VALUES AND CONSTANTS ************************/
215 /* Hash constant words K for SHA-224 and SHA-256: */
216 static const isc_uint32_t K256[64] = {
217 0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL,
218 0x3956c25bUL, 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL,
219 0xd807aa98UL, 0x12835b01UL, 0x243185beUL, 0x550c7dc3UL,
220 0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL, 0xc19bf174UL,
221 0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL,
222 0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL,
223 0x983e5152UL, 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL,
224 0xc6e00bf3UL, 0xd5a79147UL, 0x06ca6351UL, 0x14292967UL,
225 0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL, 0x53380d13UL,
226 0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL,
227 0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL,
228 0xd192e819UL, 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL,
229 0x19a4c116UL, 0x1e376c08UL, 0x2748774cUL, 0x34b0bcb5UL,
230 0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL, 0x682e6ff3UL,
231 0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL,
232 0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL
233 };
234
235 /* Initial hash value H for SHA-224: */
236 static const isc_uint32_t sha224_initial_hash_value[8] = {
237 0xc1059ed8UL,
238 0x367cd507UL,
239 0x3070dd17UL,
240 0xf70e5939UL,
241 0xffc00b31UL,
242 0x68581511UL,
243 0x64f98fa7UL,
244 0xbefa4fa4UL
245 };
246
247 /* Initial hash value H for SHA-256: */
248 static const isc_uint32_t sha256_initial_hash_value[8] = {
249 0x6a09e667UL,
250 0xbb67ae85UL,
251 0x3c6ef372UL,
252 0xa54ff53aUL,
253 0x510e527fUL,
254 0x9b05688cUL,
255 0x1f83d9abUL,
256 0x5be0cd19UL
257 };
258
259 #ifdef WIN32
260 /* Hash constant words K for SHA-384 and SHA-512: */
261 static const isc_uint64_t K512[80] = {
262 0x428a2f98d728ae22UL, 0x7137449123ef65cdUL,
263 0xb5c0fbcfec4d3b2fUL, 0xe9b5dba58189dbbcUL,
264 0x3956c25bf348b538UL, 0x59f111f1b605d019UL,
265 0x923f82a4af194f9bUL, 0xab1c5ed5da6d8118UL,
266 0xd807aa98a3030242UL, 0x12835b0145706fbeUL,
267 0x243185be4ee4b28cUL, 0x550c7dc3d5ffb4e2UL,
268 0x72be5d74f27b896fUL, 0x80deb1fe3b1696b1UL,
269 0x9bdc06a725c71235UL, 0xc19bf174cf692694UL,
270 0xe49b69c19ef14ad2UL, 0xefbe4786384f25e3UL,
271 0x0fc19dc68b8cd5b5UL, 0x240ca1cc77ac9c65UL,
272 0x2de92c6f592b0275UL, 0x4a7484aa6ea6e483UL,
273 0x5cb0a9dcbd41fbd4UL, 0x76f988da831153b5UL,
274 0x983e5152ee66dfabUL, 0xa831c66d2db43210UL,
275 0xb00327c898fb213fUL, 0xbf597fc7beef0ee4UL,
276 0xc6e00bf33da88fc2UL, 0xd5a79147930aa725UL,
277 0x06ca6351e003826fUL, 0x142929670a0e6e70UL,
278 0x27b70a8546d22ffcUL, 0x2e1b21385c26c926UL,
279 0x4d2c6dfc5ac42aedUL, 0x53380d139d95b3dfUL,
280 0x650a73548baf63deUL, 0x766a0abb3c77b2a8UL,
281 0x81c2c92e47edaee6UL, 0x92722c851482353bUL,
282 0xa2bfe8a14cf10364UL, 0xa81a664bbc423001UL,
283 0xc24b8b70d0f89791UL, 0xc76c51a30654be30UL,
284 0xd192e819d6ef5218UL, 0xd69906245565a910UL,
285 0xf40e35855771202aUL, 0x106aa07032bbd1b8UL,
286 0x19a4c116b8d2d0c8UL, 0x1e376c085141ab53UL,
287 0x2748774cdf8eeb99UL, 0x34b0bcb5e19b48a8UL,
288 0x391c0cb3c5c95a63UL, 0x4ed8aa4ae3418acbUL,
289 0x5b9cca4f7763e373UL, 0x682e6ff3d6b2b8a3UL,
290 0x748f82ee5defb2fcUL, 0x78a5636f43172f60UL,
291 0x84c87814a1f0ab72UL, 0x8cc702081a6439ecUL,
292 0x90befffa23631e28UL, 0xa4506cebde82bde9UL,
293 0xbef9a3f7b2c67915UL, 0xc67178f2e372532bUL,
294 0xca273eceea26619cUL, 0xd186b8c721c0c207UL,
295 0xeada7dd6cde0eb1eUL, 0xf57d4f7fee6ed178UL,
296 0x06f067aa72176fbaUL, 0x0a637dc5a2c898a6UL,
297 0x113f9804bef90daeUL, 0x1b710b35131c471bUL,
298 0x28db77f523047d84UL, 0x32caab7b40c72493UL,
299 0x3c9ebe0a15c9bebcUL, 0x431d67c49c100d4cUL,
300 0x4cc5d4becb3e42b6UL, 0x597f299cfc657e2aUL,
301 0x5fcb6fab3ad6faecUL, 0x6c44198c4a475817UL
302 };
303
304 /* Initial hash value H for SHA-384: */
305 static const isc_uint64_t sha384_initial_hash_value[8] = {
306 0xcbbb9d5dc1059ed8UL,
307 0x629a292a367cd507UL,
308 0x9159015a3070dd17UL,
309 0x152fecd8f70e5939UL,
310 0x67332667ffc00b31UL,
311 0x8eb44a8768581511UL,
312 0xdb0c2e0d64f98fa7UL,
313 0x47b5481dbefa4fa4UL
314 };
315
316 /* Initial hash value H for SHA-512: */
317 static const isc_uint64_t sha512_initial_hash_value[8] = {
318 0x6a09e667f3bcc908U,
319 0xbb67ae8584caa73bUL,
320 0x3c6ef372fe94f82bUL,
321 0xa54ff53a5f1d36f1UL,
322 0x510e527fade682d1UL,
323 0x9b05688c2b3e6c1fUL,
324 0x1f83d9abfb41bd6bUL,
325 0x5be0cd19137e2179UL
326 };
327 #else
328 /* Hash constant words K for SHA-384 and SHA-512: */
329 static const isc_uint64_t K512[80] = {
330 0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL,
331 0xb5c0fbcfec4d3b2fULL, 0xe9b5dba58189dbbcULL,
332 0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL,
333 0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL,
334 0xd807aa98a3030242ULL, 0x12835b0145706fbeULL,
335 0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL,
336 0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL,
337 0x9bdc06a725c71235ULL, 0xc19bf174cf692694ULL,
338 0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL,
339 0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL,
340 0x2de92c6f592b0275ULL, 0x4a7484aa6ea6e483ULL,
341 0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL,
342 0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL,
343 0xb00327c898fb213fULL, 0xbf597fc7beef0ee4ULL,
344 0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL,
345 0x06ca6351e003826fULL, 0x142929670a0e6e70ULL,
346 0x27b70a8546d22ffcULL, 0x2e1b21385c26c926ULL,
347 0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL,
348 0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL,
349 0x81c2c92e47edaee6ULL, 0x92722c851482353bULL,
350 0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL,
351 0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL,
352 0xd192e819d6ef5218ULL, 0xd69906245565a910ULL,
353 0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL,
354 0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL,
355 0x2748774cdf8eeb99ULL, 0x34b0bcb5e19b48a8ULL,
356 0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL,
357 0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL,
358 0x748f82ee5defb2fcULL, 0x78a5636f43172f60ULL,
359 0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL,
360 0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL,
361 0xbef9a3f7b2c67915ULL, 0xc67178f2e372532bULL,
362 0xca273eceea26619cULL, 0xd186b8c721c0c207ULL,
363 0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL,
364 0x06f067aa72176fbaULL, 0x0a637dc5a2c898a6ULL,
365 0x113f9804bef90daeULL, 0x1b710b35131c471bULL,
366 0x28db77f523047d84ULL, 0x32caab7b40c72493ULL,
367 0x3c9ebe0a15c9bebcULL, 0x431d67c49c100d4cULL,
368 0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL,
369 0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL
370 };
371
372 /* Initial hash value H for SHA-384: */
373 static const isc_uint64_t sha384_initial_hash_value[8] = {
374 0xcbbb9d5dc1059ed8ULL,
375 0x629a292a367cd507ULL,
376 0x9159015a3070dd17ULL,
377 0x152fecd8f70e5939ULL,
378 0x67332667ffc00b31ULL,
379 0x8eb44a8768581511ULL,
380 0xdb0c2e0d64f98fa7ULL,
381 0x47b5481dbefa4fa4ULL
382 };
383
384 /* Initial hash value H for SHA-512: */
385 static const isc_uint64_t sha512_initial_hash_value[8] = {
386 0x6a09e667f3bcc908ULL,
387 0xbb67ae8584caa73bULL,
388 0x3c6ef372fe94f82bULL,
389 0xa54ff53a5f1d36f1ULL,
390 0x510e527fade682d1ULL,
391 0x9b05688c2b3e6c1fULL,
392 0x1f83d9abfb41bd6bULL,
393 0x5be0cd19137e2179ULL
394 };
395 #endif
396
397 /*
398 * Constant used by SHA256/384/512_End() functions for converting the
399 * digest to a readable hexadecimal character string:
400 */
401 static const char *sha2_hex_digits = "0123456789abcdef";
402
403
404
405 /*** SHA-224: *********************************************************/
406 void
407 isc_sha224_init(isc_sha224_t *context) {
408 if (context == (isc_sha256_t *)0) {
409 return;
410 }
411 memcpy(context->state, sha224_initial_hash_value,
412 ISC_SHA256_DIGESTLENGTH);
413 memset(context->buffer, 0, ISC_SHA256_BLOCK_LENGTH);
414 context->bitcount = 0;
415 }
416
417 void
418 isc_sha224_update(isc_sha224_t *context, const isc_uint8_t* data, size_t len) {
419 isc_sha256_update((isc_sha256_t *)context, data, len);
420 }
421
422 void
423 isc_sha224_final(isc_uint8_t digest[], isc_sha224_t *context) {
424 isc_uint8_t sha256_digest[ISC_SHA256_DIGESTLENGTH];
425 isc_sha256_final(sha256_digest, (isc_sha256_t *)context);
426 memcpy(digest, sha256_digest, ISC_SHA224_DIGESTLENGTH);
427 memset(sha256_digest, 0, ISC_SHA256_DIGESTLENGTH);
428 }
429
430 char *
431 isc_sha224_end(isc_sha224_t *context, char buffer[]) {
432 isc_uint8_t digest[ISC_SHA224_DIGESTLENGTH], *d = digest;
433 unsigned int i;
434
435 /* Sanity check: */
436 REQUIRE(context != (isc_sha224_t *)0);
437
438 if (buffer != (char*)0) {
439 isc_sha224_final(digest, context);
440
441 for (i = 0; i < ISC_SHA224_DIGESTLENGTH; i++) {
442 *buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4];
443 *buffer++ = sha2_hex_digits[*d & 0x0f];
444 d++;
445 }
446 *buffer = (char)0;
447 } else {
448 memset(context, 0, sizeof(context));
449 }
450 memset(digest, 0, ISC_SHA224_DIGESTLENGTH);
451 return buffer;
452 }
453
454 char*
455 isc_sha224_data(const isc_uint8_t *data, size_t len,
456 char digest[ISC_SHA224_DIGESTSTRINGLENGTH])
457 {
458 isc_sha224_t context;
459
460 isc_sha224_init(&context);
461 isc_sha224_update(&context, data, len);
462 return (isc_sha224_end(&context, digest));
463 }
464
465 /*** SHA-256: *********************************************************/
466 void
467 isc_sha256_init(isc_sha256_t *context) {
468 if (context == (isc_sha256_t *)0) {
469 return;
470 }
471 memcpy(context->state, sha256_initial_hash_value,
472 ISC_SHA256_DIGESTLENGTH);
473 memset(context->buffer, 0, ISC_SHA256_BLOCK_LENGTH);
474 context->bitcount = 0;
475 }
476
477 #ifdef ISC_SHA2_UNROLL_TRANSFORM
478
479 /* Unrolled SHA-256 round macros: */
480
481 #if BYTE_ORDER == LITTLE_ENDIAN
482
483 #define ROUND256_0_TO_15(a,b,c,d,e,f,g,h) \
484 REVERSE32(*data++, W256[j]); \
485 T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + \
486 K256[j] + W256[j]; \
487 (d) += T1; \
488 (h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \
489 j++
490
491
492 #else /* BYTE_ORDER == LITTLE_ENDIAN */
493
494 #define ROUND256_0_TO_15(a,b,c,d,e,f,g,h) \
495 T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + \
496 K256[j] + (W256[j] = *data++); \
497 (d) += T1; \
498 (h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \
499 j++
500
501 #endif /* BYTE_ORDER == LITTLE_ENDIAN */
502
503 #define ROUND256(a,b,c,d,e,f,g,h) \
504 s0 = W256[(j+1)&0x0f]; \
505 s0 = sigma0_256(s0); \
506 s1 = W256[(j+14)&0x0f]; \
507 s1 = sigma1_256(s1); \
508 T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + K256[j] + \
509 (W256[j&0x0f] += s1 + W256[(j+9)&0x0f] + s0); \
510 (d) += T1; \
511 (h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \
512 j++
513
514 void isc_sha256_transform(isc_sha256_t *context, const isc_uint32_t* data) {
515 isc_uint32_t a, b, c, d, e, f, g, h, s0, s1;
516 isc_uint32_t T1, *W256;
517 int j;
518
519 W256 = (isc_uint32_t*)context->buffer;
520
521 /* Initialize registers with the prev. intermediate value */
522 a = context->state[0];
523 b = context->state[1];
524 c = context->state[2];
525 d = context->state[3];
526 e = context->state[4];
527 f = context->state[5];
528 g = context->state[6];
529 h = context->state[7];
530
531 j = 0;
532 do {
533 /* Rounds 0 to 15 (unrolled): */
534 ROUND256_0_TO_15(a,b,c,d,e,f,g,h);
535 ROUND256_0_TO_15(h,a,b,c,d,e,f,g);
536 ROUND256_0_TO_15(g,h,a,b,c,d,e,f);
537 ROUND256_0_TO_15(f,g,h,a,b,c,d,e);
538 ROUND256_0_TO_15(e,f,g,h,a,b,c,d);
539 ROUND256_0_TO_15(d,e,f,g,h,a,b,c);
540 ROUND256_0_TO_15(c,d,e,f,g,h,a,b);
541 ROUND256_0_TO_15(b,c,d,e,f,g,h,a);
542 } while (j < 16);
543
544 /* Now for the remaining rounds to 64: */
545 do {
546 ROUND256(a,b,c,d,e,f,g,h);
547 ROUND256(h,a,b,c,d,e,f,g);
548 ROUND256(g,h,a,b,c,d,e,f);
549 ROUND256(f,g,h,a,b,c,d,e);
550 ROUND256(e,f,g,h,a,b,c,d);
551 ROUND256(d,e,f,g,h,a,b,c);
552 ROUND256(c,d,e,f,g,h,a,b);
553 ROUND256(b,c,d,e,f,g,h,a);
554 } while (j < 64);
555
556 /* Compute the current intermediate hash value */
557 context->state[0] += a;
558 context->state[1] += b;
559 context->state[2] += c;
560 context->state[3] += d;
561 context->state[4] += e;
562 context->state[5] += f;
563 context->state[6] += g;
564 context->state[7] += h;
565
566 /* Clean up */
567 a = b = c = d = e = f = g = h = T1 = 0;
568 }
569
570 #else /* ISC_SHA2_UNROLL_TRANSFORM */
571
572 void
573 isc_sha256_transform(isc_sha256_t *context, const isc_uint32_t* data) {
574 isc_uint32_t a, b, c, d, e, f, g, h, s0, s1;
575 isc_uint32_t T1, T2, *W256;
576 int j;
577
578 W256 = (isc_uint32_t*)context->buffer;
579
580 /* Initialize registers with the prev. intermediate value */
581 a = context->state[0];
582 b = context->state[1];
583 c = context->state[2];
584 d = context->state[3];
585 e = context->state[4];
586 f = context->state[5];
587 g = context->state[6];
588 h = context->state[7];
589
590 j = 0;
591 do {
592 #if BYTE_ORDER == LITTLE_ENDIAN
593 /* Copy data while converting to host byte order */
594 REVERSE32(*data++,W256[j]);
595 /* Apply the SHA-256 compression function to update a..h */
596 T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + W256[j];
597 #else /* BYTE_ORDER == LITTLE_ENDIAN */
598 /* Apply the SHA-256 compression function to update a..h with copy */
599 T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + (W256[j] = *data++);
600 #endif /* BYTE_ORDER == LITTLE_ENDIAN */
601 T2 = Sigma0_256(a) + Maj(a, b, c);
602 h = g;
603 g = f;
604 f = e;
605 e = d + T1;
606 d = c;
607 c = b;
608 b = a;
609 a = T1 + T2;
610
611 j++;
612 } while (j < 16);
613
614 do {
615 /* Part of the message block expansion: */
616 s0 = W256[(j+1)&0x0f];
617 s0 = sigma0_256(s0);
618 s1 = W256[(j+14)&0x0f];
619 s1 = sigma1_256(s1);
620
621 /* Apply the SHA-256 compression function to update a..h */
622 T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] +
623 (W256[j&0x0f] += s1 + W256[(j+9)&0x0f] + s0);
624 T2 = Sigma0_256(a) + Maj(a, b, c);
625 h = g;
626 g = f;
627 f = e;
628 e = d + T1;
629 d = c;
630 c = b;
631 b = a;
632 a = T1 + T2;
633
634 j++;
635 } while (j < 64);
636
637 /* Compute the current intermediate hash value */
638 context->state[0] += a;
639 context->state[1] += b;
640 context->state[2] += c;
641 context->state[3] += d;
642 context->state[4] += e;
643 context->state[5] += f;
644 context->state[6] += g;
645 context->state[7] += h;
646
647 /* Clean up */
648 a = b = c = d = e = f = g = h = T1 = T2 = 0;
649 }
650
651 #endif /* ISC_SHA2_UNROLL_TRANSFORM */
652
653 void
654 isc_sha256_update(isc_sha256_t *context, const isc_uint8_t *data, size_t len) {
655 unsigned int freespace, usedspace;
656
657 if (len == 0U) {
658 /* Calling with no data is valid - we do nothing */
659 return;
660 }
661
662 /* Sanity check: */
663 REQUIRE(context != (isc_sha256_t *)0 && data != (isc_uint8_t*)0);
664
665 usedspace = (unsigned int)((context->bitcount >> 3) %
666 ISC_SHA256_BLOCK_LENGTH);
667 if (usedspace > 0) {
668 /* Calculate how much free space is available in the buffer */
669 freespace = ISC_SHA256_BLOCK_LENGTH - usedspace;
670
671 if (len >= freespace) {
672 /* Fill the buffer completely and process it */
673 memcpy(&context->buffer[usedspace], data, freespace);
674 context->bitcount += freespace << 3;
675 len -= freespace;
676 data += freespace;
677 isc_sha256_transform(context,
678 (isc_uint32_t*)context->buffer);
679 } else {
680 /* The buffer is not yet full */
681 memcpy(&context->buffer[usedspace], data, len);
682 context->bitcount += len << 3;
683 /* Clean up: */
684 usedspace = freespace = 0;
685 return;
686 }
687 }
688 while (len >= ISC_SHA256_BLOCK_LENGTH) {
689 /* Process as many complete blocks as we can */
690 memcpy(context->buffer, data, ISC_SHA256_BLOCK_LENGTH);
691 isc_sha256_transform(context, (isc_uint32_t*)context->buffer);
692 context->bitcount += ISC_SHA256_BLOCK_LENGTH << 3;
693 len -= ISC_SHA256_BLOCK_LENGTH;
694 data += ISC_SHA256_BLOCK_LENGTH;
695 }
696 if (len > 0U) {
697 /* There's left-overs, so save 'em */
698 memcpy(context->buffer, data, len);
699 context->bitcount += len << 3;
700 }
701 /* Clean up: */
702 usedspace = freespace = 0;
703 }
704
705 void
706 isc_sha256_final(isc_uint8_t digest[], isc_sha256_t *context) {
707 isc_uint32_t *d = (isc_uint32_t*)digest;
708 unsigned int usedspace;
709
710 /* Sanity check: */
711 REQUIRE(context != (isc_sha256_t *)0);
712
713 /* If no digest buffer is passed, we don't bother doing this: */
714 if (digest != (isc_uint8_t*)0) {
715 usedspace = (unsigned int)((context->bitcount >> 3) %
716 ISC_SHA256_BLOCK_LENGTH);
717 #if BYTE_ORDER == LITTLE_ENDIAN
718 /* Convert FROM host byte order */
719 REVERSE64(context->bitcount,context->bitcount);
720 #endif
721 if (usedspace > 0) {
722 /* Begin padding with a 1 bit: */
723 context->buffer[usedspace++] = 0x80;
724
725 if (usedspace <= ISC_SHA256_SHORT_BLOCK_LENGTH) {
726 /* Set-up for the last transform: */
727 memset(&context->buffer[usedspace], 0,
728 ISC_SHA256_SHORT_BLOCK_LENGTH - usedspace);
729 } else {
730 if (usedspace < ISC_SHA256_BLOCK_LENGTH) {
731 memset(&context->buffer[usedspace], 0,
732 ISC_SHA256_BLOCK_LENGTH -
733 usedspace);
734 }
735 /* Do second-to-last transform: */
736 isc_sha256_transform(context,
737 (isc_uint32_t*)context->buffer);
738
739 /* And set-up for the last transform: */
740 memset(context->buffer, 0,
741 ISC_SHA256_SHORT_BLOCK_LENGTH);
742 }
743 } else {
744 /* Set-up for the last transform: */
745 memset(context->buffer, 0, ISC_SHA256_SHORT_BLOCK_LENGTH);
746
747 /* Begin padding with a 1 bit: */
748 *context->buffer = 0x80;
749 }
750 /* Set the bit count: */
751 *(isc_uint64_t*)&context->buffer[ISC_SHA256_SHORT_BLOCK_LENGTH] = context->bitcount;
752
753 /* Final transform: */
754 isc_sha256_transform(context, (isc_uint32_t*)context->buffer);
755
756 #if BYTE_ORDER == LITTLE_ENDIAN
757 {
758 /* Convert TO host byte order */
759 int j;
760 for (j = 0; j < 8; j++) {
761 REVERSE32(context->state[j],context->state[j]);
762 *d++ = context->state[j];
763 }
764 }
765 #else
766 memcpy(d, context->state, ISC_SHA256_DIGESTLENGTH);
767 #endif
768 }
769
770 /* Clean up state data: */
771 memset(context, 0, sizeof(context));
772 usedspace = 0;
773 }
774
775 char *
776 isc_sha256_end(isc_sha256_t *context, char buffer[]) {
777 isc_uint8_t digest[ISC_SHA256_DIGESTLENGTH], *d = digest;
778 unsigned int i;
779
780 /* Sanity check: */
781 REQUIRE(context != (isc_sha256_t *)0);
782
783 if (buffer != (char*)0) {
784 isc_sha256_final(digest, context);
785
786 for (i = 0; i < ISC_SHA256_DIGESTLENGTH; i++) {
787 *buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4];
788 *buffer++ = sha2_hex_digits[*d & 0x0f];
789 d++;
790 }
791 *buffer = (char)0;
792 } else {
793 memset(context, 0, sizeof(context));
794 }
795 memset(digest, 0, ISC_SHA256_DIGESTLENGTH);
796 return buffer;
797 }
798
799 char *
800 isc_sha256_data(const isc_uint8_t* data, size_t len,
801 char digest[ISC_SHA256_DIGESTSTRINGLENGTH])
802 {
803 isc_sha256_t context;
804
805 isc_sha256_init(&context);
806 isc_sha256_update(&context, data, len);
807 return (isc_sha256_end(&context, digest));
808 }
809
810
811 /*** SHA-512: *********************************************************/
812 void
813 isc_sha512_init(isc_sha512_t *context) {
814 if (context == (isc_sha512_t *)0) {
815 return;
816 }
817 memcpy(context->state, sha512_initial_hash_value,
818 ISC_SHA512_DIGESTLENGTH);
819 memset(context->buffer, 0, ISC_SHA512_BLOCK_LENGTH);
820 context->bitcount[0] = context->bitcount[1] = 0;
821 }
822
823 #ifdef ISC_SHA2_UNROLL_TRANSFORM
824
825 /* Unrolled SHA-512 round macros: */
826 #if BYTE_ORDER == LITTLE_ENDIAN
827
828 #define ROUND512_0_TO_15(a,b,c,d,e,f,g,h) \
829 REVERSE64(*data++, W512[j]); \
830 T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + \
831 K512[j] + W512[j]; \
832 (d) += T1, \
833 (h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)), \
834 j++
835
836
837 #else /* BYTE_ORDER == LITTLE_ENDIAN */
838
839 #define ROUND512_0_TO_15(a,b,c,d,e,f,g,h) \
840 T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + \
841 K512[j] + (W512[j] = *data++); \
842 (d) += T1; \
843 (h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)); \
844 j++
845
846 #endif /* BYTE_ORDER == LITTLE_ENDIAN */
847
848 #define ROUND512(a,b,c,d,e,f,g,h) \
849 s0 = W512[(j+1)&0x0f]; \
850 s0 = sigma0_512(s0); \
851 s1 = W512[(j+14)&0x0f]; \
852 s1 = sigma1_512(s1); \
853 T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + K512[j] + \
854 (W512[j&0x0f] += s1 + W512[(j+9)&0x0f] + s0); \
855 (d) += T1; \
856 (h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)); \
857 j++
858
859 void isc_sha512_transform(isc_sha512_t *context, const isc_uint64_t* data) {
860 isc_uint64_t a, b, c, d, e, f, g, h, s0, s1;
861 isc_uint64_t T1, *W512 = (isc_uint64_t*)context->buffer;
862 int j;
863
864 /* Initialize registers with the prev. intermediate value */
865 a = context->state[0];
866 b = context->state[1];
867 c = context->state[2];
868 d = context->state[3];
869 e = context->state[4];
870 f = context->state[5];
871 g = context->state[6];
872 h = context->state[7];
873
874 j = 0;
875 do {
876 ROUND512_0_TO_15(a,b,c,d,e,f,g,h);
877 ROUND512_0_TO_15(h,a,b,c,d,e,f,g);
878 ROUND512_0_TO_15(g,h,a,b,c,d,e,f);
879 ROUND512_0_TO_15(f,g,h,a,b,c,d,e);
880 ROUND512_0_TO_15(e,f,g,h,a,b,c,d);
881 ROUND512_0_TO_15(d,e,f,g,h,a,b,c);
882 ROUND512_0_TO_15(c,d,e,f,g,h,a,b);
883 ROUND512_0_TO_15(b,c,d,e,f,g,h,a);
884 } while (j < 16);
885
886 /* Now for the remaining rounds up to 79: */
887 do {
888 ROUND512(a,b,c,d,e,f,g,h);
889 ROUND512(h,a,b,c,d,e,f,g);
890 ROUND512(g,h,a,b,c,d,e,f);
891 ROUND512(f,g,h,a,b,c,d,e);
892 ROUND512(e,f,g,h,a,b,c,d);
893 ROUND512(d,e,f,g,h,a,b,c);
894 ROUND512(c,d,e,f,g,h,a,b);
895 ROUND512(b,c,d,e,f,g,h,a);
896 } while (j < 80);
897
898 /* Compute the current intermediate hash value */
899 context->state[0] += a;
900 context->state[1] += b;
901 context->state[2] += c;
902 context->state[3] += d;
903 context->state[4] += e;
904 context->state[5] += f;
905 context->state[6] += g;
906 context->state[7] += h;
907
908 /* Clean up */
909 a = b = c = d = e = f = g = h = T1 = 0;
910 }
911
912 #else /* ISC_SHA2_UNROLL_TRANSFORM */
913
914 void
915 isc_sha512_transform(isc_sha512_t *context, const isc_uint64_t* data) {
916 isc_uint64_t a, b, c, d, e, f, g, h, s0, s1;
917 isc_uint64_t T1, T2, *W512 = (isc_uint64_t*)context->buffer;
918 int j;
919
920 /* Initialize registers with the prev. intermediate value */
921 a = context->state[0];
922 b = context->state[1];
923 c = context->state[2];
924 d = context->state[3];
925 e = context->state[4];
926 f = context->state[5];
927 g = context->state[6];
928 h = context->state[7];
929
930 j = 0;
931 do {
932 #if BYTE_ORDER == LITTLE_ENDIAN
933 /* Convert TO host byte order */
934 REVERSE64(*data++, W512[j]);
935 /* Apply the SHA-512 compression function to update a..h */
936 T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + W512[j];
937 #else /* BYTE_ORDER == LITTLE_ENDIAN */
938 /* Apply the SHA-512 compression function to update a..h with copy */
939 T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + (W512[j] = *data++);
940 #endif /* BYTE_ORDER == LITTLE_ENDIAN */
941 T2 = Sigma0_512(a) + Maj(a, b, c);
942 h = g;
943 g = f;
944 f = e;
945 e = d + T1;
946 d = c;
947 c = b;
948 b = a;
949 a = T1 + T2;
950
951 j++;
952 } while (j < 16);
953
954 do {
955 /* Part of the message block expansion: */
956 s0 = W512[(j+1)&0x0f];
957 s0 = sigma0_512(s0);
958 s1 = W512[(j+14)&0x0f];
959 s1 = sigma1_512(s1);
960
961 /* Apply the SHA-512 compression function to update a..h */
962 T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] +
963 (W512[j&0x0f] += s1 + W512[(j+9)&0x0f] + s0);
964 T2 = Sigma0_512(a) + Maj(a, b, c);
965 h = g;
966 g = f;
967 f = e;
968 e = d + T1;
969 d = c;
970 c = b;
971 b = a;
972 a = T1 + T2;
973
974 j++;
975 } while (j < 80);
976
977 /* Compute the current intermediate hash value */
978 context->state[0] += a;
979 context->state[1] += b;
980 context->state[2] += c;
981 context->state[3] += d;
982 context->state[4] += e;
983 context->state[5] += f;
984 context->state[6] += g;
985 context->state[7] += h;
986
987 /* Clean up */
988 a = b = c = d = e = f = g = h = T1 = T2 = 0;
989 }
990
991 #endif /* ISC_SHA2_UNROLL_TRANSFORM */
992
993 void isc_sha512_update(isc_sha512_t *context, const isc_uint8_t *data, size_t len) {
994 unsigned int freespace, usedspace;
995
996 if (len == 0U) {
997 /* Calling with no data is valid - we do nothing */
998 return;
999 }
1000
1001 /* Sanity check: */
1002 REQUIRE(context != (isc_sha512_t *)0 && data != (isc_uint8_t*)0);
1003
1004 usedspace = (unsigned int)((context->bitcount[0] >> 3) %
1005 ISC_SHA512_BLOCK_LENGTH);
1006 if (usedspace > 0) {
1007 /* Calculate how much free space is available in the buffer */
1008 freespace = ISC_SHA512_BLOCK_LENGTH - usedspace;
1009
1010 if (len >= freespace) {
1011 /* Fill the buffer completely and process it */
1012 memcpy(&context->buffer[usedspace], data, freespace);
1013 ADDINC128(context->bitcount, freespace << 3);
1014 len -= freespace;
1015 data += freespace;
1016 isc_sha512_transform(context,
1017 (isc_uint64_t*)context->buffer);
1018 } else {
1019 /* The buffer is not yet full */
1020 memcpy(&context->buffer[usedspace], data, len);
1021 ADDINC128(context->bitcount, len << 3);
1022 /* Clean up: */
1023 usedspace = freespace = 0;
1024 return;
1025 }
1026 }
1027 while (len >= ISC_SHA512_BLOCK_LENGTH) {
1028 /* Process as many complete blocks as we can */
1029 memcpy(context->buffer, data, ISC_SHA512_BLOCK_LENGTH);
1030 isc_sha512_transform(context, (isc_uint64_t*)context->buffer);
1031 ADDINC128(context->bitcount, ISC_SHA512_BLOCK_LENGTH << 3);
1032 len -= ISC_SHA512_BLOCK_LENGTH;
1033 data += ISC_SHA512_BLOCK_LENGTH;
1034 }
1035 if (len > 0U) {
1036 /* There's left-overs, so save 'em */
1037 memcpy(context->buffer, data, len);
1038 ADDINC128(context->bitcount, len << 3);
1039 }
1040 /* Clean up: */
1041 usedspace = freespace = 0;
1042 }
1043
1044 void isc_sha512_last(isc_sha512_t *context) {
1045 unsigned int usedspace;
1046
1047 usedspace = (unsigned int)((context->bitcount[0] >> 3) %
1048 ISC_SHA512_BLOCK_LENGTH);
1049 #if BYTE_ORDER == LITTLE_ENDIAN
1050 /* Convert FROM host byte order */
1051 REVERSE64(context->bitcount[0],context->bitcount[0]);
1052 REVERSE64(context->bitcount[1],context->bitcount[1]);
1053 #endif
1054 if (usedspace > 0) {
1055 /* Begin padding with a 1 bit: */
1056 context->buffer[usedspace++] = 0x80;
1057
1058 if (usedspace <= ISC_SHA512_SHORT_BLOCK_LENGTH) {
1059 /* Set-up for the last transform: */
1060 memset(&context->buffer[usedspace], 0,
1061 ISC_SHA512_SHORT_BLOCK_LENGTH - usedspace);
1062 } else {
1063 if (usedspace < ISC_SHA512_BLOCK_LENGTH) {
1064 memset(&context->buffer[usedspace], 0,
1065 ISC_SHA512_BLOCK_LENGTH - usedspace);
1066 }
1067 /* Do second-to-last transform: */
1068 isc_sha512_transform(context,
1069 (isc_uint64_t*)context->buffer);
1070
1071 /* And set-up for the last transform: */
1072 memset(context->buffer, 0, ISC_SHA512_BLOCK_LENGTH - 2);
1073 }
1074 } else {
1075 /* Prepare for final transform: */
1076 memset(context->buffer, 0, ISC_SHA512_SHORT_BLOCK_LENGTH);
1077
1078 /* Begin padding with a 1 bit: */
1079 *context->buffer = 0x80;
1080 }
1081 /* Store the length of input data (in bits): */
1082 *(isc_uint64_t*)&context->buffer[ISC_SHA512_SHORT_BLOCK_LENGTH] = context->bitcount[1];
1083 *(isc_uint64_t*)&context->buffer[ISC_SHA512_SHORT_BLOCK_LENGTH+8] = context->bitcount[0];
1084
1085 /* Final transform: */
1086 isc_sha512_transform(context, (isc_uint64_t*)context->buffer);
1087 }
1088
1089 void isc_sha512_final(isc_uint8_t digest[], isc_sha512_t *context) {
1090 isc_uint64_t *d = (isc_uint64_t*)digest;
1091
1092 /* Sanity check: */
1093 REQUIRE(context != (isc_sha512_t *)0);
1094
1095 /* If no digest buffer is passed, we don't bother doing this: */
1096 if (digest != (isc_uint8_t*)0) {
1097 isc_sha512_last(context);
1098
1099 /* Save the hash data for output: */
1100 #if BYTE_ORDER == LITTLE_ENDIAN
1101 {
1102 /* Convert TO host byte order */
1103 int j;
1104 for (j = 0; j < 8; j++) {
1105 REVERSE64(context->state[j],context->state[j]);
1106 *d++ = context->state[j];
1107 }
1108 }
1109 #else
1110 memcpy(d, context->state, ISC_SHA512_DIGESTLENGTH);
1111 #endif
1112 }
1113
1114 /* Zero out state data */
1115 memset(context, 0, sizeof(context));
1116 }
1117
1118 char *
1119 isc_sha512_end(isc_sha512_t *context, char buffer[]) {
1120 isc_uint8_t digest[ISC_SHA512_DIGESTLENGTH], *d = digest;
1121 unsigned int i;
1122
1123 /* Sanity check: */
1124 REQUIRE(context != (isc_sha512_t *)0);
1125
1126 if (buffer != (char*)0) {
1127 isc_sha512_final(digest, context);
1128
1129 for (i = 0; i < ISC_SHA512_DIGESTLENGTH; i++) {
1130 *buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4];
1131 *buffer++ = sha2_hex_digits[*d & 0x0f];
1132 d++;
1133 }
1134 *buffer = (char)0;
1135 } else {
1136 memset(context, 0, sizeof(context));
1137 }
1138 memset(digest, 0, ISC_SHA512_DIGESTLENGTH);
1139 return buffer;
1140 }
1141
1142 char *
1143 isc_sha512_data(const isc_uint8_t *data, size_t len,
1144 char digest[ISC_SHA512_DIGESTSTRINGLENGTH])
1145 {
1146 isc_sha512_t context;
1147
1148 isc_sha512_init(&context);
1149 isc_sha512_update(&context, data, len);
1150 return (isc_sha512_end(&context, digest));
1151 }
1152
1153
1154 /*** SHA-384: *********************************************************/
1155 void
1156 isc_sha384_init(isc_sha384_t *context) {
1157 if (context == (isc_sha384_t *)0) {
1158 return;
1159 }
1160 memcpy(context->state, sha384_initial_hash_value,
1161 ISC_SHA512_DIGESTLENGTH);
1162 memset(context->buffer, 0, ISC_SHA384_BLOCK_LENGTH);
1163 context->bitcount[0] = context->bitcount[1] = 0;
1164 }
1165
1166 void
1167 isc_sha384_update(isc_sha384_t *context, const isc_uint8_t* data, size_t len) {
1168 isc_sha512_update((isc_sha512_t *)context, data, len);
1169 }
1170
1171 void
1172 isc_sha384_final(isc_uint8_t digest[], isc_sha384_t *context) {
1173 isc_uint64_t *d = (isc_uint64_t*)digest;
1174
1175 /* Sanity check: */
1176 REQUIRE(context != (isc_sha384_t *)0);
1177
1178 /* If no digest buffer is passed, we don't bother doing this: */
1179 if (digest != (isc_uint8_t*)0) {
1180 isc_sha512_last((isc_sha512_t *)context);
1181
1182 /* Save the hash data for output: */
1183 #if BYTE_ORDER == LITTLE_ENDIAN
1184 {
1185 /* Convert TO host byte order */
1186 int j;
1187 for (j = 0; j < 6; j++) {
1188 REVERSE64(context->state[j],context->state[j]);
1189 *d++ = context->state[j];
1190 }
1191 }
1192 #else
1193 memcpy(d, context->state, ISC_SHA384_DIGESTLENGTH);
1194 #endif
1195 }
1196
1197 /* Zero out state data */
1198 memset(context, 0, sizeof(context));
1199 }
1200
1201 char *
1202 isc_sha384_end(isc_sha384_t *context, char buffer[]) {
1203 isc_uint8_t digest[ISC_SHA384_DIGESTLENGTH], *d = digest;
1204 unsigned int i;
1205
1206 /* Sanity check: */
1207 REQUIRE(context != (isc_sha384_t *)0);
1208
1209 if (buffer != (char*)0) {
1210 isc_sha384_final(digest, context);
1211
1212 for (i = 0; i < ISC_SHA384_DIGESTLENGTH; i++) {
1213 *buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4];
1214 *buffer++ = sha2_hex_digits[*d & 0x0f];
1215 d++;
1216 }
1217 *buffer = (char)0;
1218 } else {
1219 memset(context, 0, sizeof(context));
1220 }
1221 memset(digest, 0, ISC_SHA384_DIGESTLENGTH);
1222 return buffer;
1223 }
1224
1225 char*
1226 isc_sha384_data(const isc_uint8_t *data, size_t len,
1227 char digest[ISC_SHA384_DIGESTSTRINGLENGTH])
1228 {
1229 isc_sha384_t context;
1230
1231 isc_sha384_init(&context);
1232 isc_sha384_update(&context, data, len);
1233 return (isc_sha384_end(&context, digest));
1234 }
DragonFly BSD