Ruby: ext/digest/sha2/sha2.c Source File

00001 /*
00002  * FILE:        sha2.c
00003  * AUTHOR:      Aaron D. Gifford - http://www.aarongifford.com/
00004  *
00005  * Copyright (c) 2000-2001, Aaron D. Gifford
00006  * All rights reserved.
00007  *
00008  * Redistribution and use in source and binary forms, with or without
00009  * modification, are permitted provided that the following conditions
00010  * are met:
00011  * 1. Redistributions of source code must retain the above copyright
00012  *    notice, this list of conditions and the following disclaimer.
00013  * 2. Redistributions in binary form must reproduce the above copyright
00014  *    notice, this list of conditions and the following disclaimer in the
00015  *    documentation and/or other materials provided with the distribution.
00016  * 3. Neither the name of the copyright holder nor the names of contributors
00017  *    may be used to endorse or promote products derived from this software
00018  *    without specific prior written permission.
00019  *
00020  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTOR(S) ``AS IS'' AND
00021  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
00022  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
00023  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTOR(S) BE LIABLE
00024  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
00025  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
00026  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
00027  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
00028  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
00029  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
00030  * SUCH DAMAGE.
00031  *
00032  * $OrigId: sha2.c,v 1.1 2001/11/08 00:01:51 adg Exp adg $
00033  * $RoughId: sha2.c,v 1.3 2002/02/26 22:03:36 knu Exp $
00034  * $Id: sha2.c 52797 2015-11-30 12:08:16Z usa $
00035  */
00036 
00037 #include "../defs.h"
00038 #include <string.h>     /* memcpy()/memset() or bcopy()/bzero() */
00039 #include <assert.h>     /* assert() */
00040 #include "sha2.h"
00041 
00042 /*
00043  * ASSERT NOTE:
00044  * Some sanity checking code is included using assert().  On my FreeBSD
00045  * system, this additional code can be removed by compiling with NDEBUG
00046  * defined.  Check your own systems manpage on assert() to see how to
00047  * compile WITHOUT the sanity checking code on your system.
00048  *
00049  * UNROLLED TRANSFORM LOOP NOTE:
00050  * You can define SHA2_UNROLL_TRANSFORM to use the unrolled transform
00051  * loop version for the hash transform rounds (defined using macros
00052  * later in this file).  Either define on the command line, for example:
00053  *
00054  *   cc -DSHA2_UNROLL_TRANSFORM -o sha2 sha2.c sha2prog.c
00055  *
00056  * or define below:
00057  *
00058  *   #define SHA2_UNROLL_TRANSFORM
00059  *
00060  */
00061 
00062 
00063 /*** SHA-256/384/512 Machine Architecture Definitions *****************/
00064 /*
00065  * BYTE_ORDER NOTE:
00066  *
00067  * Please make sure that your system defines BYTE_ORDER.  If your
00068  * architecture is little-endian, make sure it also defines
00069  * LITTLE_ENDIAN and that the two (BYTE_ORDER and LITTLE_ENDIAN) are
00070  * equivilent.
00071  *
00072  * If your system does not define the above, then you can do so by
00073  * hand like this:
00074  *
00075  *   #define LITTLE_ENDIAN 1234
00076  *   #define BIG_ENDIAN    4321
00077  *
00078  * And for little-endian machines, add:
00079  *
00080  *   #define BYTE_ORDER LITTLE_ENDIAN
00081  *
00082  * Or for big-endian machines:
00083  *
00084  *   #define BYTE_ORDER BIG_ENDIAN
00085  *
00086  * The FreeBSD machine this was written on defines BYTE_ORDER
00087  * appropriately by including <sys/types.h> (which in turn includes
00088  * <machine/endian.h> where the appropriate definitions are actually
00089  * made).
00090  */
00091 #if !defined(BYTE_ORDER) || (BYTE_ORDER != LITTLE_ENDIAN && BYTE_ORDER != BIG_ENDIAN)
00092 #error Define BYTE_ORDER to be equal to either LITTLE_ENDIAN or BIG_ENDIAN
00093 #endif
00094 
00095 /*
00096  * Define the followingsha2_* types to types of the correct length on
00097  * the native archtecture.   Most BSD systems and Linux define u_intXX_t
00098  * types.  Machines with very recent ANSI C headers, can use the
00099  * uintXX_t definintions from inttypes.h by defining SHA2_USE_INTTYPES_H
00100  * during compile or in the sha.h header file.
00101  *
00102  * Machines that support neither u_intXX_t nor inttypes.h's uintXX_t
00103  * will need to define these three typedefs below (and the appropriate
00104  * ones in sha.h too) by hand according to their system architecture.
00105  *
00106  * Thank you, Jun-ichiro itojun Hagino, for suggesting using u_intXX_t
00107  * types and pointing out recent ANSI C support for uintXX_t in inttypes.h.
00108  */
00109 #ifdef SHA2_USE_INTTYPES_H
00110 
00111 typedef uint8_t  sha2_byte;     /* Exactly 1 byte */
00112 typedef uint32_t sha2_word32;   /* Exactly 4 bytes */
00113 typedef uint64_t sha2_word64;   /* Exactly 8 bytes */
00114 
00115 #else /* SHA2_USE_INTTYPES_H */
00116 
00117 typedef u_int8_t  sha2_byte;    /* Exactly 1 byte */
00118 typedef u_int32_t sha2_word32;  /* Exactly 4 bytes */
00119 typedef u_int64_t sha2_word64;  /* Exactly 8 bytes */
00120 
00121 #endif /* SHA2_USE_INTTYPES_H */
00122 
00123 
00124 /*** SHA-256/384/512 Various Length Definitions ***********************/
00125 /* NOTE: Most of these are in sha2.h */
00126 #define SHA256_SHORT_BLOCK_LENGTH       (SHA256_BLOCK_LENGTH - 8)
00127 #define SHA384_SHORT_BLOCK_LENGTH       (SHA384_BLOCK_LENGTH - 16)
00128 #define SHA512_SHORT_BLOCK_LENGTH       (SHA512_BLOCK_LENGTH - 16)
00129 
00130 
00131 #if (defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L)) || defined(__GNUC__) || defined(_HPUX_SOURCE) || defined(__IBMC__)
00132 #define ULL(number)     number##ULL
00133 #else
00134 #define ULL(number)     (uint64_t)(number)
00135 #endif
00136 /*** ENDIAN REVERSAL MACROS *******************************************/
00137 #if BYTE_ORDER == LITTLE_ENDIAN
00138 #define REVERSE32(w,x)  { \
00139         sha2_word32 tmp = (w); \
00140         tmp = (tmp >> 16) | (tmp << 16); \
00141         (x) = ((tmp & (sha2_word32)0xff00ff00UL) >> 8) | ((tmp & (sha2_word32)0x00ff00ffUL) << 8); \
00142 }
00143 #define REVERSE64(w,x)  { \
00144         sha2_word64 tmp = (w); \
00145         tmp = (tmp >> 32) | (tmp << 32); \
00146         tmp = ((tmp & ULL(0xff00ff00ff00ff00)) >> 8) | \
00147               ((tmp & ULL(0x00ff00ff00ff00ff)) << 8); \
00148         (x) = ((tmp & ULL(0xffff0000ffff0000)) >> 16) | \
00149               ((tmp & ULL(0x0000ffff0000ffff)) << 16); \
00150 }
00151 #endif /* BYTE_ORDER == LITTLE_ENDIAN */
00152 
00153 /*
00154  * Macro for incrementally adding the unsigned 64-bit integer n to the
00155  * unsigned 128-bit integer (represented using a two-element array of
00156  * 64-bit words):
00157  */
00158 #define ADDINC128(w,n)  { \
00159         (w)[0] += (sha2_word64)(n); \
00160         if ((w)[0] < (n)) { \
00161                 (w)[1]++; \
00162         } \
00163 }
00164 
00165 /*
00166  * Macros for copying blocks of memory and for zeroing out ranges
00167  * of memory.  Using these macros makes it easy to switch from
00168  * using memset()/memcpy() and using bzero()/bcopy().
00169  *
00170  * Please define either SHA2_USE_MEMSET_MEMCPY or define
00171  * SHA2_USE_BZERO_BCOPY depending on which function set you
00172  * choose to use:
00173  */
00174 #if !defined(SHA2_USE_MEMSET_MEMCPY) && !defined(SHA2_USE_BZERO_BCOPY)
00175 /* Default to memset()/memcpy() if no option is specified */
00176 #define SHA2_USE_MEMSET_MEMCPY  1
00177 #endif
00178 #if defined(SHA2_USE_MEMSET_MEMCPY) && defined(SHA2_USE_BZERO_BCOPY)
00179 /* Abort with an error if BOTH options are defined */
00180 #error Define either SHA2_USE_MEMSET_MEMCPY or SHA2_USE_BZERO_BCOPY, not both!
00181 #endif
00182 
00183 #ifdef SHA2_USE_MEMSET_MEMCPY
00184 #define MEMSET_BZERO(p,l)       memset((p), 0, (l))
00185 #define MEMCPY_BCOPY(d,s,l)     memcpy((d), (s), (l))
00186 #endif
00187 #ifdef SHA2_USE_BZERO_BCOPY
00188 #define MEMSET_BZERO(p,l)       bzero((p), (l))
00189 #define MEMCPY_BCOPY(d,s,l)     bcopy((s), (d), (l))
00190 #endif
00191 
00192 
00193 /*** THE SIX LOGICAL FUNCTIONS ****************************************/
00194 /*
00195  * Bit shifting and rotation (used by the six SHA-XYZ logical functions:
00196  *
00197  *   NOTE:  The naming of R and S appears backwards here (R is a SHIFT and
00198  *   S is a ROTATION) because the SHA-256/384/512 description document
00199  *   (see http://csrc.nist.gov/cryptval/shs/sha256-384-512.pdf) uses this
00200  *   same "backwards" definition.
00201  */
00202 /* Shift-right (used in SHA-256, SHA-384, and SHA-512): */
00203 #define R(b,x)          ((x) >> (b))
00204 /* 32-bit Rotate-right (used in SHA-256): */
00205 #define S32(b,x)        (((x) >> (b)) | ((x) << (32 - (b))))
00206 /* 64-bit Rotate-right (used in SHA-384 and SHA-512): */
00207 #define S64(b,x)        (((x) >> (b)) | ((x) << (64 - (b))))
00208 
00209 /* Two of six logical functions used in SHA-256, SHA-384, and SHA-512: */
00210 #define Ch(x,y,z)       (((x) & (y)) ^ ((~(x)) & (z)))
00211 #define Maj(x,y,z)      (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
00212 
00213 /* Four of six logical functions used in SHA-256: */
00214 #define Sigma0_256(x)   (S32(2,  (x)) ^ S32(13, (x)) ^ S32(22, (x)))
00215 #define Sigma1_256(x)   (S32(6,  (x)) ^ S32(11, (x)) ^ S32(25, (x)))
00216 #define sigma0_256(x)   (S32(7,  (x)) ^ S32(18, (x)) ^ R(3 ,   (x)))
00217 #define sigma1_256(x)   (S32(17, (x)) ^ S32(19, (x)) ^ R(10,   (x)))
00218 
00219 /* Four of six logical functions used in SHA-384 and SHA-512: */
00220 #define Sigma0_512(x)   (S64(28, (x)) ^ S64(34, (x)) ^ S64(39, (x)))
00221 #define Sigma1_512(x)   (S64(14, (x)) ^ S64(18, (x)) ^ S64(41, (x)))
00222 #define sigma0_512(x)   (S64( 1, (x)) ^ S64( 8, (x)) ^ R( 7,   (x)))
00223 #define sigma1_512(x)   (S64(19, (x)) ^ S64(61, (x)) ^ R( 6,   (x)))
00224 
00225 /*** INTERNAL FUNCTION PROTOTYPES *************************************/
00226 /* NOTE: These should not be accessed directly from outside this
00227  * library -- they are intended for private internal visibility/use
00228  * only.
00229  */
00230 void SHA512_Last(SHA512_CTX*);
00231 void SHA256_Transform(SHA256_CTX*, const sha2_word32*);
00232 void SHA512_Transform(SHA512_CTX*, const sha2_word64*);
00233 
00234 
00235 /*** SHA-XYZ INITIAL HASH VALUES AND CONSTANTS ************************/
00236 /* Hash constant words K for SHA-256: */
00237 static const sha2_word32 K256[64] = {
00238         0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL,
00239         0x3956c25bUL, 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL,
00240         0xd807aa98UL, 0x12835b01UL, 0x243185beUL, 0x550c7dc3UL,
00241         0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL, 0xc19bf174UL,
00242         0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL,
00243         0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL,
00244         0x983e5152UL, 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL,
00245         0xc6e00bf3UL, 0xd5a79147UL, 0x06ca6351UL, 0x14292967UL,
00246         0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL, 0x53380d13UL,
00247         0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL,
00248         0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL,
00249         0xd192e819UL, 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL,
00250         0x19a4c116UL, 0x1e376c08UL, 0x2748774cUL, 0x34b0bcb5UL,
00251         0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL, 0x682e6ff3UL,
00252         0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL,
00253         0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL
00254 };
00255 
00256 /* Initial hash value H for SHA-256: */
00257 static const sha2_word32 sha256_initial_hash_value[8] = {
00258         0x6a09e667UL,
00259         0xbb67ae85UL,
00260         0x3c6ef372UL,
00261         0xa54ff53aUL,
00262         0x510e527fUL,
00263         0x9b05688cUL,
00264         0x1f83d9abUL,
00265         0x5be0cd19UL
00266 };
00267 
00268 /* Hash constant words K for SHA-384 and SHA-512: */
00269 static const sha2_word64 K512[80] = {
00270         ULL(0x428a2f98d728ae22), ULL(0x7137449123ef65cd),
00271         ULL(0xb5c0fbcfec4d3b2f), ULL(0xe9b5dba58189dbbc),
00272         ULL(0x3956c25bf348b538), ULL(0x59f111f1b605d019),
00273         ULL(0x923f82a4af194f9b), ULL(0xab1c5ed5da6d8118),
00274         ULL(0xd807aa98a3030242), ULL(0x12835b0145706fbe),
00275         ULL(0x243185be4ee4b28c), ULL(0x550c7dc3d5ffb4e2),
00276         ULL(0x72be5d74f27b896f), ULL(0x80deb1fe3b1696b1),
00277         ULL(0x9bdc06a725c71235), ULL(0xc19bf174cf692694),
00278         ULL(0xe49b69c19ef14ad2), ULL(0xefbe4786384f25e3),
00279         ULL(0x0fc19dc68b8cd5b5), ULL(0x240ca1cc77ac9c65),
00280         ULL(0x2de92c6f592b0275), ULL(0x4a7484aa6ea6e483),
00281         ULL(0x5cb0a9dcbd41fbd4), ULL(0x76f988da831153b5),
00282         ULL(0x983e5152ee66dfab), ULL(0xa831c66d2db43210),
00283         ULL(0xb00327c898fb213f), ULL(0xbf597fc7beef0ee4),
00284         ULL(0xc6e00bf33da88fc2), ULL(0xd5a79147930aa725),
00285         ULL(0x06ca6351e003826f), ULL(0x142929670a0e6e70),
00286         ULL(0x27b70a8546d22ffc), ULL(0x2e1b21385c26c926),
00287         ULL(0x4d2c6dfc5ac42aed), ULL(0x53380d139d95b3df),
00288         ULL(0x650a73548baf63de), ULL(0x766a0abb3c77b2a8),
00289         ULL(0x81c2c92e47edaee6), ULL(0x92722c851482353b),
00290         ULL(0xa2bfe8a14cf10364), ULL(0xa81a664bbc423001),
00291         ULL(0xc24b8b70d0f89791), ULL(0xc76c51a30654be30),
00292         ULL(0xd192e819d6ef5218), ULL(0xd69906245565a910),
00293         ULL(0xf40e35855771202a), ULL(0x106aa07032bbd1b8),
00294         ULL(0x19a4c116b8d2d0c8), ULL(0x1e376c085141ab53),
00295         ULL(0x2748774cdf8eeb99), ULL(0x34b0bcb5e19b48a8),
00296         ULL(0x391c0cb3c5c95a63), ULL(0x4ed8aa4ae3418acb),
00297         ULL(0x5b9cca4f7763e373), ULL(0x682e6ff3d6b2b8a3),
00298         ULL(0x748f82ee5defb2fc), ULL(0x78a5636f43172f60),
00299         ULL(0x84c87814a1f0ab72), ULL(0x8cc702081a6439ec),
00300         ULL(0x90befffa23631e28), ULL(0xa4506cebde82bde9),
00301         ULL(0xbef9a3f7b2c67915), ULL(0xc67178f2e372532b),
00302         ULL(0xca273eceea26619c), ULL(0xd186b8c721c0c207),
00303         ULL(0xeada7dd6cde0eb1e), ULL(0xf57d4f7fee6ed178),
00304         ULL(0x06f067aa72176fba), ULL(0x0a637dc5a2c898a6),
00305         ULL(0x113f9804bef90dae), ULL(0x1b710b35131c471b),
00306         ULL(0x28db77f523047d84), ULL(0x32caab7b40c72493),
00307         ULL(0x3c9ebe0a15c9bebc), ULL(0x431d67c49c100d4c),
00308         ULL(0x4cc5d4becb3e42b6), ULL(0x597f299cfc657e2a),
00309         ULL(0x5fcb6fab3ad6faec), ULL(0x6c44198c4a475817)
00310 };
00311 
00312 /* Initial hash value H for SHA-384 */
00313 static const sha2_word64 sha384_initial_hash_value[8] = {
00314         ULL(0xcbbb9d5dc1059ed8),
00315         ULL(0x629a292a367cd507),
00316         ULL(0x9159015a3070dd17),
00317         ULL(0x152fecd8f70e5939),
00318         ULL(0x67332667ffc00b31),
00319         ULL(0x8eb44a8768581511),
00320         ULL(0xdb0c2e0d64f98fa7),
00321         ULL(0x47b5481dbefa4fa4)
00322 };
00323 
00324 /* Initial hash value H for SHA-512 */
00325 static const sha2_word64 sha512_initial_hash_value[8] = {
00326         ULL(0x6a09e667f3bcc908),
00327         ULL(0xbb67ae8584caa73b),
00328         ULL(0x3c6ef372fe94f82b),
00329         ULL(0xa54ff53a5f1d36f1),
00330         ULL(0x510e527fade682d1),
00331         ULL(0x9b05688c2b3e6c1f),
00332         ULL(0x1f83d9abfb41bd6b),
00333         ULL(0x5be0cd19137e2179)
00334 };
00335 
00336 /*
00337  * Constant used by SHA256/384/512_End() functions for converting the
00338  * digest to a readable hexadecimal character string:
00339  */
00340 static const char *sha2_hex_digits = "0123456789abcdef";
00341 
00342 
00343 /*** SHA-256: *********************************************************/
00344 void SHA256_Init(SHA256_CTX* context) {
00345         if (context == (SHA256_CTX*)0) {
00346                 return;
00347         }
00348         MEMCPY_BCOPY(context->state, sha256_initial_hash_value, SHA256_DIGEST_LENGTH);
00349         MEMSET_BZERO(context->buffer, SHA256_BLOCK_LENGTH);
00350         context->bitcount = 0;
00351 }
00352 
00353 #ifdef SHA2_UNROLL_TRANSFORM
00354 
00355 /* Unrolled SHA-256 round macros: */
00356 
00357 #if BYTE_ORDER == LITTLE_ENDIAN
00358 
00359 #define ROUND256_0_TO_15(a,b,c,d,e,f,g,h)       \
00360         REVERSE32(*data++, W256[j]); \
00361         T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + \
00362              K256[j] + W256[j]; \
00363         (d) += T1; \
00364         (h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \
00365         j++
00366 
00367 
00368 #else /* BYTE_ORDER == LITTLE_ENDIAN */
00369 
00370 #define ROUND256_0_TO_15(a,b,c,d,e,f,g,h)       \
00371         T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + \
00372              K256[j] + (W256[j] = *data++); \
00373         (d) += T1; \
00374         (h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \
00375         j++
00376 
00377 #endif /* BYTE_ORDER == LITTLE_ENDIAN */
00378 
00379 #define ROUND256(a,b,c,d,e,f,g,h)       \
00380         s0 = W256[(j+1)&0x0f]; \
00381         s0 = sigma0_256(s0); \
00382         s1 = W256[(j+14)&0x0f]; \
00383         s1 = sigma1_256(s1); \
00384         T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + K256[j] + \
00385              (W256[j&0x0f] += s1 + W256[(j+9)&0x0f] + s0); \
00386         (d) += T1; \
00387         (h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \
00388         j++
00389 
00390 void SHA256_Transform(SHA256_CTX* context, const sha2_word32* data) {
00391         sha2_word32     a, b, c, d, e, f, g, h, s0, s1;
00392         sha2_word32     T1, *W256;
00393         int             j;
00394 
00395         W256 = (sha2_word32*)context->buffer;
00396 
00397         /* Initialize registers with the prev. intermediate value */
00398         a = context->state[0];
00399         b = context->state[1];
00400         c = context->state[2];
00401         d = context->state[3];
00402         e = context->state[4];
00403         f = context->state[5];
00404         g = context->state[6];
00405         h = context->state[7];
00406 
00407         j = 0;
00408         do {
00409                 /* Rounds 0 to 15 (unrolled): */
00410                 ROUND256_0_TO_15(a,b,c,d,e,f,g,h);
00411                 ROUND256_0_TO_15(h,a,b,c,d,e,f,g);
00412                 ROUND256_0_TO_15(g,h,a,b,c,d,e,f);
00413                 ROUND256_0_TO_15(f,g,h,a,b,c,d,e);
00414                 ROUND256_0_TO_15(e,f,g,h,a,b,c,d);
00415                 ROUND256_0_TO_15(d,e,f,g,h,a,b,c);
00416                 ROUND256_0_TO_15(c,d,e,f,g,h,a,b);
00417                 ROUND256_0_TO_15(b,c,d,e,f,g,h,a);
00418         } while (j < 16);
00419 
00420         /* Now for the remaining rounds to 64: */
00421         do {
00422                 ROUND256(a,b,c,d,e,f,g,h);
00423                 ROUND256(h,a,b,c,d,e,f,g);
00424                 ROUND256(g,h,a,b,c,d,e,f);
00425                 ROUND256(f,g,h,a,b,c,d,e);
00426                 ROUND256(e,f,g,h,a,b,c,d);
00427                 ROUND256(d,e,f,g,h,a,b,c);
00428                 ROUND256(c,d,e,f,g,h,a,b);
00429                 ROUND256(b,c,d,e,f,g,h,a);
00430         } while (j < 64);
00431 
00432         /* Compute the current intermediate hash value */
00433         context->state[0] += a;
00434         context->state[1] += b;
00435         context->state[2] += c;
00436         context->state[3] += d;
00437         context->state[4] += e;
00438         context->state[5] += f;
00439         context->state[6] += g;
00440         context->state[7] += h;
00441 
00442         /* Clean up */
00443         a = b = c = d = e = f = g = h = T1 = 0;
00444 }
00445 
00446 #else /* SHA2_UNROLL_TRANSFORM */
00447 
00448 void SHA256_Transform(SHA256_CTX* context, const sha2_word32* data) {
00449         sha2_word32     a, b, c, d, e, f, g, h, s0, s1;
00450         sha2_word32     T1, T2, *W256;
00451         int             j;
00452 
00453         W256 = (sha2_word32*)context->buffer;
00454 
00455         /* Initialize registers with the prev. intermediate value */
00456         a = context->state[0];
00457         b = context->state[1];
00458         c = context->state[2];
00459         d = context->state[3];
00460         e = context->state[4];
00461         f = context->state[5];
00462         g = context->state[6];
00463         h = context->state[7];
00464 
00465         j = 0;
00466         do {
00467 #if BYTE_ORDER == LITTLE_ENDIAN
00468                 /* Copy data while converting to host byte order */
00469                 REVERSE32(*data++,W256[j]);
00470                 /* Apply the SHA-256 compression function to update a..h */
00471                 T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + W256[j];
00472 #else /* BYTE_ORDER == LITTLE_ENDIAN */
00473                 /* Apply the SHA-256 compression function to update a..h with copy */
00474                 T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + (W256[j] = *data++);
00475 #endif /* BYTE_ORDER == LITTLE_ENDIAN */
00476                 T2 = Sigma0_256(a) + Maj(a, b, c);
00477                 h = g;
00478                 g = f;
00479                 f = e;
00480                 e = d + T1;
00481                 d = c;
00482                 c = b;
00483                 b = a;
00484                 a = T1 + T2;
00485 
00486                 j++;
00487         } while (j < 16);
00488 
00489         do {
00490                 /* Part of the message block expansion: */
00491                 s0 = W256[(j+1)&0x0f];
00492                 s0 = sigma0_256(s0);
00493                 s1 = W256[(j+14)&0x0f];
00494                 s1 = sigma1_256(s1);
00495 
00496                 /* Apply the SHA-256 compression function to update a..h */
00497                 T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] +
00498                      (W256[j&0x0f] += s1 + W256[(j+9)&0x0f] + s0);
00499                 T2 = Sigma0_256(a) + Maj(a, b, c);
00500                 h = g;
00501                 g = f;
00502                 f = e;
00503                 e = d + T1;
00504                 d = c;
00505                 c = b;
00506                 b = a;
00507                 a = T1 + T2;
00508 
00509                 j++;
00510         } while (j < 64);
00511 
00512         /* Compute the current intermediate hash value */
00513         context->state[0] += a;
00514         context->state[1] += b;
00515         context->state[2] += c;
00516         context->state[3] += d;
00517         context->state[4] += e;
00518         context->state[5] += f;
00519         context->state[6] += g;
00520         context->state[7] += h;
00521 
00522         /* Clean up */
00523         a = b = c = d = e = f = g = h = T1 = T2 = 0;
00524 }
00525 
00526 #endif /* SHA2_UNROLL_TRANSFORM */
00527 
00528 void SHA256_Update(SHA256_CTX* context, const sha2_byte *data, size_t len) {
00529         unsigned int    freespace, usedspace;
00530 
00531         if (len == 0) {
00532                 /* Calling with no data is valid - we do nothing */
00533                 return;
00534         }
00535 
00536         /* Sanity check: */
00537         assert(context != (SHA256_CTX*)0 && data != (sha2_byte*)0);
00538 
00539         usedspace = (unsigned int)((context->bitcount >> 3) % SHA256_BLOCK_LENGTH);
00540         if (usedspace > 0) {
00541                 /* Calculate how much free space is available in the buffer */
00542                 freespace = SHA256_BLOCK_LENGTH - usedspace;
00543 
00544                 if (len >= freespace) {
00545                         /* Fill the buffer completely and process it */
00546                         MEMCPY_BCOPY(&context->buffer[usedspace], data, freespace);
00547                         context->bitcount += freespace << 3;
00548                         len -= freespace;
00549                         data += freespace;
00550                         SHA256_Transform(context, (sha2_word32*)context->buffer);
00551                 } else {
00552                         /* The buffer is not yet full */
00553                         MEMCPY_BCOPY(&context->buffer[usedspace], data, len);
00554                         context->bitcount += len << 3;
00555                         /* Clean up: */
00556                         usedspace = freespace = 0;
00557                         return;
00558                 }
00559         }
00560         while (len >= SHA256_BLOCK_LENGTH) {
00561                 /* Process as many complete blocks as we can */
00562                 MEMCPY_BCOPY(context->buffer, data, SHA256_BLOCK_LENGTH);
00563                 SHA256_Transform(context, (sha2_word32*)context->buffer);
00564                 context->bitcount += SHA256_BLOCK_LENGTH << 3;
00565                 len -= SHA256_BLOCK_LENGTH;
00566                 data += SHA256_BLOCK_LENGTH;
00567         }
00568         if (len > 0) {
00569                 /* There's left-overs, so save 'em */
00570                 MEMCPY_BCOPY(context->buffer, data, len);
00571                 context->bitcount += len << 3;
00572         }
00573         /* Clean up: */
00574         usedspace = freespace = 0;
00575 }
00576 
00577 void SHA256_Final(sha2_byte digest[], SHA256_CTX* context) {
00578         sha2_word32     *d = (sha2_word32*)digest;
00579         unsigned int    usedspace;
00580 
00581         /* Sanity check: */
00582         assert(context != (SHA256_CTX*)0);
00583 
00584         /* If no digest buffer is passed, we don't bother doing this: */
00585         if (digest != (sha2_byte*)0) {
00586                 usedspace = (unsigned int)((context->bitcount >> 3) % SHA256_BLOCK_LENGTH);
00587 #if BYTE_ORDER == LITTLE_ENDIAN
00588                 /* Convert FROM host byte order */
00589                 REVERSE64(context->bitcount,context->bitcount);
00590 #endif
00591                 if (usedspace > 0) {
00592                         /* Begin padding with a 1 bit: */
00593                         context->buffer[usedspace++] = 0x80;
00594 
00595                         if (usedspace <= SHA256_SHORT_BLOCK_LENGTH) {
00596                                 /* Set-up for the last transform: */
00597                                 MEMSET_BZERO(&context->buffer[usedspace], SHA256_SHORT_BLOCK_LENGTH - usedspace);
00598                         } else {
00599                                 if (usedspace < SHA256_BLOCK_LENGTH) {
00600                                         MEMSET_BZERO(&context->buffer[usedspace], SHA256_BLOCK_LENGTH - usedspace);
00601                                 }
00602                                 /* Do second-to-last transform: */
00603                                 SHA256_Transform(context, (sha2_word32*)context->buffer);
00604 
00605                                 /* And set-up for the last transform: */
00606                                 MEMSET_BZERO(context->buffer, SHA256_SHORT_BLOCK_LENGTH);
00607                         }
00608                 } else {
00609                         /* Set-up for the last transform: */
00610                         MEMSET_BZERO(context->buffer, SHA256_SHORT_BLOCK_LENGTH);
00611 
00612                         /* Begin padding with a 1 bit: */
00613                         *context->buffer = 0x80;
00614                 }
00615                 /* Set the bit count: */
00616                 MEMCPY_BCOPY(&context->buffer[SHA256_SHORT_BLOCK_LENGTH], &context->bitcount,
00617                              sizeof(sha2_word64));
00618 
00619                 /* Final transform: */
00620                 SHA256_Transform(context, (sha2_word32*)context->buffer);
00621 
00622 #if BYTE_ORDER == LITTLE_ENDIAN
00623                 {
00624                         /* Convert TO host byte order */
00625                         int     j;
00626                         for (j = 0; j < 8; j++) {
00627                                 REVERSE32(context->state[j],context->state[j]);
00628                                 *d++ = context->state[j];
00629                         }
00630                 }
00631 #else
00632                 MEMCPY_BCOPY(d, context->state, SHA256_DIGEST_LENGTH);
00633 #endif
00634         }
00635 
00636         /* Clean up state data: */
00637         MEMSET_BZERO(context, sizeof(*context));
00638         usedspace = 0;
00639 }
00640 
00641 char *SHA256_End(SHA256_CTX* context, char buffer[]) {
00642         sha2_byte       digest[SHA256_DIGEST_LENGTH], *d = digest;
00643         int             i;
00644 
00645         /* Sanity check: */
00646         assert(context != (SHA256_CTX*)0);
00647 
00648         if (buffer != (char*)0) {
00649                 SHA256_Final(digest, context);
00650                 for (i = 0; i < SHA256_DIGEST_LENGTH; i++) {
00651                         *buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4];
00652                         *buffer++ = sha2_hex_digits[*d & 0x0f];
00653                         d++;
00654                 }
00655                 *buffer = (char)0;
00656         } else {
00657                 MEMSET_BZERO(context, sizeof(*context));
00658         }
00659         MEMSET_BZERO(digest, SHA256_DIGEST_LENGTH);
00660         return buffer;
00661 }
00662 
00663 char* SHA256_Data(const sha2_byte* data, size_t len, char digest[SHA256_DIGEST_STRING_LENGTH]) {
00664         SHA256_CTX      context;
00665 
00666         SHA256_Init(&context);
00667         SHA256_Update(&context, data, len);
00668         return SHA256_End(&context, digest);
00669 }
00670 
00671 
00672 /*** SHA-512: *********************************************************/
00673 void SHA512_Init(SHA512_CTX* context) {
00674         if (context == (SHA512_CTX*)0) {
00675                 return;
00676         }
00677         MEMCPY_BCOPY(context->state, sha512_initial_hash_value, SHA512_DIGEST_LENGTH);
00678         MEMSET_BZERO(context->buffer, SHA512_BLOCK_LENGTH);
00679         context->bitcount[0] = context->bitcount[1] =  0;
00680 }
00681 
00682 #ifdef SHA2_UNROLL_TRANSFORM
00683 
00684 /* Unrolled SHA-512 round macros: */
00685 #if BYTE_ORDER == LITTLE_ENDIAN
00686 
00687 #define ROUND512_0_TO_15(a,b,c,d,e,f,g,h)       \
00688         REVERSE64(*data++, W512[j]); \
00689         T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + \
00690              K512[j] + W512[j]; \
00691         (d) += T1, \
00692         (h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)), \
00693         j++
00694 
00695 
00696 #else /* BYTE_ORDER == LITTLE_ENDIAN */
00697 
00698 #define ROUND512_0_TO_15(a,b,c,d,e,f,g,h)       \
00699         T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + \
00700              K512[j] + (W512[j] = *data++); \
00701         (d) += T1; \
00702         (h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)); \
00703         j++
00704 
00705 #endif /* BYTE_ORDER == LITTLE_ENDIAN */
00706 
00707 #define ROUND512(a,b,c,d,e,f,g,h)       \
00708         s0 = W512[(j+1)&0x0f]; \
00709         s0 = sigma0_512(s0); \
00710         s1 = W512[(j+14)&0x0f]; \
00711         s1 = sigma1_512(s1); \
00712         T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + K512[j] + \
00713              (W512[j&0x0f] += s1 + W512[(j+9)&0x0f] + s0); \
00714         (d) += T1; \
00715         (h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)); \
00716         j++
00717 
00718 void SHA512_Transform(SHA512_CTX* context, const sha2_word64* data) {
00719         sha2_word64     a, b, c, d, e, f, g, h, s0, s1;
00720         sha2_word64     T1, *W512 = (sha2_word64*)context->buffer;
00721         int             j;
00722 
00723         /* Initialize registers with the prev. intermediate value */
00724         a = context->state[0];
00725         b = context->state[1];
00726         c = context->state[2];
00727         d = context->state[3];
00728         e = context->state[4];
00729         f = context->state[5];
00730         g = context->state[6];
00731         h = context->state[7];
00732 
00733         j = 0;
00734         do {
00735                 ROUND512_0_TO_15(a,b,c,d,e,f,g,h);
00736                 ROUND512_0_TO_15(h,a,b,c,d,e,f,g);
00737                 ROUND512_0_TO_15(g,h,a,b,c,d,e,f);
00738                 ROUND512_0_TO_15(f,g,h,a,b,c,d,e);
00739                 ROUND512_0_TO_15(e,f,g,h,a,b,c,d);
00740                 ROUND512_0_TO_15(d,e,f,g,h,a,b,c);
00741                 ROUND512_0_TO_15(c,d,e,f,g,h,a,b);
00742                 ROUND512_0_TO_15(b,c,d,e,f,g,h,a);
00743         } while (j < 16);
00744 
00745         /* Now for the remaining rounds up to 79: */
00746         do {
00747                 ROUND512(a,b,c,d,e,f,g,h);
00748                 ROUND512(h,a,b,c,d,e,f,g);
00749                 ROUND512(g,h,a,b,c,d,e,f);
00750                 ROUND512(f,g,h,a,b,c,d,e);
00751                 ROUND512(e,f,g,h,a,b,c,d);
00752                 ROUND512(d,e,f,g,h,a,b,c);
00753                 ROUND512(c,d,e,f,g,h,a,b);
00754                 ROUND512(b,c,d,e,f,g,h,a);
00755         } while (j < 80);
00756 
00757         /* Compute the current intermediate hash value */
00758         context->state[0] += a;
00759         context->state[1] += b;
00760         context->state[2] += c;
00761         context->state[3] += d;
00762         context->state[4] += e;
00763         context->state[5] += f;
00764         context->state[6] += g;
00765         context->state[7] += h;
00766 
00767         /* Clean up */
00768         a = b = c = d = e = f = g = h = T1 = 0;
00769 }
00770 
00771 #else /* SHA2_UNROLL_TRANSFORM */
00772 
00773 void SHA512_Transform(SHA512_CTX* context, const sha2_word64* data) {
00774         sha2_word64     a, b, c, d, e, f, g, h, s0, s1;
00775         sha2_word64     T1, T2, *W512 = (sha2_word64*)context->buffer;
00776         int             j;
00777 
00778         /* Initialize registers with the prev. intermediate value */
00779         a = context->state[0];
00780         b = context->state[1];
00781         c = context->state[2];
00782         d = context->state[3];
00783         e = context->state[4];
00784         f = context->state[5];
00785         g = context->state[6];
00786         h = context->state[7];
00787 
00788         j = 0;
00789         do {
00790 #if BYTE_ORDER == LITTLE_ENDIAN
00791                 /* Convert TO host byte order */
00792                 REVERSE64(*data++, W512[j]);
00793                 /* Apply the SHA-512 compression function to update a..h */
00794                 T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + W512[j];
00795 #else /* BYTE_ORDER == LITTLE_ENDIAN */
00796                 /* Apply the SHA-512 compression function to update a..h with copy */
00797                 T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + (W512[j] = *data++);
00798 #endif /* BYTE_ORDER == LITTLE_ENDIAN */
00799                 T2 = Sigma0_512(a) + Maj(a, b, c);
00800                 h = g;
00801                 g = f;
00802                 f = e;
00803                 e = d + T1;
00804                 d = c;
00805                 c = b;
00806                 b = a;
00807                 a = T1 + T2;
00808 
00809                 j++;
00810         } while (j < 16);
00811 
00812         do {
00813                 /* Part of the message block expansion: */
00814                 s0 = W512[(j+1)&0x0f];
00815                 s0 = sigma0_512(s0);
00816                 s1 = W512[(j+14)&0x0f];
00817                 s1 =  sigma1_512(s1);
00818 
00819                 /* Apply the SHA-512 compression function to update a..h */
00820                 T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] +
00821                      (W512[j&0x0f] += s1 + W512[(j+9)&0x0f] + s0);
00822                 T2 = Sigma0_512(a) + Maj(a, b, c);
00823                 h = g;
00824                 g = f;
00825                 f = e;
00826                 e = d + T1;
00827                 d = c;
00828                 c = b;
00829                 b = a;
00830                 a = T1 + T2;
00831 
00832                 j++;
00833         } while (j < 80);
00834 
00835         /* Compute the current intermediate hash value */
00836         context->state[0] += a;
00837         context->state[1] += b;
00838         context->state[2] += c;
00839         context->state[3] += d;
00840         context->state[4] += e;
00841         context->state[5] += f;
00842         context->state[6] += g;
00843         context->state[7] += h;
00844 
00845         /* Clean up */
00846         a = b = c = d = e = f = g = h = T1 = T2 = 0;
00847 }
00848 
00849 #endif /* SHA2_UNROLL_TRANSFORM */
00850 
00851 void SHA512_Update(SHA512_CTX* context, const sha2_byte *data, size_t len) {
00852         unsigned int    freespace, usedspace;
00853 
00854         if (len == 0) {
00855                 /* Calling with no data is valid - we do nothing */
00856                 return;
00857         }
00858 
00859         /* Sanity check: */
00860         assert(context != (SHA512_CTX*)0 && data != (sha2_byte*)0);
00861 
00862         usedspace = (unsigned int)((context->bitcount[0] >> 3) % SHA512_BLOCK_LENGTH);
00863         if (usedspace > 0) {
00864                 /* Calculate how much free space is available in the buffer */
00865                 freespace = SHA512_BLOCK_LENGTH - usedspace;
00866 
00867                 if (len >= freespace) {
00868                         /* Fill the buffer completely and process it */
00869                         MEMCPY_BCOPY(&context->buffer[usedspace], data, freespace);
00870                         ADDINC128(context->bitcount, freespace << 3);
00871                         len -= freespace;
00872                         data += freespace;
00873                         SHA512_Transform(context, (sha2_word64*)context->buffer);
00874                 } else {
00875                         /* The buffer is not yet full */
00876                         MEMCPY_BCOPY(&context->buffer[usedspace], data, len);
00877                         ADDINC128(context->bitcount, len << 3);
00878                         /* Clean up: */
00879                         usedspace = freespace = 0;
00880                         return;
00881                 }
00882         }
00883         while (len >= SHA512_BLOCK_LENGTH) {
00884                 /* Process as many complete blocks as we can */
00885                 MEMCPY_BCOPY(context->buffer, data, SHA512_BLOCK_LENGTH);
00886                 SHA512_Transform(context, (sha2_word64*)context->buffer);
00887                 ADDINC128(context->bitcount, SHA512_BLOCK_LENGTH << 3);
00888                 len -= SHA512_BLOCK_LENGTH;
00889                 data += SHA512_BLOCK_LENGTH;
00890         }
00891         if (len > 0) {
00892                 /* There's left-overs, so save 'em */
00893                 MEMCPY_BCOPY(context->buffer, data, len);
00894                 ADDINC128(context->bitcount, len << 3);
00895         }
00896         /* Clean up: */
00897         usedspace = freespace = 0;
00898 }
00899 
00900 void SHA512_Last(SHA512_CTX* context) {
00901         unsigned int    usedspace;
00902 
00903         usedspace = (unsigned int)((context->bitcount[0] >> 3) % SHA512_BLOCK_LENGTH);
00904 #if BYTE_ORDER == LITTLE_ENDIAN
00905         /* Convert FROM host byte order */
00906         REVERSE64(context->bitcount[0],context->bitcount[0]);
00907         REVERSE64(context->bitcount[1],context->bitcount[1]);
00908 #endif
00909         if (usedspace > 0) {
00910                 /* Begin padding with a 1 bit: */
00911                 context->buffer[usedspace++] = 0x80;
00912 
00913                 if (usedspace <= SHA512_SHORT_BLOCK_LENGTH) {
00914                         /* Set-up for the last transform: */
00915                         MEMSET_BZERO(&context->buffer[usedspace], SHA512_SHORT_BLOCK_LENGTH - usedspace);
00916                 } else {
00917                         if (usedspace < SHA512_BLOCK_LENGTH) {
00918                                 MEMSET_BZERO(&context->buffer[usedspace], SHA512_BLOCK_LENGTH - usedspace);
00919                         }
00920                         /* Do second-to-last transform: */
00921                         SHA512_Transform(context, (sha2_word64*)context->buffer);
00922 
00923                         /* And set-up for the last transform: */
00924                         MEMSET_BZERO(context->buffer, SHA512_BLOCK_LENGTH - 2);
00925                 }
00926         } else {
00927                 /* Prepare for final transform: */
00928                 MEMSET_BZERO(context->buffer, SHA512_SHORT_BLOCK_LENGTH);
00929 
00930                 /* Begin padding with a 1 bit: */
00931                 *context->buffer = 0x80;
00932         }
00933         /* Store the length of input data (in bits): */
00934         MEMCPY_BCOPY(&context->buffer[SHA512_SHORT_BLOCK_LENGTH], &context->bitcount[1],
00935                      sizeof(sha2_word64));
00936         MEMCPY_BCOPY(&context->buffer[SHA512_SHORT_BLOCK_LENGTH+8], &context->bitcount[0],
00937                      sizeof(sha2_word64));
00938 
00939         /* Final transform: */
00940         SHA512_Transform(context, (sha2_word64*)context->buffer);
00941 }
00942 
00943 void SHA512_Final(sha2_byte digest[], SHA512_CTX* context) {
00944         sha2_word64     *d = (sha2_word64*)digest;
00945 
00946         /* Sanity check: */
00947         assert(context != (SHA512_CTX*)0);
00948 
00949         /* If no digest buffer is passed, we don't bother doing this: */
00950         if (digest != (sha2_byte*)0) {
00951                 SHA512_Last(context);
00952 
00953                 /* Save the hash data for output: */
00954 #if BYTE_ORDER == LITTLE_ENDIAN
00955                 {
00956                         /* Convert TO host byte order */
00957                         int     j;
00958                         for (j = 0; j < 8; j++) {
00959                                 REVERSE64(context->state[j],context->state[j]);
00960                                 *d++ = context->state[j];
00961                         }
00962                 }
00963 #else
00964                 MEMCPY_BCOPY(d, context->state, SHA512_DIGEST_LENGTH);
00965 #endif
00966         }
00967 
00968         /* Zero out state data */
00969         MEMSET_BZERO(context, sizeof(*context));
00970 }
00971 
00972 char *SHA512_End(SHA512_CTX* context, char buffer[]) {
00973         sha2_byte       digest[SHA512_DIGEST_LENGTH], *d = digest;
00974         int             i;
00975 
00976         /* Sanity check: */
00977         assert(context != (SHA512_CTX*)0);
00978 
00979         if (buffer != (char*)0) {
00980                 SHA512_Final(digest, context);
00981                 for (i = 0; i < SHA512_DIGEST_LENGTH; i++) {
00982                         *buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4];
00983                         *buffer++ = sha2_hex_digits[*d & 0x0f];
00984                         d++;
00985                 }
00986                 *buffer = (char)0;
00987         } else {
00988                 MEMSET_BZERO(context, sizeof(*context));
00989         }
00990         MEMSET_BZERO(digest, SHA512_DIGEST_LENGTH);
00991         return buffer;
00992 }
00993 
00994 char* SHA512_Data(const sha2_byte* data, size_t len, char digest[SHA512_DIGEST_STRING_LENGTH]) {
00995         SHA512_CTX      context;
00996 
00997         SHA512_Init(&context);
00998         SHA512_Update(&context, data, len);
00999         return SHA512_End(&context, digest);
01000 }
01001 
01002 
01003 /*** SHA-384: *********************************************************/
01004 void SHA384_Init(SHA384_CTX* context) {
01005         if (context == (SHA384_CTX*)0) {
01006                 return;
01007         }
01008         MEMCPY_BCOPY(context->state, sha384_initial_hash_value, SHA512_DIGEST_LENGTH);
01009         MEMSET_BZERO(context->buffer, SHA384_BLOCK_LENGTH);
01010         context->bitcount[0] = context->bitcount[1] = 0;
01011 }
01012 
01013 void SHA384_Update(SHA384_CTX* context, const sha2_byte* data, size_t len) {
01014         SHA512_Update((SHA512_CTX*)context, data, len);
01015 }
01016 
01017 void SHA384_Final(sha2_byte digest[], SHA384_CTX* context) {
01018         sha2_word64     *d = (sha2_word64*)digest;
01019 
01020         /* Sanity check: */
01021         assert(context != (SHA384_CTX*)0);
01022 
01023         /* If no digest buffer is passed, we don't bother doing this: */
01024         if (digest != (sha2_byte*)0) {
01025                 SHA512_Last((SHA512_CTX*)context);
01026 
01027                 /* Save the hash data for output: */
01028 #if BYTE_ORDER == LITTLE_ENDIAN
01029                 {
01030                         /* Convert TO host byte order */
01031                         int     j;
01032                         for (j = 0; j < 6; j++) {
01033                                 REVERSE64(context->state[j],context->state[j]);
01034                                 *d++ = context->state[j];
01035                         }
01036                 }
01037 #else
01038                 MEMCPY_BCOPY(d, context->state, SHA384_DIGEST_LENGTH);
01039 #endif
01040         }
01041 
01042         /* Zero out state data */
01043         MEMSET_BZERO(context, sizeof(*context));
01044 }
01045 
01046 char *SHA384_End(SHA384_CTX* context, char buffer[]) {
01047         sha2_byte       digest[SHA384_DIGEST_LENGTH], *d = digest;
01048         int             i;
01049 
01050         /* Sanity check: */
01051         assert(context != (SHA384_CTX*)0);
01052 
01053         if (buffer != (char*)0) {
01054                 SHA384_Final(digest, context);
01055                 for (i = 0; i < SHA384_DIGEST_LENGTH; i++) {
01056                         *buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4];
01057                         *buffer++ = sha2_hex_digits[*d & 0x0f];
01058                         d++;
01059                 }
01060                 *buffer = (char)0;
01061         } else {
01062                 MEMSET_BZERO(context, sizeof(*context));
01063         }
01064         MEMSET_BZERO(digest, SHA384_DIGEST_LENGTH);
01065         return buffer;
01066 }
01067 
01068 char* SHA384_Data(const sha2_byte* data, size_t len, char digest[SHA384_DIGEST_STRING_LENGTH]) {
01069         SHA384_CTX      context;
01070 
01071         SHA384_Init(&context);
01072         SHA384_Update(&context, data, len);
01073         return SHA384_End(&context, digest);
01074 }
01075 
01076