digest 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/.gitignore +12 -0
- data/.travis.yml +8 -0
- data/Gemfile +6 -0
- data/LICENSE.txt +22 -0
- data/README.md +97 -0
- data/Rakefile +15 -0
- data/bin/console +14 -0
- data/bin/setup +8 -0
- data/digest.gemspec +45 -0
- data/ext/digest/bubblebabble/bubblebabble.c +147 -0
- data/ext/digest/bubblebabble/extconf.rb +6 -0
- data/ext/digest/defs.h +19 -0
- data/ext/digest/digest.c +821 -0
- data/ext/digest/digest.h +64 -0
- data/ext/digest/digest_conf.rb +17 -0
- data/ext/digest/extconf.rb +11 -0
- data/ext/digest/md5/extconf.rb +19 -0
- data/ext/digest/md5/md5.c +424 -0
- data/ext/digest/md5/md5.h +80 -0
- data/ext/digest/md5/md5cc.h +19 -0
- data/ext/digest/md5/md5init.c +64 -0
- data/ext/digest/rmd160/extconf.rb +19 -0
- data/ext/digest/rmd160/rmd160.c +463 -0
- data/ext/digest/rmd160/rmd160.h +56 -0
- data/ext/digest/rmd160/rmd160init.c +60 -0
- data/ext/digest/sha1/extconf.rb +19 -0
- data/ext/digest/sha1/sha1.c +271 -0
- data/ext/digest/sha1/sha1.h +39 -0
- data/ext/digest/sha1/sha1cc.h +14 -0
- data/ext/digest/sha1/sha1init.c +66 -0
- data/ext/digest/sha2/extconf.rb +21 -0
- data/ext/digest/sha2/lib/sha2.rb +142 -0
- data/ext/digest/sha2/sha2.c +1081 -0
- data/ext/digest/sha2/sha2.h +225 -0
- data/ext/digest/sha2/sha2cc.h +31 -0
- data/ext/digest/sha2/sha2init.c +55 -0
- data/ext/digest/test.sh +30 -0
- data/ext/openssl/deprecation.rb +23 -0
- data/lib/digest.rb +109 -0
- metadata +132 -0
@@ -0,0 +1,14 @@
|
|
1
|
+
#define COMMON_DIGEST_FOR_OPENSSL 1
|
2
|
+
#include <CommonCrypto/CommonDigest.h>
|
3
|
+
|
4
|
+
#define SHA1_BLOCK_LENGTH CC_SHA1_BLOCK_BYTES
|
5
|
+
#define SHA1_DIGEST_LENGTH CC_SHA1_DIGEST_LENGTH
|
6
|
+
#define SHA1_CTX CC_SHA1_CTX
|
7
|
+
|
8
|
+
static DEFINE_UPDATE_FUNC_FOR_UINT(SHA1)
|
9
|
+
static DEFINE_FINISH_FUNC_FROM_FINAL(SHA1)
|
10
|
+
|
11
|
+
#undef SHA1_Update
|
12
|
+
#undef SHA1_Finish
|
13
|
+
#define SHA1_Update rb_digest_SHA1_update
|
14
|
+
#define SHA1_Finish rb_digest_SHA1_finish
|
@@ -0,0 +1,66 @@
|
|
1
|
+
/* $RoughId: sha1init.c,v 1.2 2001/07/13 19:49:10 knu Exp $ */
|
2
|
+
/* $Id$ */
|
3
|
+
|
4
|
+
#include <ruby/ruby.h>
|
5
|
+
#include "../digest.h"
|
6
|
+
#if defined(SHA1_USE_COMMONDIGEST)
|
7
|
+
#include "sha1cc.h"
|
8
|
+
#else
|
9
|
+
#include "sha1.h"
|
10
|
+
#endif
|
11
|
+
|
12
|
+
static const rb_digest_metadata_t sha1 = {
|
13
|
+
RUBY_DIGEST_API_VERSION,
|
14
|
+
SHA1_DIGEST_LENGTH,
|
15
|
+
SHA1_BLOCK_LENGTH,
|
16
|
+
sizeof(SHA1_CTX),
|
17
|
+
(rb_digest_hash_init_func_t)SHA1_Init,
|
18
|
+
(rb_digest_hash_update_func_t)SHA1_Update,
|
19
|
+
(rb_digest_hash_finish_func_t)SHA1_Finish,
|
20
|
+
};
|
21
|
+
|
22
|
+
/*
|
23
|
+
* Document-class: Digest::SHA1 < Digest::Base
|
24
|
+
* A class for calculating message digests using the SHA-1 Secure Hash
|
25
|
+
* Algorithm by NIST (the US' National Institute of Standards and
|
26
|
+
* Technology), described in FIPS PUB 180-1.
|
27
|
+
*
|
28
|
+
* See Digest::Instance for digest API.
|
29
|
+
*
|
30
|
+
* SHA-1 calculates a digest of 160 bits (20 bytes).
|
31
|
+
*
|
32
|
+
* == Examples
|
33
|
+
* require 'digest'
|
34
|
+
*
|
35
|
+
* # Compute a complete digest
|
36
|
+
* Digest::SHA1.hexdigest 'abc' #=> "a9993e36..."
|
37
|
+
*
|
38
|
+
* # Compute digest by chunks
|
39
|
+
* sha1 = Digest::SHA1.new # =>#<Digest::SHA1>
|
40
|
+
* sha1.update "ab"
|
41
|
+
* sha1 << "c" # alias for #update
|
42
|
+
* sha1.hexdigest # => "a9993e36..."
|
43
|
+
*
|
44
|
+
* # Use the same object to compute another digest
|
45
|
+
* sha1.reset
|
46
|
+
* sha1 << "message"
|
47
|
+
* sha1.hexdigest # => "6f9b9af3..."
|
48
|
+
*/
|
49
|
+
void
|
50
|
+
Init_sha1(void)
|
51
|
+
{
|
52
|
+
VALUE mDigest, cDigest_Base, cDigest_SHA1;
|
53
|
+
|
54
|
+
#if 0
|
55
|
+
mDigest = rb_define_module("Digest"); /* let rdoc know */
|
56
|
+
#endif
|
57
|
+
mDigest = rb_digest_namespace();
|
58
|
+
cDigest_Base = rb_path2class("Digest::Base");
|
59
|
+
|
60
|
+
cDigest_SHA1 = rb_define_class_under(mDigest, "SHA1", cDigest_Base);
|
61
|
+
|
62
|
+
#undef RUBY_UNTYPED_DATA_WARNING
|
63
|
+
#define RUBY_UNTYPED_DATA_WARNING 0
|
64
|
+
rb_iv_set(cDigest_SHA1, "metadata",
|
65
|
+
Data_Wrap_Struct(0, 0, 0, (void *)&sha1));
|
66
|
+
}
|
@@ -0,0 +1,21 @@
|
|
1
|
+
# -*- coding: us-ascii -*-
|
2
|
+
# frozen_string_literal: false
|
3
|
+
# $RoughId: extconf.rb,v 1.4 2001/08/14 19:54:51 knu Exp $
|
4
|
+
# $Id$
|
5
|
+
|
6
|
+
require "mkmf"
|
7
|
+
require File.expand_path("../../digest_conf", __FILE__)
|
8
|
+
|
9
|
+
$defs << "-DHAVE_CONFIG_H"
|
10
|
+
|
11
|
+
$objs = [ "sha2init.#{$OBJEXT}" ]
|
12
|
+
|
13
|
+
unless digest_conf("sha2")
|
14
|
+
have_type("u_int8_t")
|
15
|
+
end
|
16
|
+
|
17
|
+
have_header("sys/cdefs.h")
|
18
|
+
|
19
|
+
$preload = %w[digest]
|
20
|
+
|
21
|
+
create_makefile("digest/sha2")
|
@@ -0,0 +1,142 @@
|
|
1
|
+
# frozen_string_literal: false
|
2
|
+
#--
|
3
|
+
# sha2.rb - defines Digest::SHA2 class which wraps up the SHA256,
|
4
|
+
# SHA384, and SHA512 classes.
|
5
|
+
#++
|
6
|
+
# Copyright (c) 2006 Akinori MUSHA <knu@iDaemons.org>
|
7
|
+
#
|
8
|
+
# All rights reserved. You can redistribute and/or modify it under the same
|
9
|
+
# terms as Ruby.
|
10
|
+
#
|
11
|
+
# $Id$
|
12
|
+
|
13
|
+
require 'digest'
|
14
|
+
require 'digest/sha2.so'
|
15
|
+
|
16
|
+
module Digest
|
17
|
+
#
|
18
|
+
# A meta digest provider class for SHA256, SHA384 and SHA512.
|
19
|
+
#
|
20
|
+
# FIPS 180-2 describes SHA2 family of digest algorithms. It defines
|
21
|
+
# three algorithms:
|
22
|
+
# * one which works on chunks of 512 bits and returns a 256-bit
|
23
|
+
# digest (SHA256),
|
24
|
+
# * one which works on chunks of 1024 bits and returns a 384-bit
|
25
|
+
# digest (SHA384),
|
26
|
+
# * and one which works on chunks of 1024 bits and returns a 512-bit
|
27
|
+
# digest (SHA512).
|
28
|
+
#
|
29
|
+
# ==Examples
|
30
|
+
# require 'digest'
|
31
|
+
#
|
32
|
+
# # Compute a complete digest
|
33
|
+
# Digest::SHA2.hexdigest 'abc' # => "ba7816bf8..."
|
34
|
+
# Digest::SHA2.new(256).hexdigest 'abc' # => "ba7816bf8..."
|
35
|
+
# Digest::SHA256.hexdigest 'abc' # => "ba7816bf8..."
|
36
|
+
#
|
37
|
+
# Digest::SHA2.new(384).hexdigest 'abc' # => "cb00753f4..."
|
38
|
+
# Digest::SHA384.hexdigest 'abc' # => "cb00753f4..."
|
39
|
+
#
|
40
|
+
# Digest::SHA2.new(512).hexdigest 'abc' # => "ddaf35a19..."
|
41
|
+
# Digest::SHA512.hexdigest 'abc' # => "ddaf35a19..."
|
42
|
+
#
|
43
|
+
# # Compute digest by chunks
|
44
|
+
# sha2 = Digest::SHA2.new # =>#<Digest::SHA2:256>
|
45
|
+
# sha2.update "ab"
|
46
|
+
# sha2 << "c" # alias for #update
|
47
|
+
# sha2.hexdigest # => "ba7816bf8..."
|
48
|
+
#
|
49
|
+
# # Use the same object to compute another digest
|
50
|
+
# sha2.reset
|
51
|
+
# sha2 << "message"
|
52
|
+
# sha2.hexdigest # => "ab530a13e..."
|
53
|
+
#
|
54
|
+
class SHA2 < Digest::Class
|
55
|
+
# call-seq:
|
56
|
+
# Digest::SHA2.new(bitlen = 256) -> digest_obj
|
57
|
+
#
|
58
|
+
# Create a new SHA2 hash object with a given bit length.
|
59
|
+
#
|
60
|
+
# Valid bit lengths are 256, 384 and 512.
|
61
|
+
def initialize(bitlen = 256)
|
62
|
+
case bitlen
|
63
|
+
when 256
|
64
|
+
@sha2 = Digest::SHA256.new
|
65
|
+
when 384
|
66
|
+
@sha2 = Digest::SHA384.new
|
67
|
+
when 512
|
68
|
+
@sha2 = Digest::SHA512.new
|
69
|
+
else
|
70
|
+
raise ArgumentError, "unsupported bit length: %s" % bitlen.inspect
|
71
|
+
end
|
72
|
+
@bitlen = bitlen
|
73
|
+
end
|
74
|
+
|
75
|
+
# call-seq:
|
76
|
+
# digest_obj.reset -> digest_obj
|
77
|
+
#
|
78
|
+
# Reset the digest to the initial state and return self.
|
79
|
+
def reset
|
80
|
+
@sha2.reset
|
81
|
+
self
|
82
|
+
end
|
83
|
+
|
84
|
+
# call-seq:
|
85
|
+
# digest_obj.update(string) -> digest_obj
|
86
|
+
# digest_obj << string -> digest_obj
|
87
|
+
#
|
88
|
+
# Update the digest using a given _string_ and return self.
|
89
|
+
def update(str)
|
90
|
+
@sha2.update(str)
|
91
|
+
self
|
92
|
+
end
|
93
|
+
alias << update
|
94
|
+
|
95
|
+
def finish # :nodoc:
|
96
|
+
@sha2.digest!
|
97
|
+
end
|
98
|
+
private :finish
|
99
|
+
|
100
|
+
|
101
|
+
# call-seq:
|
102
|
+
# digest_obj.block_length -> Integer
|
103
|
+
#
|
104
|
+
# Return the block length of the digest in bytes.
|
105
|
+
#
|
106
|
+
# Digest::SHA256.new.block_length * 8
|
107
|
+
# # => 512
|
108
|
+
# Digest::SHA384.new.block_length * 8
|
109
|
+
# # => 1024
|
110
|
+
# Digest::SHA512.new.block_length * 8
|
111
|
+
# # => 1024
|
112
|
+
def block_length
|
113
|
+
@sha2.block_length
|
114
|
+
end
|
115
|
+
|
116
|
+
# call-seq:
|
117
|
+
# digest_obj.digest_length -> Integer
|
118
|
+
#
|
119
|
+
# Return the length of the hash value (the digest) in bytes.
|
120
|
+
#
|
121
|
+
# Digest::SHA256.new.digest_length * 8
|
122
|
+
# # => 256
|
123
|
+
# Digest::SHA384.new.digest_length * 8
|
124
|
+
# # => 384
|
125
|
+
# Digest::SHA512.new.digest_length * 8
|
126
|
+
# # => 512
|
127
|
+
#
|
128
|
+
# For example, digests produced by Digest::SHA256 will always be 32 bytes
|
129
|
+
# (256 bits) in size.
|
130
|
+
def digest_length
|
131
|
+
@sha2.digest_length
|
132
|
+
end
|
133
|
+
|
134
|
+
def initialize_copy(other) # :nodoc:
|
135
|
+
@sha2 = other.instance_eval { @sha2.clone }
|
136
|
+
end
|
137
|
+
|
138
|
+
def inspect # :nodoc:
|
139
|
+
"#<%s:%d %s>" % [self.class.name, @bitlen, hexdigest]
|
140
|
+
end
|
141
|
+
end
|
142
|
+
end
|
@@ -0,0 +1,1081 @@
|
|
1
|
+
/*
|
2
|
+
* FILE: sha2.c
|
3
|
+
* AUTHOR: Aaron D. Gifford - http://www.aarongifford.com/
|
4
|
+
*
|
5
|
+
* Copyright (c) 2000-2001, Aaron D. Gifford
|
6
|
+
* All rights reserved.
|
7
|
+
*
|
8
|
+
* Redistribution and use in source and binary forms, with or without
|
9
|
+
* modification, are permitted provided that the following conditions
|
10
|
+
* are met:
|
11
|
+
* 1. Redistributions of source code must retain the above copyright
|
12
|
+
* notice, this list of conditions and the following disclaimer.
|
13
|
+
* 2. Redistributions in binary form must reproduce the above copyright
|
14
|
+
* notice, this list of conditions and the following disclaimer in the
|
15
|
+
* documentation and/or other materials provided with the distribution.
|
16
|
+
* 3. Neither the name of the copyright holder nor the names of contributors
|
17
|
+
* may be used to endorse or promote products derived from this software
|
18
|
+
* without specific prior written permission.
|
19
|
+
*
|
20
|
+
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTOR(S) ``AS IS'' AND
|
21
|
+
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
22
|
+
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
23
|
+
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTOR(S) BE LIABLE
|
24
|
+
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
25
|
+
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
26
|
+
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
27
|
+
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
28
|
+
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
29
|
+
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
30
|
+
* SUCH DAMAGE.
|
31
|
+
*
|
32
|
+
* $OrigId: sha2.c,v 1.1 2001/11/08 00:01:51 adg Exp adg $
|
33
|
+
* $RoughId: sha2.c,v 1.3 2002/02/26 22:03:36 knu Exp $
|
34
|
+
* $Id$
|
35
|
+
*/
|
36
|
+
|
37
|
+
#include "../defs.h"
|
38
|
+
#include <string.h> /* memcpy()/memset() or bcopy()/bzero() */
|
39
|
+
#include <assert.h> /* assert() */
|
40
|
+
#include "sha2.h"
|
41
|
+
|
42
|
+
/*
|
43
|
+
* ASSERT NOTE:
|
44
|
+
* Some sanity checking code is included using assert(). On my FreeBSD
|
45
|
+
* system, this additional code can be removed by compiling with NDEBUG
|
46
|
+
* defined. Check your own systems manpage on assert() to see how to
|
47
|
+
* compile WITHOUT the sanity checking code on your system.
|
48
|
+
*
|
49
|
+
* UNROLLED TRANSFORM LOOP NOTE:
|
50
|
+
* You can define SHA2_UNROLL_TRANSFORM to use the unrolled transform
|
51
|
+
* loop version for the hash transform rounds (defined using macros
|
52
|
+
* later in this file). Either define on the command line, for example:
|
53
|
+
*
|
54
|
+
* cc -DSHA2_UNROLL_TRANSFORM -o sha2 sha2.c sha2prog.c
|
55
|
+
*
|
56
|
+
* or define below:
|
57
|
+
*
|
58
|
+
* #define SHA2_UNROLL_TRANSFORM
|
59
|
+
*
|
60
|
+
*/
|
61
|
+
|
62
|
+
|
63
|
+
/*** SHA-256/384/512 Machine Architecture Definitions *****************/
|
64
|
+
/*
|
65
|
+
* BYTE_ORDER NOTE:
|
66
|
+
*
|
67
|
+
* Please make sure that your system defines BYTE_ORDER. If your
|
68
|
+
* architecture is little-endian, make sure it also defines
|
69
|
+
* LITTLE_ENDIAN and that the two (BYTE_ORDER and LITTLE_ENDIAN) are
|
70
|
+
* equivalent.
|
71
|
+
*
|
72
|
+
* If your system does not define the above, then you can do so by
|
73
|
+
* hand like this:
|
74
|
+
*
|
75
|
+
* #define LITTLE_ENDIAN 1234
|
76
|
+
* #define BIG_ENDIAN 4321
|
77
|
+
*
|
78
|
+
* And for little-endian machines, add:
|
79
|
+
*
|
80
|
+
* #define BYTE_ORDER LITTLE_ENDIAN
|
81
|
+
*
|
82
|
+
* Or for big-endian machines:
|
83
|
+
*
|
84
|
+
* #define BYTE_ORDER BIG_ENDIAN
|
85
|
+
*
|
86
|
+
* The FreeBSD machine this was written on defines BYTE_ORDER
|
87
|
+
* appropriately by including <sys/types.h> (which in turn includes
|
88
|
+
* <machine/endian.h> where the appropriate definitions are actually
|
89
|
+
* made).
|
90
|
+
*/
|
91
|
+
#if !defined(BYTE_ORDER) || (BYTE_ORDER != LITTLE_ENDIAN && BYTE_ORDER != BIG_ENDIAN)
|
92
|
+
#error Define BYTE_ORDER to be equal to either LITTLE_ENDIAN or BIG_ENDIAN
|
93
|
+
#endif
|
94
|
+
|
95
|
+
/*
|
96
|
+
* Define the followingsha2_* types to types of the correct length on
|
97
|
+
* the native archtecture. Most BSD systems and Linux define u_intXX_t
|
98
|
+
* types. Machines with very recent ANSI C headers, can use the
|
99
|
+
* uintXX_t definintions from inttypes.h by defining SHA2_USE_INTTYPES_H
|
100
|
+
* during compile or in the sha.h header file.
|
101
|
+
*
|
102
|
+
* Machines that support neither u_intXX_t nor inttypes.h's uintXX_t
|
103
|
+
* will need to define these three typedefs below (and the appropriate
|
104
|
+
* ones in sha.h too) by hand according to their system architecture.
|
105
|
+
*
|
106
|
+
* Thank you, Jun-ichiro itojun Hagino, for suggesting using u_intXX_t
|
107
|
+
* types and pointing out recent ANSI C support for uintXX_t in inttypes.h.
|
108
|
+
*/
|
109
|
+
#ifdef SHA2_USE_INTTYPES_H
|
110
|
+
|
111
|
+
typedef uint8_t sha2_byte; /* Exactly 1 byte */
|
112
|
+
typedef uint32_t sha2_word32; /* Exactly 4 bytes */
|
113
|
+
typedef uint64_t sha2_word64; /* Exactly 8 bytes */
|
114
|
+
|
115
|
+
#else /* SHA2_USE_INTTYPES_H */
|
116
|
+
|
117
|
+
typedef u_int8_t sha2_byte; /* Exactly 1 byte */
|
118
|
+
typedef u_int32_t sha2_word32; /* Exactly 4 bytes */
|
119
|
+
typedef u_int64_t sha2_word64; /* Exactly 8 bytes */
|
120
|
+
|
121
|
+
#endif /* SHA2_USE_INTTYPES_H */
|
122
|
+
|
123
|
+
|
124
|
+
/*** SHA-256/384/512 Various Length Definitions ***********************/
|
125
|
+
/* NOTE: Most of these are in sha2.h */
|
126
|
+
#define SHA256_SHORT_BLOCK_LENGTH (SHA256_BLOCK_LENGTH - 8)
|
127
|
+
#define SHA384_SHORT_BLOCK_LENGTH (SHA384_BLOCK_LENGTH - 16)
|
128
|
+
#define SHA512_SHORT_BLOCK_LENGTH (SHA512_BLOCK_LENGTH - 16)
|
129
|
+
|
130
|
+
|
131
|
+
#if (defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L)) || defined(__GNUC__) || defined(_HPUX_SOURCE) || defined(__IBMC__)
|
132
|
+
#define ULL(number) number##ULL
|
133
|
+
#else
|
134
|
+
#define ULL(number) (uint64_t)(number)
|
135
|
+
#endif
|
136
|
+
/*** ENDIAN REVERSAL MACROS *******************************************/
|
137
|
+
#if BYTE_ORDER == LITTLE_ENDIAN
|
138
|
+
#define REVERSE32(w,x) { \
|
139
|
+
sha2_word32 tmp = (w); \
|
140
|
+
tmp = (tmp >> 16) | (tmp << 16); \
|
141
|
+
(x) = ((tmp & (sha2_word32)0xff00ff00UL) >> 8) | ((tmp & (sha2_word32)0x00ff00ffUL) << 8); \
|
142
|
+
}
|
143
|
+
#define REVERSE64(w,x) { \
|
144
|
+
sha2_word64 tmp = (w); \
|
145
|
+
tmp = (tmp >> 32) | (tmp << 32); \
|
146
|
+
tmp = ((tmp & ULL(0xff00ff00ff00ff00)) >> 8) | \
|
147
|
+
((tmp & ULL(0x00ff00ff00ff00ff)) << 8); \
|
148
|
+
(x) = ((tmp & ULL(0xffff0000ffff0000)) >> 16) | \
|
149
|
+
((tmp & ULL(0x0000ffff0000ffff)) << 16); \
|
150
|
+
}
|
151
|
+
#endif /* BYTE_ORDER == LITTLE_ENDIAN */
|
152
|
+
|
153
|
+
/*
|
154
|
+
* Macro for incrementally adding the unsigned 64-bit integer n to the
|
155
|
+
* unsigned 128-bit integer (represented using a two-element array of
|
156
|
+
* 64-bit words):
|
157
|
+
*/
|
158
|
+
#define ADDINC128(w,n) { \
|
159
|
+
(w)[0] += (sha2_word64)(n); \
|
160
|
+
if ((w)[0] < (n)) { \
|
161
|
+
(w)[1]++; \
|
162
|
+
} \
|
163
|
+
}
|
164
|
+
|
165
|
+
/*
|
166
|
+
* Macros for copying blocks of memory and for zeroing out ranges
|
167
|
+
* of memory. Using these macros makes it easy to switch from
|
168
|
+
* using memset()/memcpy() and using bzero()/bcopy().
|
169
|
+
*
|
170
|
+
* Please define either SHA2_USE_MEMSET_MEMCPY or define
|
171
|
+
* SHA2_USE_BZERO_BCOPY depending on which function set you
|
172
|
+
* choose to use:
|
173
|
+
*/
|
174
|
+
#if !defined(SHA2_USE_MEMSET_MEMCPY) && !defined(SHA2_USE_BZERO_BCOPY)
|
175
|
+
/* Default to memset()/memcpy() if no option is specified */
|
176
|
+
#define SHA2_USE_MEMSET_MEMCPY 1
|
177
|
+
#endif
|
178
|
+
#if defined(SHA2_USE_MEMSET_MEMCPY) && defined(SHA2_USE_BZERO_BCOPY)
|
179
|
+
/* Abort with an error if BOTH options are defined */
|
180
|
+
#error Define either SHA2_USE_MEMSET_MEMCPY or SHA2_USE_BZERO_BCOPY, not both!
|
181
|
+
#endif
|
182
|
+
|
183
|
+
#ifdef SHA2_USE_MEMSET_MEMCPY
|
184
|
+
#define MEMSET_BZERO(p,l) memset((p), 0, (l))
|
185
|
+
#define MEMCPY_BCOPY(d,s,l) memcpy((d), (s), (l))
|
186
|
+
#endif
|
187
|
+
#ifdef SHA2_USE_BZERO_BCOPY
|
188
|
+
#define MEMSET_BZERO(p,l) bzero((p), (l))
|
189
|
+
#define MEMCPY_BCOPY(d,s,l) bcopy((s), (d), (l))
|
190
|
+
#endif
|
191
|
+
|
192
|
+
|
193
|
+
/*** THE SIX LOGICAL FUNCTIONS ****************************************/
|
194
|
+
/*
|
195
|
+
* Bit shifting and rotation (used by the six SHA-XYZ logical functions:
|
196
|
+
*
|
197
|
+
* NOTE: The naming of R and S appears backwards here (R is a SHIFT and
|
198
|
+
* S is a ROTATION) because the SHA-256/384/512 description document
|
199
|
+
* (see http://csrc.nist.gov/cryptval/shs/sha256-384-512.pdf) uses this
|
200
|
+
* same "backwards" definition.
|
201
|
+
*/
|
202
|
+
/* Shift-right (used in SHA-256, SHA-384, and SHA-512): */
|
203
|
+
#define R(b,x) ((x) >> (b))
|
204
|
+
/* 32-bit Rotate-right (used in SHA-256): */
|
205
|
+
#define S32(b,x) (((x) >> (b)) | ((x) << (32 - (b))))
|
206
|
+
/* 64-bit Rotate-right (used in SHA-384 and SHA-512): */
|
207
|
+
#define S64(b,x) (((x) >> (b)) | ((x) << (64 - (b))))
|
208
|
+
|
209
|
+
/* Two of six logical functions used in SHA-256, SHA-384, and SHA-512: */
|
210
|
+
#define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z)))
|
211
|
+
#define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
|
212
|
+
|
213
|
+
/* Four of six logical functions used in SHA-256: */
|
214
|
+
#define Sigma0_256(x) (S32(2, (x)) ^ S32(13, (x)) ^ S32(22, (x)))
|
215
|
+
#define Sigma1_256(x) (S32(6, (x)) ^ S32(11, (x)) ^ S32(25, (x)))
|
216
|
+
#define sigma0_256(x) (S32(7, (x)) ^ S32(18, (x)) ^ R(3 , (x)))
|
217
|
+
#define sigma1_256(x) (S32(17, (x)) ^ S32(19, (x)) ^ R(10, (x)))
|
218
|
+
|
219
|
+
/* Four of six logical functions used in SHA-384 and SHA-512: */
|
220
|
+
#define Sigma0_512(x) (S64(28, (x)) ^ S64(34, (x)) ^ S64(39, (x)))
|
221
|
+
#define Sigma1_512(x) (S64(14, (x)) ^ S64(18, (x)) ^ S64(41, (x)))
|
222
|
+
#define sigma0_512(x) (S64( 1, (x)) ^ S64( 8, (x)) ^ R( 7, (x)))
|
223
|
+
#define sigma1_512(x) (S64(19, (x)) ^ S64(61, (x)) ^ R( 6, (x)))
|
224
|
+
|
225
|
+
/*** INTERNAL FUNCTION PROTOTYPES *************************************/
|
226
|
+
/* NOTE: These should not be accessed directly from outside this
|
227
|
+
* library -- they are intended for private internal visibility/use
|
228
|
+
* only.
|
229
|
+
*/
|
230
|
+
void SHA512_Last(SHA512_CTX*);
|
231
|
+
void SHA256_Transform(SHA256_CTX*, const sha2_word32*);
|
232
|
+
void SHA512_Transform(SHA512_CTX*, const sha2_word64*);
|
233
|
+
|
234
|
+
|
235
|
+
/*** SHA-XYZ INITIAL HASH VALUES AND CONSTANTS ************************/
|
236
|
+
/* Hash constant words K for SHA-256: */
|
237
|
+
static const sha2_word32 K256[64] = {
|
238
|
+
0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL,
|
239
|
+
0x3956c25bUL, 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL,
|
240
|
+
0xd807aa98UL, 0x12835b01UL, 0x243185beUL, 0x550c7dc3UL,
|
241
|
+
0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL, 0xc19bf174UL,
|
242
|
+
0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL,
|
243
|
+
0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL,
|
244
|
+
0x983e5152UL, 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL,
|
245
|
+
0xc6e00bf3UL, 0xd5a79147UL, 0x06ca6351UL, 0x14292967UL,
|
246
|
+
0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL, 0x53380d13UL,
|
247
|
+
0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL,
|
248
|
+
0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL,
|
249
|
+
0xd192e819UL, 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL,
|
250
|
+
0x19a4c116UL, 0x1e376c08UL, 0x2748774cUL, 0x34b0bcb5UL,
|
251
|
+
0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL, 0x682e6ff3UL,
|
252
|
+
0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL,
|
253
|
+
0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL
|
254
|
+
};
|
255
|
+
|
256
|
+
/* Initial hash value H for SHA-256: */
|
257
|
+
static const sha2_word32 sha256_initial_hash_value[8] = {
|
258
|
+
0x6a09e667UL,
|
259
|
+
0xbb67ae85UL,
|
260
|
+
0x3c6ef372UL,
|
261
|
+
0xa54ff53aUL,
|
262
|
+
0x510e527fUL,
|
263
|
+
0x9b05688cUL,
|
264
|
+
0x1f83d9abUL,
|
265
|
+
0x5be0cd19UL
|
266
|
+
};
|
267
|
+
|
268
|
+
/* Hash constant words K for SHA-384 and SHA-512: */
|
269
|
+
static const sha2_word64 K512[80] = {
|
270
|
+
ULL(0x428a2f98d728ae22), ULL(0x7137449123ef65cd),
|
271
|
+
ULL(0xb5c0fbcfec4d3b2f), ULL(0xe9b5dba58189dbbc),
|
272
|
+
ULL(0x3956c25bf348b538), ULL(0x59f111f1b605d019),
|
273
|
+
ULL(0x923f82a4af194f9b), ULL(0xab1c5ed5da6d8118),
|
274
|
+
ULL(0xd807aa98a3030242), ULL(0x12835b0145706fbe),
|
275
|
+
ULL(0x243185be4ee4b28c), ULL(0x550c7dc3d5ffb4e2),
|
276
|
+
ULL(0x72be5d74f27b896f), ULL(0x80deb1fe3b1696b1),
|
277
|
+
ULL(0x9bdc06a725c71235), ULL(0xc19bf174cf692694),
|
278
|
+
ULL(0xe49b69c19ef14ad2), ULL(0xefbe4786384f25e3),
|
279
|
+
ULL(0x0fc19dc68b8cd5b5), ULL(0x240ca1cc77ac9c65),
|
280
|
+
ULL(0x2de92c6f592b0275), ULL(0x4a7484aa6ea6e483),
|
281
|
+
ULL(0x5cb0a9dcbd41fbd4), ULL(0x76f988da831153b5),
|
282
|
+
ULL(0x983e5152ee66dfab), ULL(0xa831c66d2db43210),
|
283
|
+
ULL(0xb00327c898fb213f), ULL(0xbf597fc7beef0ee4),
|
284
|
+
ULL(0xc6e00bf33da88fc2), ULL(0xd5a79147930aa725),
|
285
|
+
ULL(0x06ca6351e003826f), ULL(0x142929670a0e6e70),
|
286
|
+
ULL(0x27b70a8546d22ffc), ULL(0x2e1b21385c26c926),
|
287
|
+
ULL(0x4d2c6dfc5ac42aed), ULL(0x53380d139d95b3df),
|
288
|
+
ULL(0x650a73548baf63de), ULL(0x766a0abb3c77b2a8),
|
289
|
+
ULL(0x81c2c92e47edaee6), ULL(0x92722c851482353b),
|
290
|
+
ULL(0xa2bfe8a14cf10364), ULL(0xa81a664bbc423001),
|
291
|
+
ULL(0xc24b8b70d0f89791), ULL(0xc76c51a30654be30),
|
292
|
+
ULL(0xd192e819d6ef5218), ULL(0xd69906245565a910),
|
293
|
+
ULL(0xf40e35855771202a), ULL(0x106aa07032bbd1b8),
|
294
|
+
ULL(0x19a4c116b8d2d0c8), ULL(0x1e376c085141ab53),
|
295
|
+
ULL(0x2748774cdf8eeb99), ULL(0x34b0bcb5e19b48a8),
|
296
|
+
ULL(0x391c0cb3c5c95a63), ULL(0x4ed8aa4ae3418acb),
|
297
|
+
ULL(0x5b9cca4f7763e373), ULL(0x682e6ff3d6b2b8a3),
|
298
|
+
ULL(0x748f82ee5defb2fc), ULL(0x78a5636f43172f60),
|
299
|
+
ULL(0x84c87814a1f0ab72), ULL(0x8cc702081a6439ec),
|
300
|
+
ULL(0x90befffa23631e28), ULL(0xa4506cebde82bde9),
|
301
|
+
ULL(0xbef9a3f7b2c67915), ULL(0xc67178f2e372532b),
|
302
|
+
ULL(0xca273eceea26619c), ULL(0xd186b8c721c0c207),
|
303
|
+
ULL(0xeada7dd6cde0eb1e), ULL(0xf57d4f7fee6ed178),
|
304
|
+
ULL(0x06f067aa72176fba), ULL(0x0a637dc5a2c898a6),
|
305
|
+
ULL(0x113f9804bef90dae), ULL(0x1b710b35131c471b),
|
306
|
+
ULL(0x28db77f523047d84), ULL(0x32caab7b40c72493),
|
307
|
+
ULL(0x3c9ebe0a15c9bebc), ULL(0x431d67c49c100d4c),
|
308
|
+
ULL(0x4cc5d4becb3e42b6), ULL(0x597f299cfc657e2a),
|
309
|
+
ULL(0x5fcb6fab3ad6faec), ULL(0x6c44198c4a475817)
|
310
|
+
};
|
311
|
+
|
312
|
+
/* Initial hash value H for SHA-384 */
|
313
|
+
static const sha2_word64 sha384_initial_hash_value[8] = {
|
314
|
+
ULL(0xcbbb9d5dc1059ed8),
|
315
|
+
ULL(0x629a292a367cd507),
|
316
|
+
ULL(0x9159015a3070dd17),
|
317
|
+
ULL(0x152fecd8f70e5939),
|
318
|
+
ULL(0x67332667ffc00b31),
|
319
|
+
ULL(0x8eb44a8768581511),
|
320
|
+
ULL(0xdb0c2e0d64f98fa7),
|
321
|
+
ULL(0x47b5481dbefa4fa4)
|
322
|
+
};
|
323
|
+
|
324
|
+
/* Initial hash value H for SHA-512 */
|
325
|
+
static const sha2_word64 sha512_initial_hash_value[8] = {
|
326
|
+
ULL(0x6a09e667f3bcc908),
|
327
|
+
ULL(0xbb67ae8584caa73b),
|
328
|
+
ULL(0x3c6ef372fe94f82b),
|
329
|
+
ULL(0xa54ff53a5f1d36f1),
|
330
|
+
ULL(0x510e527fade682d1),
|
331
|
+
ULL(0x9b05688c2b3e6c1f),
|
332
|
+
ULL(0x1f83d9abfb41bd6b),
|
333
|
+
ULL(0x5be0cd19137e2179)
|
334
|
+
};
|
335
|
+
|
336
|
+
/*
|
337
|
+
* Constant used by SHA256/384/512_End() functions for converting the
|
338
|
+
* digest to a readable hexadecimal character string:
|
339
|
+
*/
|
340
|
+
static const char *sha2_hex_digits = "0123456789abcdef";
|
341
|
+
|
342
|
+
|
343
|
+
/*** SHA-256: *********************************************************/
|
344
|
+
int SHA256_Init(SHA256_CTX* context) {
|
345
|
+
if (context == (SHA256_CTX*)0) {
|
346
|
+
return 0;
|
347
|
+
}
|
348
|
+
MEMCPY_BCOPY(context->state, sha256_initial_hash_value, SHA256_DIGEST_LENGTH);
|
349
|
+
MEMSET_BZERO(context->buffer, SHA256_BLOCK_LENGTH);
|
350
|
+
context->bitcount = 0;
|
351
|
+
return 1;
|
352
|
+
}
|
353
|
+
|
354
|
+
#ifdef SHA2_UNROLL_TRANSFORM
|
355
|
+
|
356
|
+
/* Unrolled SHA-256 round macros: */
|
357
|
+
|
358
|
+
#if BYTE_ORDER == LITTLE_ENDIAN
|
359
|
+
|
360
|
+
#define ROUND256_0_TO_15(a,b,c,d,e,f,g,h) \
|
361
|
+
REVERSE32(*data++, W256[j]); \
|
362
|
+
T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + \
|
363
|
+
K256[j] + W256[j]; \
|
364
|
+
(d) += T1; \
|
365
|
+
(h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \
|
366
|
+
j++
|
367
|
+
|
368
|
+
|
369
|
+
#else /* BYTE_ORDER == LITTLE_ENDIAN */
|
370
|
+
|
371
|
+
#define ROUND256_0_TO_15(a,b,c,d,e,f,g,h) \
|
372
|
+
T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + \
|
373
|
+
K256[j] + (W256[j] = *data++); \
|
374
|
+
(d) += T1; \
|
375
|
+
(h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \
|
376
|
+
j++
|
377
|
+
|
378
|
+
#endif /* BYTE_ORDER == LITTLE_ENDIAN */
|
379
|
+
|
380
|
+
#define ROUND256(a,b,c,d,e,f,g,h) \
|
381
|
+
s0 = W256[(j+1)&0x0f]; \
|
382
|
+
s0 = sigma0_256(s0); \
|
383
|
+
s1 = W256[(j+14)&0x0f]; \
|
384
|
+
s1 = sigma1_256(s1); \
|
385
|
+
T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + K256[j] + \
|
386
|
+
(W256[j&0x0f] += s1 + W256[(j+9)&0x0f] + s0); \
|
387
|
+
(d) += T1; \
|
388
|
+
(h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \
|
389
|
+
j++
|
390
|
+
|
391
|
+
void SHA256_Transform(SHA256_CTX* context, const sha2_word32* data) {
|
392
|
+
sha2_word32 a, b, c, d, e, f, g, h, s0, s1;
|
393
|
+
sha2_word32 T1, *W256;
|
394
|
+
int j;
|
395
|
+
|
396
|
+
W256 = (sha2_word32*)context->buffer;
|
397
|
+
|
398
|
+
/* Initialize registers with the prev. intermediate value */
|
399
|
+
a = context->state[0];
|
400
|
+
b = context->state[1];
|
401
|
+
c = context->state[2];
|
402
|
+
d = context->state[3];
|
403
|
+
e = context->state[4];
|
404
|
+
f = context->state[5];
|
405
|
+
g = context->state[6];
|
406
|
+
h = context->state[7];
|
407
|
+
|
408
|
+
j = 0;
|
409
|
+
do {
|
410
|
+
/* Rounds 0 to 15 (unrolled): */
|
411
|
+
ROUND256_0_TO_15(a,b,c,d,e,f,g,h);
|
412
|
+
ROUND256_0_TO_15(h,a,b,c,d,e,f,g);
|
413
|
+
ROUND256_0_TO_15(g,h,a,b,c,d,e,f);
|
414
|
+
ROUND256_0_TO_15(f,g,h,a,b,c,d,e);
|
415
|
+
ROUND256_0_TO_15(e,f,g,h,a,b,c,d);
|
416
|
+
ROUND256_0_TO_15(d,e,f,g,h,a,b,c);
|
417
|
+
ROUND256_0_TO_15(c,d,e,f,g,h,a,b);
|
418
|
+
ROUND256_0_TO_15(b,c,d,e,f,g,h,a);
|
419
|
+
} while (j < 16);
|
420
|
+
|
421
|
+
/* Now for the remaining rounds to 64: */
|
422
|
+
do {
|
423
|
+
ROUND256(a,b,c,d,e,f,g,h);
|
424
|
+
ROUND256(h,a,b,c,d,e,f,g);
|
425
|
+
ROUND256(g,h,a,b,c,d,e,f);
|
426
|
+
ROUND256(f,g,h,a,b,c,d,e);
|
427
|
+
ROUND256(e,f,g,h,a,b,c,d);
|
428
|
+
ROUND256(d,e,f,g,h,a,b,c);
|
429
|
+
ROUND256(c,d,e,f,g,h,a,b);
|
430
|
+
ROUND256(b,c,d,e,f,g,h,a);
|
431
|
+
} while (j < 64);
|
432
|
+
|
433
|
+
/* Compute the current intermediate hash value */
|
434
|
+
context->state[0] += a;
|
435
|
+
context->state[1] += b;
|
436
|
+
context->state[2] += c;
|
437
|
+
context->state[3] += d;
|
438
|
+
context->state[4] += e;
|
439
|
+
context->state[5] += f;
|
440
|
+
context->state[6] += g;
|
441
|
+
context->state[7] += h;
|
442
|
+
|
443
|
+
/* Clean up */
|
444
|
+
a = b = c = d = e = f = g = h = T1 = 0;
|
445
|
+
}
|
446
|
+
|
447
|
+
#else /* SHA2_UNROLL_TRANSFORM */
|
448
|
+
|
449
|
+
void SHA256_Transform(SHA256_CTX* context, const sha2_word32* data) {
|
450
|
+
sha2_word32 a, b, c, d, e, f, g, h, s0, s1;
|
451
|
+
sha2_word32 T1, T2, *W256;
|
452
|
+
int j;
|
453
|
+
|
454
|
+
W256 = (sha2_word32*)context->buffer;
|
455
|
+
|
456
|
+
/* Initialize registers with the prev. intermediate value */
|
457
|
+
a = context->state[0];
|
458
|
+
b = context->state[1];
|
459
|
+
c = context->state[2];
|
460
|
+
d = context->state[3];
|
461
|
+
e = context->state[4];
|
462
|
+
f = context->state[5];
|
463
|
+
g = context->state[6];
|
464
|
+
h = context->state[7];
|
465
|
+
|
466
|
+
j = 0;
|
467
|
+
do {
|
468
|
+
#if BYTE_ORDER == LITTLE_ENDIAN
|
469
|
+
/* Copy data while converting to host byte order */
|
470
|
+
REVERSE32(*data++,W256[j]);
|
471
|
+
/* Apply the SHA-256 compression function to update a..h */
|
472
|
+
T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + W256[j];
|
473
|
+
#else /* BYTE_ORDER == LITTLE_ENDIAN */
|
474
|
+
/* Apply the SHA-256 compression function to update a..h with copy */
|
475
|
+
T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + (W256[j] = *data++);
|
476
|
+
#endif /* BYTE_ORDER == LITTLE_ENDIAN */
|
477
|
+
T2 = Sigma0_256(a) + Maj(a, b, c);
|
478
|
+
h = g;
|
479
|
+
g = f;
|
480
|
+
f = e;
|
481
|
+
e = d + T1;
|
482
|
+
d = c;
|
483
|
+
c = b;
|
484
|
+
b = a;
|
485
|
+
a = T1 + T2;
|
486
|
+
|
487
|
+
j++;
|
488
|
+
} while (j < 16);
|
489
|
+
|
490
|
+
do {
|
491
|
+
/* Part of the message block expansion: */
|
492
|
+
s0 = W256[(j+1)&0x0f];
|
493
|
+
s0 = sigma0_256(s0);
|
494
|
+
s1 = W256[(j+14)&0x0f];
|
495
|
+
s1 = sigma1_256(s1);
|
496
|
+
|
497
|
+
/* Apply the SHA-256 compression function to update a..h */
|
498
|
+
T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] +
|
499
|
+
(W256[j&0x0f] += s1 + W256[(j+9)&0x0f] + s0);
|
500
|
+
T2 = Sigma0_256(a) + Maj(a, b, c);
|
501
|
+
h = g;
|
502
|
+
g = f;
|
503
|
+
f = e;
|
504
|
+
e = d + T1;
|
505
|
+
d = c;
|
506
|
+
c = b;
|
507
|
+
b = a;
|
508
|
+
a = T1 + T2;
|
509
|
+
|
510
|
+
j++;
|
511
|
+
} while (j < 64);
|
512
|
+
|
513
|
+
/* Compute the current intermediate hash value */
|
514
|
+
context->state[0] += a;
|
515
|
+
context->state[1] += b;
|
516
|
+
context->state[2] += c;
|
517
|
+
context->state[3] += d;
|
518
|
+
context->state[4] += e;
|
519
|
+
context->state[5] += f;
|
520
|
+
context->state[6] += g;
|
521
|
+
context->state[7] += h;
|
522
|
+
|
523
|
+
/* Clean up */
|
524
|
+
a = b = c = d = e = f = g = h = T1 = T2 = 0;
|
525
|
+
}
|
526
|
+
|
527
|
+
#endif /* SHA2_UNROLL_TRANSFORM */
|
528
|
+
|
529
|
+
void SHA256_Update(SHA256_CTX* context, const sha2_byte *data, size_t len) {
|
530
|
+
unsigned int freespace, usedspace;
|
531
|
+
|
532
|
+
if (len == 0) {
|
533
|
+
/* Calling with no data is valid - we do nothing */
|
534
|
+
return;
|
535
|
+
}
|
536
|
+
|
537
|
+
/* Sanity check: */
|
538
|
+
assert(context != (SHA256_CTX*)0 && data != (sha2_byte*)0);
|
539
|
+
|
540
|
+
usedspace = (unsigned int)((context->bitcount >> 3) % SHA256_BLOCK_LENGTH);
|
541
|
+
if (usedspace > 0) {
|
542
|
+
/* Calculate how much free space is available in the buffer */
|
543
|
+
freespace = SHA256_BLOCK_LENGTH - usedspace;
|
544
|
+
|
545
|
+
if (len >= freespace) {
|
546
|
+
/* Fill the buffer completely and process it */
|
547
|
+
MEMCPY_BCOPY(&context->buffer[usedspace], data, freespace);
|
548
|
+
context->bitcount += freespace << 3;
|
549
|
+
len -= freespace;
|
550
|
+
data += freespace;
|
551
|
+
SHA256_Transform(context, (sha2_word32*)context->buffer);
|
552
|
+
} else {
|
553
|
+
/* The buffer is not yet full */
|
554
|
+
MEMCPY_BCOPY(&context->buffer[usedspace], data, len);
|
555
|
+
context->bitcount += len << 3;
|
556
|
+
/* Clean up: */
|
557
|
+
usedspace = freespace = 0;
|
558
|
+
return;
|
559
|
+
}
|
560
|
+
}
|
561
|
+
while (len >= SHA256_BLOCK_LENGTH) {
|
562
|
+
/* Process as many complete blocks as we can */
|
563
|
+
MEMCPY_BCOPY(context->buffer, data, SHA256_BLOCK_LENGTH);
|
564
|
+
SHA256_Transform(context, (sha2_word32*)context->buffer);
|
565
|
+
context->bitcount += SHA256_BLOCK_LENGTH << 3;
|
566
|
+
len -= SHA256_BLOCK_LENGTH;
|
567
|
+
data += SHA256_BLOCK_LENGTH;
|
568
|
+
}
|
569
|
+
if (len > 0) {
|
570
|
+
/* There's left-overs, so save 'em */
|
571
|
+
MEMCPY_BCOPY(context->buffer, data, len);
|
572
|
+
context->bitcount += len << 3;
|
573
|
+
}
|
574
|
+
/* Clean up: */
|
575
|
+
usedspace = freespace = 0;
|
576
|
+
}
|
577
|
+
|
578
|
+
int SHA256_Final(sha2_byte digest[], SHA256_CTX* context) {
|
579
|
+
sha2_word32 *d = (sha2_word32*)digest;
|
580
|
+
unsigned int usedspace;
|
581
|
+
|
582
|
+
/* Sanity check: */
|
583
|
+
assert(context != (SHA256_CTX*)0);
|
584
|
+
|
585
|
+
/* If no digest buffer is passed, we don't bother doing this: */
|
586
|
+
if (digest != (sha2_byte*)0) {
|
587
|
+
usedspace = (unsigned int)((context->bitcount >> 3) % SHA256_BLOCK_LENGTH);
|
588
|
+
#if BYTE_ORDER == LITTLE_ENDIAN
|
589
|
+
/* Convert FROM host byte order */
|
590
|
+
REVERSE64(context->bitcount,context->bitcount);
|
591
|
+
#endif
|
592
|
+
if (usedspace > 0) {
|
593
|
+
/* Begin padding with a 1 bit: */
|
594
|
+
context->buffer[usedspace++] = 0x80;
|
595
|
+
|
596
|
+
if (usedspace <= SHA256_SHORT_BLOCK_LENGTH) {
|
597
|
+
/* Set-up for the last transform: */
|
598
|
+
MEMSET_BZERO(&context->buffer[usedspace], SHA256_SHORT_BLOCK_LENGTH - usedspace);
|
599
|
+
} else {
|
600
|
+
if (usedspace < SHA256_BLOCK_LENGTH) {
|
601
|
+
MEMSET_BZERO(&context->buffer[usedspace], SHA256_BLOCK_LENGTH - usedspace);
|
602
|
+
}
|
603
|
+
/* Do second-to-last transform: */
|
604
|
+
SHA256_Transform(context, (sha2_word32*)context->buffer);
|
605
|
+
|
606
|
+
/* And set-up for the last transform: */
|
607
|
+
MEMSET_BZERO(context->buffer, SHA256_SHORT_BLOCK_LENGTH);
|
608
|
+
}
|
609
|
+
} else {
|
610
|
+
/* Set-up for the last transform: */
|
611
|
+
MEMSET_BZERO(context->buffer, SHA256_SHORT_BLOCK_LENGTH);
|
612
|
+
|
613
|
+
/* Begin padding with a 1 bit: */
|
614
|
+
*context->buffer = 0x80;
|
615
|
+
}
|
616
|
+
/* Set the bit count: */
|
617
|
+
MEMCPY_BCOPY(&context->buffer[SHA256_SHORT_BLOCK_LENGTH], &context->bitcount,
|
618
|
+
sizeof(sha2_word64));
|
619
|
+
|
620
|
+
/* Final transform: */
|
621
|
+
SHA256_Transform(context, (sha2_word32*)context->buffer);
|
622
|
+
|
623
|
+
#if BYTE_ORDER == LITTLE_ENDIAN
|
624
|
+
{
|
625
|
+
/* Convert TO host byte order */
|
626
|
+
int j;
|
627
|
+
for (j = 0; j < 8; j++) {
|
628
|
+
REVERSE32(context->state[j],context->state[j]);
|
629
|
+
*d++ = context->state[j];
|
630
|
+
}
|
631
|
+
}
|
632
|
+
#else
|
633
|
+
MEMCPY_BCOPY(d, context->state, SHA256_DIGEST_LENGTH);
|
634
|
+
#endif
|
635
|
+
}
|
636
|
+
|
637
|
+
/* Clean up state data: */
|
638
|
+
MEMSET_BZERO(context, sizeof(*context));
|
639
|
+
usedspace = 0;
|
640
|
+
return 1;
|
641
|
+
}
|
642
|
+
|
643
|
+
char *SHA256_End(SHA256_CTX* context, char buffer[]) {
|
644
|
+
sha2_byte digest[SHA256_DIGEST_LENGTH], *d = digest;
|
645
|
+
int i;
|
646
|
+
|
647
|
+
/* Sanity check: */
|
648
|
+
assert(context != (SHA256_CTX*)0);
|
649
|
+
|
650
|
+
if (buffer != (char*)0) {
|
651
|
+
SHA256_Final(digest, context);
|
652
|
+
for (i = 0; i < SHA256_DIGEST_LENGTH; i++) {
|
653
|
+
*buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4];
|
654
|
+
*buffer++ = sha2_hex_digits[*d & 0x0f];
|
655
|
+
d++;
|
656
|
+
}
|
657
|
+
*buffer = (char)0;
|
658
|
+
} else {
|
659
|
+
MEMSET_BZERO(context, sizeof(*context));
|
660
|
+
}
|
661
|
+
MEMSET_BZERO(digest, SHA256_DIGEST_LENGTH);
|
662
|
+
return buffer;
|
663
|
+
}
|
664
|
+
|
665
|
+
char* SHA256_Data(const sha2_byte* data, size_t len, char digest[SHA256_DIGEST_STRING_LENGTH]) {
|
666
|
+
SHA256_CTX context;
|
667
|
+
|
668
|
+
SHA256_Init(&context);
|
669
|
+
SHA256_Update(&context, data, len);
|
670
|
+
return SHA256_End(&context, digest);
|
671
|
+
}
|
672
|
+
|
673
|
+
|
674
|
+
/*** SHA-512: *********************************************************/
|
675
|
+
int SHA512_Init(SHA512_CTX* context) {
|
676
|
+
if (context == (SHA512_CTX*)0) {
|
677
|
+
return 0;
|
678
|
+
}
|
679
|
+
MEMCPY_BCOPY(context->state, sha512_initial_hash_value, SHA512_DIGEST_LENGTH);
|
680
|
+
MEMSET_BZERO(context->buffer, SHA512_BLOCK_LENGTH);
|
681
|
+
context->bitcount[0] = context->bitcount[1] = 0;
|
682
|
+
return 1;
|
683
|
+
}
|
684
|
+
|
685
|
+
#ifdef SHA2_UNROLL_TRANSFORM
|
686
|
+
|
687
|
+
/* Unrolled SHA-512 round macros: */
|
688
|
+
#if BYTE_ORDER == LITTLE_ENDIAN
|
689
|
+
|
690
|
+
#define ROUND512_0_TO_15(a,b,c,d,e,f,g,h) \
|
691
|
+
REVERSE64(*data++, W512[j]); \
|
692
|
+
T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + \
|
693
|
+
K512[j] + W512[j]; \
|
694
|
+
(d) += T1, \
|
695
|
+
(h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)), \
|
696
|
+
j++
|
697
|
+
|
698
|
+
|
699
|
+
#else /* BYTE_ORDER == LITTLE_ENDIAN */
|
700
|
+
|
701
|
+
#define ROUND512_0_TO_15(a,b,c,d,e,f,g,h) \
|
702
|
+
T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + \
|
703
|
+
K512[j] + (W512[j] = *data++); \
|
704
|
+
(d) += T1; \
|
705
|
+
(h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)); \
|
706
|
+
j++
|
707
|
+
|
708
|
+
#endif /* BYTE_ORDER == LITTLE_ENDIAN */
|
709
|
+
|
710
|
+
#define ROUND512(a,b,c,d,e,f,g,h) \
|
711
|
+
s0 = W512[(j+1)&0x0f]; \
|
712
|
+
s0 = sigma0_512(s0); \
|
713
|
+
s1 = W512[(j+14)&0x0f]; \
|
714
|
+
s1 = sigma1_512(s1); \
|
715
|
+
T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + K512[j] + \
|
716
|
+
(W512[j&0x0f] += s1 + W512[(j+9)&0x0f] + s0); \
|
717
|
+
(d) += T1; \
|
718
|
+
(h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)); \
|
719
|
+
j++
|
720
|
+
|
721
|
+
void SHA512_Transform(SHA512_CTX* context, const sha2_word64* data) {
|
722
|
+
sha2_word64 a, b, c, d, e, f, g, h, s0, s1;
|
723
|
+
sha2_word64 T1, *W512 = (sha2_word64*)context->buffer;
|
724
|
+
int j;
|
725
|
+
|
726
|
+
/* Initialize registers with the prev. intermediate value */
|
727
|
+
a = context->state[0];
|
728
|
+
b = context->state[1];
|
729
|
+
c = context->state[2];
|
730
|
+
d = context->state[3];
|
731
|
+
e = context->state[4];
|
732
|
+
f = context->state[5];
|
733
|
+
g = context->state[6];
|
734
|
+
h = context->state[7];
|
735
|
+
|
736
|
+
j = 0;
|
737
|
+
do {
|
738
|
+
ROUND512_0_TO_15(a,b,c,d,e,f,g,h);
|
739
|
+
ROUND512_0_TO_15(h,a,b,c,d,e,f,g);
|
740
|
+
ROUND512_0_TO_15(g,h,a,b,c,d,e,f);
|
741
|
+
ROUND512_0_TO_15(f,g,h,a,b,c,d,e);
|
742
|
+
ROUND512_0_TO_15(e,f,g,h,a,b,c,d);
|
743
|
+
ROUND512_0_TO_15(d,e,f,g,h,a,b,c);
|
744
|
+
ROUND512_0_TO_15(c,d,e,f,g,h,a,b);
|
745
|
+
ROUND512_0_TO_15(b,c,d,e,f,g,h,a);
|
746
|
+
} while (j < 16);
|
747
|
+
|
748
|
+
/* Now for the remaining rounds up to 79: */
|
749
|
+
do {
|
750
|
+
ROUND512(a,b,c,d,e,f,g,h);
|
751
|
+
ROUND512(h,a,b,c,d,e,f,g);
|
752
|
+
ROUND512(g,h,a,b,c,d,e,f);
|
753
|
+
ROUND512(f,g,h,a,b,c,d,e);
|
754
|
+
ROUND512(e,f,g,h,a,b,c,d);
|
755
|
+
ROUND512(d,e,f,g,h,a,b,c);
|
756
|
+
ROUND512(c,d,e,f,g,h,a,b);
|
757
|
+
ROUND512(b,c,d,e,f,g,h,a);
|
758
|
+
} while (j < 80);
|
759
|
+
|
760
|
+
/* Compute the current intermediate hash value */
|
761
|
+
context->state[0] += a;
|
762
|
+
context->state[1] += b;
|
763
|
+
context->state[2] += c;
|
764
|
+
context->state[3] += d;
|
765
|
+
context->state[4] += e;
|
766
|
+
context->state[5] += f;
|
767
|
+
context->state[6] += g;
|
768
|
+
context->state[7] += h;
|
769
|
+
|
770
|
+
/* Clean up */
|
771
|
+
a = b = c = d = e = f = g = h = T1 = 0;
|
772
|
+
}
|
773
|
+
|
774
|
+
#else /* SHA2_UNROLL_TRANSFORM */
|
775
|
+
|
776
|
+
void SHA512_Transform(SHA512_CTX* context, const sha2_word64* data) {
|
777
|
+
sha2_word64 a, b, c, d, e, f, g, h, s0, s1;
|
778
|
+
sha2_word64 T1, T2, *W512 = (sha2_word64*)context->buffer;
|
779
|
+
int j;
|
780
|
+
|
781
|
+
/* Initialize registers with the prev. intermediate value */
|
782
|
+
a = context->state[0];
|
783
|
+
b = context->state[1];
|
784
|
+
c = context->state[2];
|
785
|
+
d = context->state[3];
|
786
|
+
e = context->state[4];
|
787
|
+
f = context->state[5];
|
788
|
+
g = context->state[6];
|
789
|
+
h = context->state[7];
|
790
|
+
|
791
|
+
j = 0;
|
792
|
+
do {
|
793
|
+
#if BYTE_ORDER == LITTLE_ENDIAN
|
794
|
+
/* Convert TO host byte order */
|
795
|
+
REVERSE64(*data++, W512[j]);
|
796
|
+
/* Apply the SHA-512 compression function to update a..h */
|
797
|
+
T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + W512[j];
|
798
|
+
#else /* BYTE_ORDER == LITTLE_ENDIAN */
|
799
|
+
/* Apply the SHA-512 compression function to update a..h with copy */
|
800
|
+
T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + (W512[j] = *data++);
|
801
|
+
#endif /* BYTE_ORDER == LITTLE_ENDIAN */
|
802
|
+
T2 = Sigma0_512(a) + Maj(a, b, c);
|
803
|
+
h = g;
|
804
|
+
g = f;
|
805
|
+
f = e;
|
806
|
+
e = d + T1;
|
807
|
+
d = c;
|
808
|
+
c = b;
|
809
|
+
b = a;
|
810
|
+
a = T1 + T2;
|
811
|
+
|
812
|
+
j++;
|
813
|
+
} while (j < 16);
|
814
|
+
|
815
|
+
do {
|
816
|
+
/* Part of the message block expansion: */
|
817
|
+
s0 = W512[(j+1)&0x0f];
|
818
|
+
s0 = sigma0_512(s0);
|
819
|
+
s1 = W512[(j+14)&0x0f];
|
820
|
+
s1 = sigma1_512(s1);
|
821
|
+
|
822
|
+
/* Apply the SHA-512 compression function to update a..h */
|
823
|
+
T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] +
|
824
|
+
(W512[j&0x0f] += s1 + W512[(j+9)&0x0f] + s0);
|
825
|
+
T2 = Sigma0_512(a) + Maj(a, b, c);
|
826
|
+
h = g;
|
827
|
+
g = f;
|
828
|
+
f = e;
|
829
|
+
e = d + T1;
|
830
|
+
d = c;
|
831
|
+
c = b;
|
832
|
+
b = a;
|
833
|
+
a = T1 + T2;
|
834
|
+
|
835
|
+
j++;
|
836
|
+
} while (j < 80);
|
837
|
+
|
838
|
+
/* Compute the current intermediate hash value */
|
839
|
+
context->state[0] += a;
|
840
|
+
context->state[1] += b;
|
841
|
+
context->state[2] += c;
|
842
|
+
context->state[3] += d;
|
843
|
+
context->state[4] += e;
|
844
|
+
context->state[5] += f;
|
845
|
+
context->state[6] += g;
|
846
|
+
context->state[7] += h;
|
847
|
+
|
848
|
+
/* Clean up */
|
849
|
+
a = b = c = d = e = f = g = h = T1 = T2 = 0;
|
850
|
+
}
|
851
|
+
|
852
|
+
#endif /* SHA2_UNROLL_TRANSFORM */
|
853
|
+
|
854
|
+
void SHA512_Update(SHA512_CTX* context, const sha2_byte *data, size_t len) {
|
855
|
+
unsigned int freespace, usedspace;
|
856
|
+
|
857
|
+
if (len == 0) {
|
858
|
+
/* Calling with no data is valid - we do nothing */
|
859
|
+
return;
|
860
|
+
}
|
861
|
+
|
862
|
+
/* Sanity check: */
|
863
|
+
assert(context != (SHA512_CTX*)0 && data != (sha2_byte*)0);
|
864
|
+
|
865
|
+
usedspace = (unsigned int)((context->bitcount[0] >> 3) % SHA512_BLOCK_LENGTH);
|
866
|
+
if (usedspace > 0) {
|
867
|
+
/* Calculate how much free space is available in the buffer */
|
868
|
+
freespace = SHA512_BLOCK_LENGTH - usedspace;
|
869
|
+
|
870
|
+
if (len >= freespace) {
|
871
|
+
/* Fill the buffer completely and process it */
|
872
|
+
MEMCPY_BCOPY(&context->buffer[usedspace], data, freespace);
|
873
|
+
ADDINC128(context->bitcount, freespace << 3);
|
874
|
+
len -= freespace;
|
875
|
+
data += freespace;
|
876
|
+
SHA512_Transform(context, (sha2_word64*)context->buffer);
|
877
|
+
} else {
|
878
|
+
/* The buffer is not yet full */
|
879
|
+
MEMCPY_BCOPY(&context->buffer[usedspace], data, len);
|
880
|
+
ADDINC128(context->bitcount, len << 3);
|
881
|
+
/* Clean up: */
|
882
|
+
usedspace = freespace = 0;
|
883
|
+
return;
|
884
|
+
}
|
885
|
+
}
|
886
|
+
while (len >= SHA512_BLOCK_LENGTH) {
|
887
|
+
/* Process as many complete blocks as we can */
|
888
|
+
MEMCPY_BCOPY(context->buffer, data, SHA512_BLOCK_LENGTH);
|
889
|
+
SHA512_Transform(context, (sha2_word64*)context->buffer);
|
890
|
+
ADDINC128(context->bitcount, SHA512_BLOCK_LENGTH << 3);
|
891
|
+
len -= SHA512_BLOCK_LENGTH;
|
892
|
+
data += SHA512_BLOCK_LENGTH;
|
893
|
+
}
|
894
|
+
if (len > 0) {
|
895
|
+
/* There's left-overs, so save 'em */
|
896
|
+
MEMCPY_BCOPY(context->buffer, data, len);
|
897
|
+
ADDINC128(context->bitcount, len << 3);
|
898
|
+
}
|
899
|
+
/* Clean up: */
|
900
|
+
usedspace = freespace = 0;
|
901
|
+
}
|
902
|
+
|
903
|
+
void SHA512_Last(SHA512_CTX* context) {
|
904
|
+
unsigned int usedspace;
|
905
|
+
|
906
|
+
usedspace = (unsigned int)((context->bitcount[0] >> 3) % SHA512_BLOCK_LENGTH);
|
907
|
+
#if BYTE_ORDER == LITTLE_ENDIAN
|
908
|
+
/* Convert FROM host byte order */
|
909
|
+
REVERSE64(context->bitcount[0],context->bitcount[0]);
|
910
|
+
REVERSE64(context->bitcount[1],context->bitcount[1]);
|
911
|
+
#endif
|
912
|
+
if (usedspace > 0) {
|
913
|
+
/* Begin padding with a 1 bit: */
|
914
|
+
context->buffer[usedspace++] = 0x80;
|
915
|
+
|
916
|
+
if (usedspace <= SHA512_SHORT_BLOCK_LENGTH) {
|
917
|
+
/* Set-up for the last transform: */
|
918
|
+
MEMSET_BZERO(&context->buffer[usedspace], SHA512_SHORT_BLOCK_LENGTH - usedspace);
|
919
|
+
} else {
|
920
|
+
if (usedspace < SHA512_BLOCK_LENGTH) {
|
921
|
+
MEMSET_BZERO(&context->buffer[usedspace], SHA512_BLOCK_LENGTH - usedspace);
|
922
|
+
}
|
923
|
+
/* Do second-to-last transform: */
|
924
|
+
SHA512_Transform(context, (sha2_word64*)context->buffer);
|
925
|
+
|
926
|
+
/* And set-up for the last transform: */
|
927
|
+
MEMSET_BZERO(context->buffer, SHA512_BLOCK_LENGTH - 2);
|
928
|
+
}
|
929
|
+
} else {
|
930
|
+
/* Prepare for final transform: */
|
931
|
+
MEMSET_BZERO(context->buffer, SHA512_SHORT_BLOCK_LENGTH);
|
932
|
+
|
933
|
+
/* Begin padding with a 1 bit: */
|
934
|
+
*context->buffer = 0x80;
|
935
|
+
}
|
936
|
+
/* Store the length of input data (in bits): */
|
937
|
+
MEMCPY_BCOPY(&context->buffer[SHA512_SHORT_BLOCK_LENGTH], &context->bitcount[1],
|
938
|
+
sizeof(sha2_word64));
|
939
|
+
MEMCPY_BCOPY(&context->buffer[SHA512_SHORT_BLOCK_LENGTH+8], &context->bitcount[0],
|
940
|
+
sizeof(sha2_word64));
|
941
|
+
|
942
|
+
/* Final transform: */
|
943
|
+
SHA512_Transform(context, (sha2_word64*)context->buffer);
|
944
|
+
}
|
945
|
+
|
946
|
+
int SHA512_Final(sha2_byte digest[], SHA512_CTX* context) {
|
947
|
+
sha2_word64 *d = (sha2_word64*)digest;
|
948
|
+
|
949
|
+
/* Sanity check: */
|
950
|
+
assert(context != (SHA512_CTX*)0);
|
951
|
+
|
952
|
+
/* If no digest buffer is passed, we don't bother doing this: */
|
953
|
+
if (digest != (sha2_byte*)0) {
|
954
|
+
SHA512_Last(context);
|
955
|
+
|
956
|
+
/* Save the hash data for output: */
|
957
|
+
#if BYTE_ORDER == LITTLE_ENDIAN
|
958
|
+
{
|
959
|
+
/* Convert TO host byte order */
|
960
|
+
int j;
|
961
|
+
for (j = 0; j < 8; j++) {
|
962
|
+
REVERSE64(context->state[j],context->state[j]);
|
963
|
+
*d++ = context->state[j];
|
964
|
+
}
|
965
|
+
}
|
966
|
+
#else
|
967
|
+
MEMCPY_BCOPY(d, context->state, SHA512_DIGEST_LENGTH);
|
968
|
+
#endif
|
969
|
+
}
|
970
|
+
|
971
|
+
/* Zero out state data */
|
972
|
+
MEMSET_BZERO(context, sizeof(*context));
|
973
|
+
return 1;
|
974
|
+
}
|
975
|
+
|
976
|
+
char *SHA512_End(SHA512_CTX* context, char buffer[]) {
|
977
|
+
sha2_byte digest[SHA512_DIGEST_LENGTH], *d = digest;
|
978
|
+
int i;
|
979
|
+
|
980
|
+
/* Sanity check: */
|
981
|
+
assert(context != (SHA512_CTX*)0);
|
982
|
+
|
983
|
+
if (buffer != (char*)0) {
|
984
|
+
SHA512_Final(digest, context);
|
985
|
+
for (i = 0; i < SHA512_DIGEST_LENGTH; i++) {
|
986
|
+
*buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4];
|
987
|
+
*buffer++ = sha2_hex_digits[*d & 0x0f];
|
988
|
+
d++;
|
989
|
+
}
|
990
|
+
*buffer = (char)0;
|
991
|
+
} else {
|
992
|
+
MEMSET_BZERO(context, sizeof(*context));
|
993
|
+
}
|
994
|
+
MEMSET_BZERO(digest, SHA512_DIGEST_LENGTH);
|
995
|
+
return buffer;
|
996
|
+
}
|
997
|
+
|
998
|
+
char* SHA512_Data(const sha2_byte* data, size_t len, char digest[SHA512_DIGEST_STRING_LENGTH]) {
|
999
|
+
SHA512_CTX context;
|
1000
|
+
|
1001
|
+
SHA512_Init(&context);
|
1002
|
+
SHA512_Update(&context, data, len);
|
1003
|
+
return SHA512_End(&context, digest);
|
1004
|
+
}
|
1005
|
+
|
1006
|
+
|
1007
|
+
/*** SHA-384: *********************************************************/
|
1008
|
+
int SHA384_Init(SHA384_CTX* context) {
|
1009
|
+
if (context == (SHA384_CTX*)0) {
|
1010
|
+
return 0;
|
1011
|
+
}
|
1012
|
+
MEMCPY_BCOPY(context->state, sha384_initial_hash_value, SHA512_DIGEST_LENGTH);
|
1013
|
+
MEMSET_BZERO(context->buffer, SHA384_BLOCK_LENGTH);
|
1014
|
+
context->bitcount[0] = context->bitcount[1] = 0;
|
1015
|
+
return 1;
|
1016
|
+
}
|
1017
|
+
|
1018
|
+
void SHA384_Update(SHA384_CTX* context, const sha2_byte* data, size_t len) {
|
1019
|
+
SHA512_Update((SHA512_CTX*)context, data, len);
|
1020
|
+
}
|
1021
|
+
|
1022
|
+
int SHA384_Final(sha2_byte digest[], SHA384_CTX* context) {
|
1023
|
+
sha2_word64 *d = (sha2_word64*)digest;
|
1024
|
+
|
1025
|
+
/* Sanity check: */
|
1026
|
+
assert(context != (SHA384_CTX*)0);
|
1027
|
+
|
1028
|
+
/* If no digest buffer is passed, we don't bother doing this: */
|
1029
|
+
if (digest != (sha2_byte*)0) {
|
1030
|
+
SHA512_Last((SHA512_CTX*)context);
|
1031
|
+
|
1032
|
+
/* Save the hash data for output: */
|
1033
|
+
#if BYTE_ORDER == LITTLE_ENDIAN
|
1034
|
+
{
|
1035
|
+
/* Convert TO host byte order */
|
1036
|
+
int j;
|
1037
|
+
for (j = 0; j < 6; j++) {
|
1038
|
+
REVERSE64(context->state[j],context->state[j]);
|
1039
|
+
*d++ = context->state[j];
|
1040
|
+
}
|
1041
|
+
}
|
1042
|
+
#else
|
1043
|
+
MEMCPY_BCOPY(d, context->state, SHA384_DIGEST_LENGTH);
|
1044
|
+
#endif
|
1045
|
+
}
|
1046
|
+
|
1047
|
+
/* Zero out state data */
|
1048
|
+
MEMSET_BZERO(context, sizeof(*context));
|
1049
|
+
return 1;
|
1050
|
+
}
|
1051
|
+
|
1052
|
+
char *SHA384_End(SHA384_CTX* context, char buffer[]) {
|
1053
|
+
sha2_byte digest[SHA384_DIGEST_LENGTH], *d = digest;
|
1054
|
+
int i;
|
1055
|
+
|
1056
|
+
/* Sanity check: */
|
1057
|
+
assert(context != (SHA384_CTX*)0);
|
1058
|
+
|
1059
|
+
if (buffer != (char*)0) {
|
1060
|
+
SHA384_Final(digest, context);
|
1061
|
+
for (i = 0; i < SHA384_DIGEST_LENGTH; i++) {
|
1062
|
+
*buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4];
|
1063
|
+
*buffer++ = sha2_hex_digits[*d & 0x0f];
|
1064
|
+
d++;
|
1065
|
+
}
|
1066
|
+
*buffer = (char)0;
|
1067
|
+
} else {
|
1068
|
+
MEMSET_BZERO(context, sizeof(*context));
|
1069
|
+
}
|
1070
|
+
MEMSET_BZERO(digest, SHA384_DIGEST_LENGTH);
|
1071
|
+
return buffer;
|
1072
|
+
}
|
1073
|
+
|
1074
|
+
char* SHA384_Data(const sha2_byte* data, size_t len, char digest[SHA384_DIGEST_STRING_LENGTH]) {
|
1075
|
+
SHA384_CTX context;
|
1076
|
+
|
1077
|
+
SHA384_Init(&context);
|
1078
|
+
SHA384_Update(&context, data, len);
|
1079
|
+
return SHA384_End(&context, digest);
|
1080
|
+
}
|
1081
|
+
|