digest 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,14 @@
1
+ #define COMMON_DIGEST_FOR_OPENSSL 1
2
+ #include <CommonCrypto/CommonDigest.h>
3
+
4
+ #define SHA1_BLOCK_LENGTH CC_SHA1_BLOCK_BYTES
5
+ #define SHA1_DIGEST_LENGTH CC_SHA1_DIGEST_LENGTH
6
+ #define SHA1_CTX CC_SHA1_CTX
7
+
8
+ static DEFINE_UPDATE_FUNC_FOR_UINT(SHA1)
9
+ static DEFINE_FINISH_FUNC_FROM_FINAL(SHA1)
10
+
11
+ #undef SHA1_Update
12
+ #undef SHA1_Finish
13
+ #define SHA1_Update rb_digest_SHA1_update
14
+ #define SHA1_Finish rb_digest_SHA1_finish
@@ -0,0 +1,66 @@
1
+ /* $RoughId: sha1init.c,v 1.2 2001/07/13 19:49:10 knu Exp $ */
2
+ /* $Id$ */
3
+
4
+ #include <ruby/ruby.h>
5
+ #include "../digest.h"
6
+ #if defined(SHA1_USE_COMMONDIGEST)
7
+ #include "sha1cc.h"
8
+ #else
9
+ #include "sha1.h"
10
+ #endif
11
+
12
+ static const rb_digest_metadata_t sha1 = {
13
+ RUBY_DIGEST_API_VERSION,
14
+ SHA1_DIGEST_LENGTH,
15
+ SHA1_BLOCK_LENGTH,
16
+ sizeof(SHA1_CTX),
17
+ (rb_digest_hash_init_func_t)SHA1_Init,
18
+ (rb_digest_hash_update_func_t)SHA1_Update,
19
+ (rb_digest_hash_finish_func_t)SHA1_Finish,
20
+ };
21
+
22
+ /*
23
+ * Document-class: Digest::SHA1 < Digest::Base
24
+ * A class for calculating message digests using the SHA-1 Secure Hash
25
+ * Algorithm by NIST (the US' National Institute of Standards and
26
+ * Technology), described in FIPS PUB 180-1.
27
+ *
28
+ * See Digest::Instance for digest API.
29
+ *
30
+ * SHA-1 calculates a digest of 160 bits (20 bytes).
31
+ *
32
+ * == Examples
33
+ * require 'digest'
34
+ *
35
+ * # Compute a complete digest
36
+ * Digest::SHA1.hexdigest 'abc' #=> "a9993e36..."
37
+ *
38
+ * # Compute digest by chunks
39
+ * sha1 = Digest::SHA1.new # =>#<Digest::SHA1>
40
+ * sha1.update "ab"
41
+ * sha1 << "c" # alias for #update
42
+ * sha1.hexdigest # => "a9993e36..."
43
+ *
44
+ * # Use the same object to compute another digest
45
+ * sha1.reset
46
+ * sha1 << "message"
47
+ * sha1.hexdigest # => "6f9b9af3..."
48
+ */
49
+ void
50
+ Init_sha1(void)
51
+ {
52
+ VALUE mDigest, cDigest_Base, cDigest_SHA1;
53
+
54
+ #if 0
55
+ mDigest = rb_define_module("Digest"); /* let rdoc know */
56
+ #endif
57
+ mDigest = rb_digest_namespace();
58
+ cDigest_Base = rb_path2class("Digest::Base");
59
+
60
+ cDigest_SHA1 = rb_define_class_under(mDigest, "SHA1", cDigest_Base);
61
+
62
+ #undef RUBY_UNTYPED_DATA_WARNING
63
+ #define RUBY_UNTYPED_DATA_WARNING 0
64
+ rb_iv_set(cDigest_SHA1, "metadata",
65
+ Data_Wrap_Struct(0, 0, 0, (void *)&sha1));
66
+ }
@@ -0,0 +1,21 @@
1
+ # -*- coding: us-ascii -*-
2
+ # frozen_string_literal: false
3
+ # $RoughId: extconf.rb,v 1.4 2001/08/14 19:54:51 knu Exp $
4
+ # $Id$
5
+
6
+ require "mkmf"
7
+ require File.expand_path("../../digest_conf", __FILE__)
8
+
9
+ $defs << "-DHAVE_CONFIG_H"
10
+
11
+ $objs = [ "sha2init.#{$OBJEXT}" ]
12
+
13
+ unless digest_conf("sha2")
14
+ have_type("u_int8_t")
15
+ end
16
+
17
+ have_header("sys/cdefs.h")
18
+
19
+ $preload = %w[digest]
20
+
21
+ create_makefile("digest/sha2")
@@ -0,0 +1,142 @@
1
+ # frozen_string_literal: false
2
+ #--
3
+ # sha2.rb - defines Digest::SHA2 class which wraps up the SHA256,
4
+ # SHA384, and SHA512 classes.
5
+ #++
6
+ # Copyright (c) 2006 Akinori MUSHA <knu@iDaemons.org>
7
+ #
8
+ # All rights reserved. You can redistribute and/or modify it under the same
9
+ # terms as Ruby.
10
+ #
11
+ # $Id$
12
+
13
+ require 'digest'
14
+ require 'digest/sha2.so'
15
+
16
+ module Digest
17
+ #
18
+ # A meta digest provider class for SHA256, SHA384 and SHA512.
19
+ #
20
+ # FIPS 180-2 describes SHA2 family of digest algorithms. It defines
21
+ # three algorithms:
22
+ # * one which works on chunks of 512 bits and returns a 256-bit
23
+ # digest (SHA256),
24
+ # * one which works on chunks of 1024 bits and returns a 384-bit
25
+ # digest (SHA384),
26
+ # * and one which works on chunks of 1024 bits and returns a 512-bit
27
+ # digest (SHA512).
28
+ #
29
+ # ==Examples
30
+ # require 'digest'
31
+ #
32
+ # # Compute a complete digest
33
+ # Digest::SHA2.hexdigest 'abc' # => "ba7816bf8..."
34
+ # Digest::SHA2.new(256).hexdigest 'abc' # => "ba7816bf8..."
35
+ # Digest::SHA256.hexdigest 'abc' # => "ba7816bf8..."
36
+ #
37
+ # Digest::SHA2.new(384).hexdigest 'abc' # => "cb00753f4..."
38
+ # Digest::SHA384.hexdigest 'abc' # => "cb00753f4..."
39
+ #
40
+ # Digest::SHA2.new(512).hexdigest 'abc' # => "ddaf35a19..."
41
+ # Digest::SHA512.hexdigest 'abc' # => "ddaf35a19..."
42
+ #
43
+ # # Compute digest by chunks
44
+ # sha2 = Digest::SHA2.new # =>#<Digest::SHA2:256>
45
+ # sha2.update "ab"
46
+ # sha2 << "c" # alias for #update
47
+ # sha2.hexdigest # => "ba7816bf8..."
48
+ #
49
+ # # Use the same object to compute another digest
50
+ # sha2.reset
51
+ # sha2 << "message"
52
+ # sha2.hexdigest # => "ab530a13e..."
53
+ #
54
+ class SHA2 < Digest::Class
55
+ # call-seq:
56
+ # Digest::SHA2.new(bitlen = 256) -> digest_obj
57
+ #
58
+ # Create a new SHA2 hash object with a given bit length.
59
+ #
60
+ # Valid bit lengths are 256, 384 and 512.
61
+ def initialize(bitlen = 256)
62
+ case bitlen
63
+ when 256
64
+ @sha2 = Digest::SHA256.new
65
+ when 384
66
+ @sha2 = Digest::SHA384.new
67
+ when 512
68
+ @sha2 = Digest::SHA512.new
69
+ else
70
+ raise ArgumentError, "unsupported bit length: %s" % bitlen.inspect
71
+ end
72
+ @bitlen = bitlen
73
+ end
74
+
75
+ # call-seq:
76
+ # digest_obj.reset -> digest_obj
77
+ #
78
+ # Reset the digest to the initial state and return self.
79
+ def reset
80
+ @sha2.reset
81
+ self
82
+ end
83
+
84
+ # call-seq:
85
+ # digest_obj.update(string) -> digest_obj
86
+ # digest_obj << string -> digest_obj
87
+ #
88
+ # Update the digest using a given _string_ and return self.
89
+ def update(str)
90
+ @sha2.update(str)
91
+ self
92
+ end
93
+ alias << update
94
+
95
+ def finish # :nodoc:
96
+ @sha2.digest!
97
+ end
98
+ private :finish
99
+
100
+
101
+ # call-seq:
102
+ # digest_obj.block_length -> Integer
103
+ #
104
+ # Return the block length of the digest in bytes.
105
+ #
106
+ # Digest::SHA256.new.block_length * 8
107
+ # # => 512
108
+ # Digest::SHA384.new.block_length * 8
109
+ # # => 1024
110
+ # Digest::SHA512.new.block_length * 8
111
+ # # => 1024
112
+ def block_length
113
+ @sha2.block_length
114
+ end
115
+
116
+ # call-seq:
117
+ # digest_obj.digest_length -> Integer
118
+ #
119
+ # Return the length of the hash value (the digest) in bytes.
120
+ #
121
+ # Digest::SHA256.new.digest_length * 8
122
+ # # => 256
123
+ # Digest::SHA384.new.digest_length * 8
124
+ # # => 384
125
+ # Digest::SHA512.new.digest_length * 8
126
+ # # => 512
127
+ #
128
+ # For example, digests produced by Digest::SHA256 will always be 32 bytes
129
+ # (256 bits) in size.
130
+ def digest_length
131
+ @sha2.digest_length
132
+ end
133
+
134
+ def initialize_copy(other) # :nodoc:
135
+ @sha2 = other.instance_eval { @sha2.clone }
136
+ end
137
+
138
+ def inspect # :nodoc:
139
+ "#<%s:%d %s>" % [self.class.name, @bitlen, hexdigest]
140
+ end
141
+ end
142
+ end
@@ -0,0 +1,1081 @@
1
+ /*
2
+ * FILE: sha2.c
3
+ * AUTHOR: Aaron D. Gifford - http://www.aarongifford.com/
4
+ *
5
+ * Copyright (c) 2000-2001, Aaron D. Gifford
6
+ * All rights reserved.
7
+ *
8
+ * Redistribution and use in source and binary forms, with or without
9
+ * modification, are permitted provided that the following conditions
10
+ * are met:
11
+ * 1. Redistributions of source code must retain the above copyright
12
+ * notice, this list of conditions and the following disclaimer.
13
+ * 2. Redistributions in binary form must reproduce the above copyright
14
+ * notice, this list of conditions and the following disclaimer in the
15
+ * documentation and/or other materials provided with the distribution.
16
+ * 3. Neither the name of the copyright holder nor the names of contributors
17
+ * may be used to endorse or promote products derived from this software
18
+ * without specific prior written permission.
19
+ *
20
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTOR(S) ``AS IS'' AND
21
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTOR(S) BE LIABLE
24
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30
+ * SUCH DAMAGE.
31
+ *
32
+ * $OrigId: sha2.c,v 1.1 2001/11/08 00:01:51 adg Exp adg $
33
+ * $RoughId: sha2.c,v 1.3 2002/02/26 22:03:36 knu Exp $
34
+ * $Id$
35
+ */
36
+
37
+ #include "../defs.h"
38
+ #include <string.h> /* memcpy()/memset() or bcopy()/bzero() */
39
+ #include <assert.h> /* assert() */
40
+ #include "sha2.h"
41
+
42
+ /*
43
+ * ASSERT NOTE:
44
+ * Some sanity checking code is included using assert(). On my FreeBSD
45
+ * system, this additional code can be removed by compiling with NDEBUG
46
+ * defined. Check your own systems manpage on assert() to see how to
47
+ * compile WITHOUT the sanity checking code on your system.
48
+ *
49
+ * UNROLLED TRANSFORM LOOP NOTE:
50
+ * You can define SHA2_UNROLL_TRANSFORM to use the unrolled transform
51
+ * loop version for the hash transform rounds (defined using macros
52
+ * later in this file). Either define on the command line, for example:
53
+ *
54
+ * cc -DSHA2_UNROLL_TRANSFORM -o sha2 sha2.c sha2prog.c
55
+ *
56
+ * or define below:
57
+ *
58
+ * #define SHA2_UNROLL_TRANSFORM
59
+ *
60
+ */
61
+
62
+
63
+ /*** SHA-256/384/512 Machine Architecture Definitions *****************/
64
+ /*
65
+ * BYTE_ORDER NOTE:
66
+ *
67
+ * Please make sure that your system defines BYTE_ORDER. If your
68
+ * architecture is little-endian, make sure it also defines
69
+ * LITTLE_ENDIAN and that the two (BYTE_ORDER and LITTLE_ENDIAN) are
70
+ * equivalent.
71
+ *
72
+ * If your system does not define the above, then you can do so by
73
+ * hand like this:
74
+ *
75
+ * #define LITTLE_ENDIAN 1234
76
+ * #define BIG_ENDIAN 4321
77
+ *
78
+ * And for little-endian machines, add:
79
+ *
80
+ * #define BYTE_ORDER LITTLE_ENDIAN
81
+ *
82
+ * Or for big-endian machines:
83
+ *
84
+ * #define BYTE_ORDER BIG_ENDIAN
85
+ *
86
+ * The FreeBSD machine this was written on defines BYTE_ORDER
87
+ * appropriately by including <sys/types.h> (which in turn includes
88
+ * <machine/endian.h> where the appropriate definitions are actually
89
+ * made).
90
+ */
91
+ #if !defined(BYTE_ORDER) || (BYTE_ORDER != LITTLE_ENDIAN && BYTE_ORDER != BIG_ENDIAN)
92
+ #error Define BYTE_ORDER to be equal to either LITTLE_ENDIAN or BIG_ENDIAN
93
+ #endif
94
+
95
+ /*
96
+ * Define the followingsha2_* types to types of the correct length on
97
+ * the native archtecture. Most BSD systems and Linux define u_intXX_t
98
+ * types. Machines with very recent ANSI C headers, can use the
99
+ * uintXX_t definintions from inttypes.h by defining SHA2_USE_INTTYPES_H
100
+ * during compile or in the sha.h header file.
101
+ *
102
+ * Machines that support neither u_intXX_t nor inttypes.h's uintXX_t
103
+ * will need to define these three typedefs below (and the appropriate
104
+ * ones in sha.h too) by hand according to their system architecture.
105
+ *
106
+ * Thank you, Jun-ichiro itojun Hagino, for suggesting using u_intXX_t
107
+ * types and pointing out recent ANSI C support for uintXX_t in inttypes.h.
108
+ */
109
+ #ifdef SHA2_USE_INTTYPES_H
110
+
111
+ typedef uint8_t sha2_byte; /* Exactly 1 byte */
112
+ typedef uint32_t sha2_word32; /* Exactly 4 bytes */
113
+ typedef uint64_t sha2_word64; /* Exactly 8 bytes */
114
+
115
+ #else /* SHA2_USE_INTTYPES_H */
116
+
117
+ typedef u_int8_t sha2_byte; /* Exactly 1 byte */
118
+ typedef u_int32_t sha2_word32; /* Exactly 4 bytes */
119
+ typedef u_int64_t sha2_word64; /* Exactly 8 bytes */
120
+
121
+ #endif /* SHA2_USE_INTTYPES_H */
122
+
123
+
124
+ /*** SHA-256/384/512 Various Length Definitions ***********************/
125
+ /* NOTE: Most of these are in sha2.h */
126
+ #define SHA256_SHORT_BLOCK_LENGTH (SHA256_BLOCK_LENGTH - 8)
127
+ #define SHA384_SHORT_BLOCK_LENGTH (SHA384_BLOCK_LENGTH - 16)
128
+ #define SHA512_SHORT_BLOCK_LENGTH (SHA512_BLOCK_LENGTH - 16)
129
+
130
+
131
+ #if (defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L)) || defined(__GNUC__) || defined(_HPUX_SOURCE) || defined(__IBMC__)
132
+ #define ULL(number) number##ULL
133
+ #else
134
+ #define ULL(number) (uint64_t)(number)
135
+ #endif
136
+ /*** ENDIAN REVERSAL MACROS *******************************************/
137
+ #if BYTE_ORDER == LITTLE_ENDIAN
138
+ #define REVERSE32(w,x) { \
139
+ sha2_word32 tmp = (w); \
140
+ tmp = (tmp >> 16) | (tmp << 16); \
141
+ (x) = ((tmp & (sha2_word32)0xff00ff00UL) >> 8) | ((tmp & (sha2_word32)0x00ff00ffUL) << 8); \
142
+ }
143
+ #define REVERSE64(w,x) { \
144
+ sha2_word64 tmp = (w); \
145
+ tmp = (tmp >> 32) | (tmp << 32); \
146
+ tmp = ((tmp & ULL(0xff00ff00ff00ff00)) >> 8) | \
147
+ ((tmp & ULL(0x00ff00ff00ff00ff)) << 8); \
148
+ (x) = ((tmp & ULL(0xffff0000ffff0000)) >> 16) | \
149
+ ((tmp & ULL(0x0000ffff0000ffff)) << 16); \
150
+ }
151
+ #endif /* BYTE_ORDER == LITTLE_ENDIAN */
152
+
153
+ /*
154
+ * Macro for incrementally adding the unsigned 64-bit integer n to the
155
+ * unsigned 128-bit integer (represented using a two-element array of
156
+ * 64-bit words):
157
+ */
158
+ #define ADDINC128(w,n) { \
159
+ (w)[0] += (sha2_word64)(n); \
160
+ if ((w)[0] < (n)) { \
161
+ (w)[1]++; \
162
+ } \
163
+ }
164
+
165
+ /*
166
+ * Macros for copying blocks of memory and for zeroing out ranges
167
+ * of memory. Using these macros makes it easy to switch from
168
+ * using memset()/memcpy() and using bzero()/bcopy().
169
+ *
170
+ * Please define either SHA2_USE_MEMSET_MEMCPY or define
171
+ * SHA2_USE_BZERO_BCOPY depending on which function set you
172
+ * choose to use:
173
+ */
174
+ #if !defined(SHA2_USE_MEMSET_MEMCPY) && !defined(SHA2_USE_BZERO_BCOPY)
175
+ /* Default to memset()/memcpy() if no option is specified */
176
+ #define SHA2_USE_MEMSET_MEMCPY 1
177
+ #endif
178
+ #if defined(SHA2_USE_MEMSET_MEMCPY) && defined(SHA2_USE_BZERO_BCOPY)
179
+ /* Abort with an error if BOTH options are defined */
180
+ #error Define either SHA2_USE_MEMSET_MEMCPY or SHA2_USE_BZERO_BCOPY, not both!
181
+ #endif
182
+
183
+ #ifdef SHA2_USE_MEMSET_MEMCPY
184
+ #define MEMSET_BZERO(p,l) memset((p), 0, (l))
185
+ #define MEMCPY_BCOPY(d,s,l) memcpy((d), (s), (l))
186
+ #endif
187
+ #ifdef SHA2_USE_BZERO_BCOPY
188
+ #define MEMSET_BZERO(p,l) bzero((p), (l))
189
+ #define MEMCPY_BCOPY(d,s,l) bcopy((s), (d), (l))
190
+ #endif
191
+
192
+
193
+ /*** THE SIX LOGICAL FUNCTIONS ****************************************/
194
+ /*
195
+ * Bit shifting and rotation (used by the six SHA-XYZ logical functions:
196
+ *
197
+ * NOTE: The naming of R and S appears backwards here (R is a SHIFT and
198
+ * S is a ROTATION) because the SHA-256/384/512 description document
199
+ * (see http://csrc.nist.gov/cryptval/shs/sha256-384-512.pdf) uses this
200
+ * same "backwards" definition.
201
+ */
202
+ /* Shift-right (used in SHA-256, SHA-384, and SHA-512): */
203
+ #define R(b,x) ((x) >> (b))
204
+ /* 32-bit Rotate-right (used in SHA-256): */
205
+ #define S32(b,x) (((x) >> (b)) | ((x) << (32 - (b))))
206
+ /* 64-bit Rotate-right (used in SHA-384 and SHA-512): */
207
+ #define S64(b,x) (((x) >> (b)) | ((x) << (64 - (b))))
208
+
209
+ /* Two of six logical functions used in SHA-256, SHA-384, and SHA-512: */
210
+ #define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z)))
211
+ #define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
212
+
213
+ /* Four of six logical functions used in SHA-256: */
214
+ #define Sigma0_256(x) (S32(2, (x)) ^ S32(13, (x)) ^ S32(22, (x)))
215
+ #define Sigma1_256(x) (S32(6, (x)) ^ S32(11, (x)) ^ S32(25, (x)))
216
+ #define sigma0_256(x) (S32(7, (x)) ^ S32(18, (x)) ^ R(3 , (x)))
217
+ #define sigma1_256(x) (S32(17, (x)) ^ S32(19, (x)) ^ R(10, (x)))
218
+
219
+ /* Four of six logical functions used in SHA-384 and SHA-512: */
220
+ #define Sigma0_512(x) (S64(28, (x)) ^ S64(34, (x)) ^ S64(39, (x)))
221
+ #define Sigma1_512(x) (S64(14, (x)) ^ S64(18, (x)) ^ S64(41, (x)))
222
+ #define sigma0_512(x) (S64( 1, (x)) ^ S64( 8, (x)) ^ R( 7, (x)))
223
+ #define sigma1_512(x) (S64(19, (x)) ^ S64(61, (x)) ^ R( 6, (x)))
224
+
225
+ /*** INTERNAL FUNCTION PROTOTYPES *************************************/
226
+ /* NOTE: These should not be accessed directly from outside this
227
+ * library -- they are intended for private internal visibility/use
228
+ * only.
229
+ */
230
+ void SHA512_Last(SHA512_CTX*);
231
+ void SHA256_Transform(SHA256_CTX*, const sha2_word32*);
232
+ void SHA512_Transform(SHA512_CTX*, const sha2_word64*);
233
+
234
+
235
+ /*** SHA-XYZ INITIAL HASH VALUES AND CONSTANTS ************************/
236
+ /* Hash constant words K for SHA-256: */
237
+ static const sha2_word32 K256[64] = {
238
+ 0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL,
239
+ 0x3956c25bUL, 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL,
240
+ 0xd807aa98UL, 0x12835b01UL, 0x243185beUL, 0x550c7dc3UL,
241
+ 0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL, 0xc19bf174UL,
242
+ 0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL,
243
+ 0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL,
244
+ 0x983e5152UL, 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL,
245
+ 0xc6e00bf3UL, 0xd5a79147UL, 0x06ca6351UL, 0x14292967UL,
246
+ 0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL, 0x53380d13UL,
247
+ 0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL,
248
+ 0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL,
249
+ 0xd192e819UL, 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL,
250
+ 0x19a4c116UL, 0x1e376c08UL, 0x2748774cUL, 0x34b0bcb5UL,
251
+ 0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL, 0x682e6ff3UL,
252
+ 0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL,
253
+ 0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL
254
+ };
255
+
256
+ /* Initial hash value H for SHA-256: */
257
+ static const sha2_word32 sha256_initial_hash_value[8] = {
258
+ 0x6a09e667UL,
259
+ 0xbb67ae85UL,
260
+ 0x3c6ef372UL,
261
+ 0xa54ff53aUL,
262
+ 0x510e527fUL,
263
+ 0x9b05688cUL,
264
+ 0x1f83d9abUL,
265
+ 0x5be0cd19UL
266
+ };
267
+
268
+ /* Hash constant words K for SHA-384 and SHA-512: */
269
+ static const sha2_word64 K512[80] = {
270
+ ULL(0x428a2f98d728ae22), ULL(0x7137449123ef65cd),
271
+ ULL(0xb5c0fbcfec4d3b2f), ULL(0xe9b5dba58189dbbc),
272
+ ULL(0x3956c25bf348b538), ULL(0x59f111f1b605d019),
273
+ ULL(0x923f82a4af194f9b), ULL(0xab1c5ed5da6d8118),
274
+ ULL(0xd807aa98a3030242), ULL(0x12835b0145706fbe),
275
+ ULL(0x243185be4ee4b28c), ULL(0x550c7dc3d5ffb4e2),
276
+ ULL(0x72be5d74f27b896f), ULL(0x80deb1fe3b1696b1),
277
+ ULL(0x9bdc06a725c71235), ULL(0xc19bf174cf692694),
278
+ ULL(0xe49b69c19ef14ad2), ULL(0xefbe4786384f25e3),
279
+ ULL(0x0fc19dc68b8cd5b5), ULL(0x240ca1cc77ac9c65),
280
+ ULL(0x2de92c6f592b0275), ULL(0x4a7484aa6ea6e483),
281
+ ULL(0x5cb0a9dcbd41fbd4), ULL(0x76f988da831153b5),
282
+ ULL(0x983e5152ee66dfab), ULL(0xa831c66d2db43210),
283
+ ULL(0xb00327c898fb213f), ULL(0xbf597fc7beef0ee4),
284
+ ULL(0xc6e00bf33da88fc2), ULL(0xd5a79147930aa725),
285
+ ULL(0x06ca6351e003826f), ULL(0x142929670a0e6e70),
286
+ ULL(0x27b70a8546d22ffc), ULL(0x2e1b21385c26c926),
287
+ ULL(0x4d2c6dfc5ac42aed), ULL(0x53380d139d95b3df),
288
+ ULL(0x650a73548baf63de), ULL(0x766a0abb3c77b2a8),
289
+ ULL(0x81c2c92e47edaee6), ULL(0x92722c851482353b),
290
+ ULL(0xa2bfe8a14cf10364), ULL(0xa81a664bbc423001),
291
+ ULL(0xc24b8b70d0f89791), ULL(0xc76c51a30654be30),
292
+ ULL(0xd192e819d6ef5218), ULL(0xd69906245565a910),
293
+ ULL(0xf40e35855771202a), ULL(0x106aa07032bbd1b8),
294
+ ULL(0x19a4c116b8d2d0c8), ULL(0x1e376c085141ab53),
295
+ ULL(0x2748774cdf8eeb99), ULL(0x34b0bcb5e19b48a8),
296
+ ULL(0x391c0cb3c5c95a63), ULL(0x4ed8aa4ae3418acb),
297
+ ULL(0x5b9cca4f7763e373), ULL(0x682e6ff3d6b2b8a3),
298
+ ULL(0x748f82ee5defb2fc), ULL(0x78a5636f43172f60),
299
+ ULL(0x84c87814a1f0ab72), ULL(0x8cc702081a6439ec),
300
+ ULL(0x90befffa23631e28), ULL(0xa4506cebde82bde9),
301
+ ULL(0xbef9a3f7b2c67915), ULL(0xc67178f2e372532b),
302
+ ULL(0xca273eceea26619c), ULL(0xd186b8c721c0c207),
303
+ ULL(0xeada7dd6cde0eb1e), ULL(0xf57d4f7fee6ed178),
304
+ ULL(0x06f067aa72176fba), ULL(0x0a637dc5a2c898a6),
305
+ ULL(0x113f9804bef90dae), ULL(0x1b710b35131c471b),
306
+ ULL(0x28db77f523047d84), ULL(0x32caab7b40c72493),
307
+ ULL(0x3c9ebe0a15c9bebc), ULL(0x431d67c49c100d4c),
308
+ ULL(0x4cc5d4becb3e42b6), ULL(0x597f299cfc657e2a),
309
+ ULL(0x5fcb6fab3ad6faec), ULL(0x6c44198c4a475817)
310
+ };
311
+
312
+ /* Initial hash value H for SHA-384 */
313
+ static const sha2_word64 sha384_initial_hash_value[8] = {
314
+ ULL(0xcbbb9d5dc1059ed8),
315
+ ULL(0x629a292a367cd507),
316
+ ULL(0x9159015a3070dd17),
317
+ ULL(0x152fecd8f70e5939),
318
+ ULL(0x67332667ffc00b31),
319
+ ULL(0x8eb44a8768581511),
320
+ ULL(0xdb0c2e0d64f98fa7),
321
+ ULL(0x47b5481dbefa4fa4)
322
+ };
323
+
324
+ /* Initial hash value H for SHA-512 */
325
+ static const sha2_word64 sha512_initial_hash_value[8] = {
326
+ ULL(0x6a09e667f3bcc908),
327
+ ULL(0xbb67ae8584caa73b),
328
+ ULL(0x3c6ef372fe94f82b),
329
+ ULL(0xa54ff53a5f1d36f1),
330
+ ULL(0x510e527fade682d1),
331
+ ULL(0x9b05688c2b3e6c1f),
332
+ ULL(0x1f83d9abfb41bd6b),
333
+ ULL(0x5be0cd19137e2179)
334
+ };
335
+
336
+ /*
337
+ * Constant used by SHA256/384/512_End() functions for converting the
338
+ * digest to a readable hexadecimal character string:
339
+ */
340
+ static const char *sha2_hex_digits = "0123456789abcdef";
341
+
342
+
343
+ /*** SHA-256: *********************************************************/
344
+ int SHA256_Init(SHA256_CTX* context) {
345
+ if (context == (SHA256_CTX*)0) {
346
+ return 0;
347
+ }
348
+ MEMCPY_BCOPY(context->state, sha256_initial_hash_value, SHA256_DIGEST_LENGTH);
349
+ MEMSET_BZERO(context->buffer, SHA256_BLOCK_LENGTH);
350
+ context->bitcount = 0;
351
+ return 1;
352
+ }
353
+
354
+ #ifdef SHA2_UNROLL_TRANSFORM
355
+
356
+ /* Unrolled SHA-256 round macros: */
357
+
358
+ #if BYTE_ORDER == LITTLE_ENDIAN
359
+
360
+ #define ROUND256_0_TO_15(a,b,c,d,e,f,g,h) \
361
+ REVERSE32(*data++, W256[j]); \
362
+ T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + \
363
+ K256[j] + W256[j]; \
364
+ (d) += T1; \
365
+ (h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \
366
+ j++
367
+
368
+
369
+ #else /* BYTE_ORDER == LITTLE_ENDIAN */
370
+
371
+ #define ROUND256_0_TO_15(a,b,c,d,e,f,g,h) \
372
+ T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + \
373
+ K256[j] + (W256[j] = *data++); \
374
+ (d) += T1; \
375
+ (h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \
376
+ j++
377
+
378
+ #endif /* BYTE_ORDER == LITTLE_ENDIAN */
379
+
380
+ #define ROUND256(a,b,c,d,e,f,g,h) \
381
+ s0 = W256[(j+1)&0x0f]; \
382
+ s0 = sigma0_256(s0); \
383
+ s1 = W256[(j+14)&0x0f]; \
384
+ s1 = sigma1_256(s1); \
385
+ T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + K256[j] + \
386
+ (W256[j&0x0f] += s1 + W256[(j+9)&0x0f] + s0); \
387
+ (d) += T1; \
388
+ (h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \
389
+ j++
390
+
391
+ void SHA256_Transform(SHA256_CTX* context, const sha2_word32* data) {
392
+ sha2_word32 a, b, c, d, e, f, g, h, s0, s1;
393
+ sha2_word32 T1, *W256;
394
+ int j;
395
+
396
+ W256 = (sha2_word32*)context->buffer;
397
+
398
+ /* Initialize registers with the prev. intermediate value */
399
+ a = context->state[0];
400
+ b = context->state[1];
401
+ c = context->state[2];
402
+ d = context->state[3];
403
+ e = context->state[4];
404
+ f = context->state[5];
405
+ g = context->state[6];
406
+ h = context->state[7];
407
+
408
+ j = 0;
409
+ do {
410
+ /* Rounds 0 to 15 (unrolled): */
411
+ ROUND256_0_TO_15(a,b,c,d,e,f,g,h);
412
+ ROUND256_0_TO_15(h,a,b,c,d,e,f,g);
413
+ ROUND256_0_TO_15(g,h,a,b,c,d,e,f);
414
+ ROUND256_0_TO_15(f,g,h,a,b,c,d,e);
415
+ ROUND256_0_TO_15(e,f,g,h,a,b,c,d);
416
+ ROUND256_0_TO_15(d,e,f,g,h,a,b,c);
417
+ ROUND256_0_TO_15(c,d,e,f,g,h,a,b);
418
+ ROUND256_0_TO_15(b,c,d,e,f,g,h,a);
419
+ } while (j < 16);
420
+
421
+ /* Now for the remaining rounds to 64: */
422
+ do {
423
+ ROUND256(a,b,c,d,e,f,g,h);
424
+ ROUND256(h,a,b,c,d,e,f,g);
425
+ ROUND256(g,h,a,b,c,d,e,f);
426
+ ROUND256(f,g,h,a,b,c,d,e);
427
+ ROUND256(e,f,g,h,a,b,c,d);
428
+ ROUND256(d,e,f,g,h,a,b,c);
429
+ ROUND256(c,d,e,f,g,h,a,b);
430
+ ROUND256(b,c,d,e,f,g,h,a);
431
+ } while (j < 64);
432
+
433
+ /* Compute the current intermediate hash value */
434
+ context->state[0] += a;
435
+ context->state[1] += b;
436
+ context->state[2] += c;
437
+ context->state[3] += d;
438
+ context->state[4] += e;
439
+ context->state[5] += f;
440
+ context->state[6] += g;
441
+ context->state[7] += h;
442
+
443
+ /* Clean up */
444
+ a = b = c = d = e = f = g = h = T1 = 0;
445
+ }
446
+
447
+ #else /* SHA2_UNROLL_TRANSFORM */
448
+
449
+ void SHA256_Transform(SHA256_CTX* context, const sha2_word32* data) {
450
+ sha2_word32 a, b, c, d, e, f, g, h, s0, s1;
451
+ sha2_word32 T1, T2, *W256;
452
+ int j;
453
+
454
+ W256 = (sha2_word32*)context->buffer;
455
+
456
+ /* Initialize registers with the prev. intermediate value */
457
+ a = context->state[0];
458
+ b = context->state[1];
459
+ c = context->state[2];
460
+ d = context->state[3];
461
+ e = context->state[4];
462
+ f = context->state[5];
463
+ g = context->state[6];
464
+ h = context->state[7];
465
+
466
+ j = 0;
467
+ do {
468
+ #if BYTE_ORDER == LITTLE_ENDIAN
469
+ /* Copy data while converting to host byte order */
470
+ REVERSE32(*data++,W256[j]);
471
+ /* Apply the SHA-256 compression function to update a..h */
472
+ T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + W256[j];
473
+ #else /* BYTE_ORDER == LITTLE_ENDIAN */
474
+ /* Apply the SHA-256 compression function to update a..h with copy */
475
+ T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + (W256[j] = *data++);
476
+ #endif /* BYTE_ORDER == LITTLE_ENDIAN */
477
+ T2 = Sigma0_256(a) + Maj(a, b, c);
478
+ h = g;
479
+ g = f;
480
+ f = e;
481
+ e = d + T1;
482
+ d = c;
483
+ c = b;
484
+ b = a;
485
+ a = T1 + T2;
486
+
487
+ j++;
488
+ } while (j < 16);
489
+
490
+ do {
491
+ /* Part of the message block expansion: */
492
+ s0 = W256[(j+1)&0x0f];
493
+ s0 = sigma0_256(s0);
494
+ s1 = W256[(j+14)&0x0f];
495
+ s1 = sigma1_256(s1);
496
+
497
+ /* Apply the SHA-256 compression function to update a..h */
498
+ T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] +
499
+ (W256[j&0x0f] += s1 + W256[(j+9)&0x0f] + s0);
500
+ T2 = Sigma0_256(a) + Maj(a, b, c);
501
+ h = g;
502
+ g = f;
503
+ f = e;
504
+ e = d + T1;
505
+ d = c;
506
+ c = b;
507
+ b = a;
508
+ a = T1 + T2;
509
+
510
+ j++;
511
+ } while (j < 64);
512
+
513
+ /* Compute the current intermediate hash value */
514
+ context->state[0] += a;
515
+ context->state[1] += b;
516
+ context->state[2] += c;
517
+ context->state[3] += d;
518
+ context->state[4] += e;
519
+ context->state[5] += f;
520
+ context->state[6] += g;
521
+ context->state[7] += h;
522
+
523
+ /* Clean up */
524
+ a = b = c = d = e = f = g = h = T1 = T2 = 0;
525
+ }
526
+
527
+ #endif /* SHA2_UNROLL_TRANSFORM */
528
+
529
+ void SHA256_Update(SHA256_CTX* context, const sha2_byte *data, size_t len) {
530
+ unsigned int freespace, usedspace;
531
+
532
+ if (len == 0) {
533
+ /* Calling with no data is valid - we do nothing */
534
+ return;
535
+ }
536
+
537
+ /* Sanity check: */
538
+ assert(context != (SHA256_CTX*)0 && data != (sha2_byte*)0);
539
+
540
+ usedspace = (unsigned int)((context->bitcount >> 3) % SHA256_BLOCK_LENGTH);
541
+ if (usedspace > 0) {
542
+ /* Calculate how much free space is available in the buffer */
543
+ freespace = SHA256_BLOCK_LENGTH - usedspace;
544
+
545
+ if (len >= freespace) {
546
+ /* Fill the buffer completely and process it */
547
+ MEMCPY_BCOPY(&context->buffer[usedspace], data, freespace);
548
+ context->bitcount += freespace << 3;
549
+ len -= freespace;
550
+ data += freespace;
551
+ SHA256_Transform(context, (sha2_word32*)context->buffer);
552
+ } else {
553
+ /* The buffer is not yet full */
554
+ MEMCPY_BCOPY(&context->buffer[usedspace], data, len);
555
+ context->bitcount += len << 3;
556
+ /* Clean up: */
557
+ usedspace = freespace = 0;
558
+ return;
559
+ }
560
+ }
561
+ while (len >= SHA256_BLOCK_LENGTH) {
562
+ /* Process as many complete blocks as we can */
563
+ MEMCPY_BCOPY(context->buffer, data, SHA256_BLOCK_LENGTH);
564
+ SHA256_Transform(context, (sha2_word32*)context->buffer);
565
+ context->bitcount += SHA256_BLOCK_LENGTH << 3;
566
+ len -= SHA256_BLOCK_LENGTH;
567
+ data += SHA256_BLOCK_LENGTH;
568
+ }
569
+ if (len > 0) {
570
+ /* There's left-overs, so save 'em */
571
+ MEMCPY_BCOPY(context->buffer, data, len);
572
+ context->bitcount += len << 3;
573
+ }
574
+ /* Clean up: */
575
+ usedspace = freespace = 0;
576
+ }
577
+
578
+ int SHA256_Final(sha2_byte digest[], SHA256_CTX* context) {
579
+ sha2_word32 *d = (sha2_word32*)digest;
580
+ unsigned int usedspace;
581
+
582
+ /* Sanity check: */
583
+ assert(context != (SHA256_CTX*)0);
584
+
585
+ /* If no digest buffer is passed, we don't bother doing this: */
586
+ if (digest != (sha2_byte*)0) {
587
+ usedspace = (unsigned int)((context->bitcount >> 3) % SHA256_BLOCK_LENGTH);
588
+ #if BYTE_ORDER == LITTLE_ENDIAN
589
+ /* Convert FROM host byte order */
590
+ REVERSE64(context->bitcount,context->bitcount);
591
+ #endif
592
+ if (usedspace > 0) {
593
+ /* Begin padding with a 1 bit: */
594
+ context->buffer[usedspace++] = 0x80;
595
+
596
+ if (usedspace <= SHA256_SHORT_BLOCK_LENGTH) {
597
+ /* Set-up for the last transform: */
598
+ MEMSET_BZERO(&context->buffer[usedspace], SHA256_SHORT_BLOCK_LENGTH - usedspace);
599
+ } else {
600
+ if (usedspace < SHA256_BLOCK_LENGTH) {
601
+ MEMSET_BZERO(&context->buffer[usedspace], SHA256_BLOCK_LENGTH - usedspace);
602
+ }
603
+ /* Do second-to-last transform: */
604
+ SHA256_Transform(context, (sha2_word32*)context->buffer);
605
+
606
+ /* And set-up for the last transform: */
607
+ MEMSET_BZERO(context->buffer, SHA256_SHORT_BLOCK_LENGTH);
608
+ }
609
+ } else {
610
+ /* Set-up for the last transform: */
611
+ MEMSET_BZERO(context->buffer, SHA256_SHORT_BLOCK_LENGTH);
612
+
613
+ /* Begin padding with a 1 bit: */
614
+ *context->buffer = 0x80;
615
+ }
616
+ /* Set the bit count: */
617
+ MEMCPY_BCOPY(&context->buffer[SHA256_SHORT_BLOCK_LENGTH], &context->bitcount,
618
+ sizeof(sha2_word64));
619
+
620
+ /* Final transform: */
621
+ SHA256_Transform(context, (sha2_word32*)context->buffer);
622
+
623
+ #if BYTE_ORDER == LITTLE_ENDIAN
624
+ {
625
+ /* Convert TO host byte order */
626
+ int j;
627
+ for (j = 0; j < 8; j++) {
628
+ REVERSE32(context->state[j],context->state[j]);
629
+ *d++ = context->state[j];
630
+ }
631
+ }
632
+ #else
633
+ MEMCPY_BCOPY(d, context->state, SHA256_DIGEST_LENGTH);
634
+ #endif
635
+ }
636
+
637
+ /* Clean up state data: */
638
+ MEMSET_BZERO(context, sizeof(*context));
639
+ usedspace = 0;
640
+ return 1;
641
+ }
642
+
643
+ char *SHA256_End(SHA256_CTX* context, char buffer[]) {
644
+ sha2_byte digest[SHA256_DIGEST_LENGTH], *d = digest;
645
+ int i;
646
+
647
+ /* Sanity check: */
648
+ assert(context != (SHA256_CTX*)0);
649
+
650
+ if (buffer != (char*)0) {
651
+ SHA256_Final(digest, context);
652
+ for (i = 0; i < SHA256_DIGEST_LENGTH; i++) {
653
+ *buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4];
654
+ *buffer++ = sha2_hex_digits[*d & 0x0f];
655
+ d++;
656
+ }
657
+ *buffer = (char)0;
658
+ } else {
659
+ MEMSET_BZERO(context, sizeof(*context));
660
+ }
661
+ MEMSET_BZERO(digest, SHA256_DIGEST_LENGTH);
662
+ return buffer;
663
+ }
664
+
665
+ char* SHA256_Data(const sha2_byte* data, size_t len, char digest[SHA256_DIGEST_STRING_LENGTH]) {
666
+ SHA256_CTX context;
667
+
668
+ SHA256_Init(&context);
669
+ SHA256_Update(&context, data, len);
670
+ return SHA256_End(&context, digest);
671
+ }
672
+
673
+
674
+ /*** SHA-512: *********************************************************/
675
+ int SHA512_Init(SHA512_CTX* context) {
676
+ if (context == (SHA512_CTX*)0) {
677
+ return 0;
678
+ }
679
+ MEMCPY_BCOPY(context->state, sha512_initial_hash_value, SHA512_DIGEST_LENGTH);
680
+ MEMSET_BZERO(context->buffer, SHA512_BLOCK_LENGTH);
681
+ context->bitcount[0] = context->bitcount[1] = 0;
682
+ return 1;
683
+ }
684
+
685
+ #ifdef SHA2_UNROLL_TRANSFORM
686
+
687
+ /* Unrolled SHA-512 round macros: */
688
+ #if BYTE_ORDER == LITTLE_ENDIAN
689
+
690
+ #define ROUND512_0_TO_15(a,b,c,d,e,f,g,h) \
691
+ REVERSE64(*data++, W512[j]); \
692
+ T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + \
693
+ K512[j] + W512[j]; \
694
+ (d) += T1, \
695
+ (h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)), \
696
+ j++
697
+
698
+
699
+ #else /* BYTE_ORDER == LITTLE_ENDIAN */
700
+
701
+ #define ROUND512_0_TO_15(a,b,c,d,e,f,g,h) \
702
+ T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + \
703
+ K512[j] + (W512[j] = *data++); \
704
+ (d) += T1; \
705
+ (h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)); \
706
+ j++
707
+
708
+ #endif /* BYTE_ORDER == LITTLE_ENDIAN */
709
+
710
+ #define ROUND512(a,b,c,d,e,f,g,h) \
711
+ s0 = W512[(j+1)&0x0f]; \
712
+ s0 = sigma0_512(s0); \
713
+ s1 = W512[(j+14)&0x0f]; \
714
+ s1 = sigma1_512(s1); \
715
+ T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + K512[j] + \
716
+ (W512[j&0x0f] += s1 + W512[(j+9)&0x0f] + s0); \
717
+ (d) += T1; \
718
+ (h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)); \
719
+ j++
720
+
721
+ void SHA512_Transform(SHA512_CTX* context, const sha2_word64* data) {
722
+ sha2_word64 a, b, c, d, e, f, g, h, s0, s1;
723
+ sha2_word64 T1, *W512 = (sha2_word64*)context->buffer;
724
+ int j;
725
+
726
+ /* Initialize registers with the prev. intermediate value */
727
+ a = context->state[0];
728
+ b = context->state[1];
729
+ c = context->state[2];
730
+ d = context->state[3];
731
+ e = context->state[4];
732
+ f = context->state[5];
733
+ g = context->state[6];
734
+ h = context->state[7];
735
+
736
+ j = 0;
737
+ do {
738
+ ROUND512_0_TO_15(a,b,c,d,e,f,g,h);
739
+ ROUND512_0_TO_15(h,a,b,c,d,e,f,g);
740
+ ROUND512_0_TO_15(g,h,a,b,c,d,e,f);
741
+ ROUND512_0_TO_15(f,g,h,a,b,c,d,e);
742
+ ROUND512_0_TO_15(e,f,g,h,a,b,c,d);
743
+ ROUND512_0_TO_15(d,e,f,g,h,a,b,c);
744
+ ROUND512_0_TO_15(c,d,e,f,g,h,a,b);
745
+ ROUND512_0_TO_15(b,c,d,e,f,g,h,a);
746
+ } while (j < 16);
747
+
748
+ /* Now for the remaining rounds up to 79: */
749
+ do {
750
+ ROUND512(a,b,c,d,e,f,g,h);
751
+ ROUND512(h,a,b,c,d,e,f,g);
752
+ ROUND512(g,h,a,b,c,d,e,f);
753
+ ROUND512(f,g,h,a,b,c,d,e);
754
+ ROUND512(e,f,g,h,a,b,c,d);
755
+ ROUND512(d,e,f,g,h,a,b,c);
756
+ ROUND512(c,d,e,f,g,h,a,b);
757
+ ROUND512(b,c,d,e,f,g,h,a);
758
+ } while (j < 80);
759
+
760
+ /* Compute the current intermediate hash value */
761
+ context->state[0] += a;
762
+ context->state[1] += b;
763
+ context->state[2] += c;
764
+ context->state[3] += d;
765
+ context->state[4] += e;
766
+ context->state[5] += f;
767
+ context->state[6] += g;
768
+ context->state[7] += h;
769
+
770
+ /* Clean up */
771
+ a = b = c = d = e = f = g = h = T1 = 0;
772
+ }
773
+
774
+ #else /* SHA2_UNROLL_TRANSFORM */
775
+
776
+ void SHA512_Transform(SHA512_CTX* context, const sha2_word64* data) {
777
+ sha2_word64 a, b, c, d, e, f, g, h, s0, s1;
778
+ sha2_word64 T1, T2, *W512 = (sha2_word64*)context->buffer;
779
+ int j;
780
+
781
+ /* Initialize registers with the prev. intermediate value */
782
+ a = context->state[0];
783
+ b = context->state[1];
784
+ c = context->state[2];
785
+ d = context->state[3];
786
+ e = context->state[4];
787
+ f = context->state[5];
788
+ g = context->state[6];
789
+ h = context->state[7];
790
+
791
+ j = 0;
792
+ do {
793
+ #if BYTE_ORDER == LITTLE_ENDIAN
794
+ /* Convert TO host byte order */
795
+ REVERSE64(*data++, W512[j]);
796
+ /* Apply the SHA-512 compression function to update a..h */
797
+ T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + W512[j];
798
+ #else /* BYTE_ORDER == LITTLE_ENDIAN */
799
+ /* Apply the SHA-512 compression function to update a..h with copy */
800
+ T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + (W512[j] = *data++);
801
+ #endif /* BYTE_ORDER == LITTLE_ENDIAN */
802
+ T2 = Sigma0_512(a) + Maj(a, b, c);
803
+ h = g;
804
+ g = f;
805
+ f = e;
806
+ e = d + T1;
807
+ d = c;
808
+ c = b;
809
+ b = a;
810
+ a = T1 + T2;
811
+
812
+ j++;
813
+ } while (j < 16);
814
+
815
+ do {
816
+ /* Part of the message block expansion: */
817
+ s0 = W512[(j+1)&0x0f];
818
+ s0 = sigma0_512(s0);
819
+ s1 = W512[(j+14)&0x0f];
820
+ s1 = sigma1_512(s1);
821
+
822
+ /* Apply the SHA-512 compression function to update a..h */
823
+ T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] +
824
+ (W512[j&0x0f] += s1 + W512[(j+9)&0x0f] + s0);
825
+ T2 = Sigma0_512(a) + Maj(a, b, c);
826
+ h = g;
827
+ g = f;
828
+ f = e;
829
+ e = d + T1;
830
+ d = c;
831
+ c = b;
832
+ b = a;
833
+ a = T1 + T2;
834
+
835
+ j++;
836
+ } while (j < 80);
837
+
838
+ /* Compute the current intermediate hash value */
839
+ context->state[0] += a;
840
+ context->state[1] += b;
841
+ context->state[2] += c;
842
+ context->state[3] += d;
843
+ context->state[4] += e;
844
+ context->state[5] += f;
845
+ context->state[6] += g;
846
+ context->state[7] += h;
847
+
848
+ /* Clean up */
849
+ a = b = c = d = e = f = g = h = T1 = T2 = 0;
850
+ }
851
+
852
+ #endif /* SHA2_UNROLL_TRANSFORM */
853
+
854
+ void SHA512_Update(SHA512_CTX* context, const sha2_byte *data, size_t len) {
855
+ unsigned int freespace, usedspace;
856
+
857
+ if (len == 0) {
858
+ /* Calling with no data is valid - we do nothing */
859
+ return;
860
+ }
861
+
862
+ /* Sanity check: */
863
+ assert(context != (SHA512_CTX*)0 && data != (sha2_byte*)0);
864
+
865
+ usedspace = (unsigned int)((context->bitcount[0] >> 3) % SHA512_BLOCK_LENGTH);
866
+ if (usedspace > 0) {
867
+ /* Calculate how much free space is available in the buffer */
868
+ freespace = SHA512_BLOCK_LENGTH - usedspace;
869
+
870
+ if (len >= freespace) {
871
+ /* Fill the buffer completely and process it */
872
+ MEMCPY_BCOPY(&context->buffer[usedspace], data, freespace);
873
+ ADDINC128(context->bitcount, freespace << 3);
874
+ len -= freespace;
875
+ data += freespace;
876
+ SHA512_Transform(context, (sha2_word64*)context->buffer);
877
+ } else {
878
+ /* The buffer is not yet full */
879
+ MEMCPY_BCOPY(&context->buffer[usedspace], data, len);
880
+ ADDINC128(context->bitcount, len << 3);
881
+ /* Clean up: */
882
+ usedspace = freespace = 0;
883
+ return;
884
+ }
885
+ }
886
+ while (len >= SHA512_BLOCK_LENGTH) {
887
+ /* Process as many complete blocks as we can */
888
+ MEMCPY_BCOPY(context->buffer, data, SHA512_BLOCK_LENGTH);
889
+ SHA512_Transform(context, (sha2_word64*)context->buffer);
890
+ ADDINC128(context->bitcount, SHA512_BLOCK_LENGTH << 3);
891
+ len -= SHA512_BLOCK_LENGTH;
892
+ data += SHA512_BLOCK_LENGTH;
893
+ }
894
+ if (len > 0) {
895
+ /* There's left-overs, so save 'em */
896
+ MEMCPY_BCOPY(context->buffer, data, len);
897
+ ADDINC128(context->bitcount, len << 3);
898
+ }
899
+ /* Clean up: */
900
+ usedspace = freespace = 0;
901
+ }
902
+
903
+ void SHA512_Last(SHA512_CTX* context) {
904
+ unsigned int usedspace;
905
+
906
+ usedspace = (unsigned int)((context->bitcount[0] >> 3) % SHA512_BLOCK_LENGTH);
907
+ #if BYTE_ORDER == LITTLE_ENDIAN
908
+ /* Convert FROM host byte order */
909
+ REVERSE64(context->bitcount[0],context->bitcount[0]);
910
+ REVERSE64(context->bitcount[1],context->bitcount[1]);
911
+ #endif
912
+ if (usedspace > 0) {
913
+ /* Begin padding with a 1 bit: */
914
+ context->buffer[usedspace++] = 0x80;
915
+
916
+ if (usedspace <= SHA512_SHORT_BLOCK_LENGTH) {
917
+ /* Set-up for the last transform: */
918
+ MEMSET_BZERO(&context->buffer[usedspace], SHA512_SHORT_BLOCK_LENGTH - usedspace);
919
+ } else {
920
+ if (usedspace < SHA512_BLOCK_LENGTH) {
921
+ MEMSET_BZERO(&context->buffer[usedspace], SHA512_BLOCK_LENGTH - usedspace);
922
+ }
923
+ /* Do second-to-last transform: */
924
+ SHA512_Transform(context, (sha2_word64*)context->buffer);
925
+
926
+ /* And set-up for the last transform: */
927
+ MEMSET_BZERO(context->buffer, SHA512_BLOCK_LENGTH - 2);
928
+ }
929
+ } else {
930
+ /* Prepare for final transform: */
931
+ MEMSET_BZERO(context->buffer, SHA512_SHORT_BLOCK_LENGTH);
932
+
933
+ /* Begin padding with a 1 bit: */
934
+ *context->buffer = 0x80;
935
+ }
936
+ /* Store the length of input data (in bits): */
937
+ MEMCPY_BCOPY(&context->buffer[SHA512_SHORT_BLOCK_LENGTH], &context->bitcount[1],
938
+ sizeof(sha2_word64));
939
+ MEMCPY_BCOPY(&context->buffer[SHA512_SHORT_BLOCK_LENGTH+8], &context->bitcount[0],
940
+ sizeof(sha2_word64));
941
+
942
+ /* Final transform: */
943
+ SHA512_Transform(context, (sha2_word64*)context->buffer);
944
+ }
945
+
946
+ int SHA512_Final(sha2_byte digest[], SHA512_CTX* context) {
947
+ sha2_word64 *d = (sha2_word64*)digest;
948
+
949
+ /* Sanity check: */
950
+ assert(context != (SHA512_CTX*)0);
951
+
952
+ /* If no digest buffer is passed, we don't bother doing this: */
953
+ if (digest != (sha2_byte*)0) {
954
+ SHA512_Last(context);
955
+
956
+ /* Save the hash data for output: */
957
+ #if BYTE_ORDER == LITTLE_ENDIAN
958
+ {
959
+ /* Convert TO host byte order */
960
+ int j;
961
+ for (j = 0; j < 8; j++) {
962
+ REVERSE64(context->state[j],context->state[j]);
963
+ *d++ = context->state[j];
964
+ }
965
+ }
966
+ #else
967
+ MEMCPY_BCOPY(d, context->state, SHA512_DIGEST_LENGTH);
968
+ #endif
969
+ }
970
+
971
+ /* Zero out state data */
972
+ MEMSET_BZERO(context, sizeof(*context));
973
+ return 1;
974
+ }
975
+
976
+ char *SHA512_End(SHA512_CTX* context, char buffer[]) {
977
+ sha2_byte digest[SHA512_DIGEST_LENGTH], *d = digest;
978
+ int i;
979
+
980
+ /* Sanity check: */
981
+ assert(context != (SHA512_CTX*)0);
982
+
983
+ if (buffer != (char*)0) {
984
+ SHA512_Final(digest, context);
985
+ for (i = 0; i < SHA512_DIGEST_LENGTH; i++) {
986
+ *buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4];
987
+ *buffer++ = sha2_hex_digits[*d & 0x0f];
988
+ d++;
989
+ }
990
+ *buffer = (char)0;
991
+ } else {
992
+ MEMSET_BZERO(context, sizeof(*context));
993
+ }
994
+ MEMSET_BZERO(digest, SHA512_DIGEST_LENGTH);
995
+ return buffer;
996
+ }
997
+
998
+ char* SHA512_Data(const sha2_byte* data, size_t len, char digest[SHA512_DIGEST_STRING_LENGTH]) {
999
+ SHA512_CTX context;
1000
+
1001
+ SHA512_Init(&context);
1002
+ SHA512_Update(&context, data, len);
1003
+ return SHA512_End(&context, digest);
1004
+ }
1005
+
1006
+
1007
+ /*** SHA-384: *********************************************************/
1008
+ int SHA384_Init(SHA384_CTX* context) {
1009
+ if (context == (SHA384_CTX*)0) {
1010
+ return 0;
1011
+ }
1012
+ MEMCPY_BCOPY(context->state, sha384_initial_hash_value, SHA512_DIGEST_LENGTH);
1013
+ MEMSET_BZERO(context->buffer, SHA384_BLOCK_LENGTH);
1014
+ context->bitcount[0] = context->bitcount[1] = 0;
1015
+ return 1;
1016
+ }
1017
+
1018
+ void SHA384_Update(SHA384_CTX* context, const sha2_byte* data, size_t len) {
1019
+ SHA512_Update((SHA512_CTX*)context, data, len);
1020
+ }
1021
+
1022
+ int SHA384_Final(sha2_byte digest[], SHA384_CTX* context) {
1023
+ sha2_word64 *d = (sha2_word64*)digest;
1024
+
1025
+ /* Sanity check: */
1026
+ assert(context != (SHA384_CTX*)0);
1027
+
1028
+ /* If no digest buffer is passed, we don't bother doing this: */
1029
+ if (digest != (sha2_byte*)0) {
1030
+ SHA512_Last((SHA512_CTX*)context);
1031
+
1032
+ /* Save the hash data for output: */
1033
+ #if BYTE_ORDER == LITTLE_ENDIAN
1034
+ {
1035
+ /* Convert TO host byte order */
1036
+ int j;
1037
+ for (j = 0; j < 6; j++) {
1038
+ REVERSE64(context->state[j],context->state[j]);
1039
+ *d++ = context->state[j];
1040
+ }
1041
+ }
1042
+ #else
1043
+ MEMCPY_BCOPY(d, context->state, SHA384_DIGEST_LENGTH);
1044
+ #endif
1045
+ }
1046
+
1047
+ /* Zero out state data */
1048
+ MEMSET_BZERO(context, sizeof(*context));
1049
+ return 1;
1050
+ }
1051
+
1052
+ char *SHA384_End(SHA384_CTX* context, char buffer[]) {
1053
+ sha2_byte digest[SHA384_DIGEST_LENGTH], *d = digest;
1054
+ int i;
1055
+
1056
+ /* Sanity check: */
1057
+ assert(context != (SHA384_CTX*)0);
1058
+
1059
+ if (buffer != (char*)0) {
1060
+ SHA384_Final(digest, context);
1061
+ for (i = 0; i < SHA384_DIGEST_LENGTH; i++) {
1062
+ *buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4];
1063
+ *buffer++ = sha2_hex_digits[*d & 0x0f];
1064
+ d++;
1065
+ }
1066
+ *buffer = (char)0;
1067
+ } else {
1068
+ MEMSET_BZERO(context, sizeof(*context));
1069
+ }
1070
+ MEMSET_BZERO(digest, SHA384_DIGEST_LENGTH);
1071
+ return buffer;
1072
+ }
1073
+
1074
+ char* SHA384_Data(const sha2_byte* data, size_t len, char digest[SHA384_DIGEST_STRING_LENGTH]) {
1075
+ SHA384_CTX context;
1076
+
1077
+ SHA384_Init(&context);
1078
+ SHA384_Update(&context, data, len);
1079
+ return SHA384_End(&context, digest);
1080
+ }
1081
+