CoCalc -- sum-sha2.c

GitHub Repository: att/ast
Path: blob/master/src/lib/libsum/sum-sha2.c
¹⁸⁰⁸ views
1
#pragma prototyped
2

3
#if _typ_int64_t
4

5
/*
6
 * Aaron D. Gifford's SHA {256,384,512} code transcribed into a -lsum method
7
 * with bitcount[] order reversed to allow a single noalias buffer copy
8
 */
9

10
/*
11
 * Copyright (c) 2000-2001, Aaron D. Gifford
12
 * All rights reserved.
13
 *
14
 * Redistribution and use in source and binary forms, with or without
15
 * modification, are permitted provided that the following conditions
16
 * are met:
17
 * 1. Redistributions of source code must retain the above copyright
18
 *    notice, this list of conditions and the following disclaimer.
19
 * 2. Redistributions in binary form must reproduce the above copyright
20
 *    notice, this list of conditions and the following disclaimer in the
21
 *    documentation and/or other materials provided with the distribution.
22
 * 3. Neither the name of the copyright holder nor the names of contributors
23
 *    may be used to endorse or promote products derived from this software
24
 *    without specific prior written permission.
25
 * 
26
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTOR(S) ``AS IS'' AND
27
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
28
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
29
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTOR(S) BE LIABLE
30
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
31
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
32
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
33
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
34
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
35
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
36
 * SUCH DAMAGE.
37
 */
38

39
/*
40
 * ASSERT NOTE:
41
 * Some sanity checking code is included using assert().  On my FreeBSD
42
 * system, this additional code can be removed by compiling with NDEBUG
43
 * defined.  Check your own systems manpage on assert() to see how to
44
 * compile WITHOUT the sanity checking code on your system.
45
 *
46
 * UNROLLED TRANSFORM LOOP NOTE:
47
 * You can define SHA2_UNROLL_TRANSFORM to use the unrolled transform
48
 * loop version for the hash transform rounds (defined using macros
49
 * later in this file).  Either define on the command line, for example:
50
 *
51
 *   cc -DSHA2_UNROLL_TRANSFORM -o sha2 sha2.c sha2prog.c
52
 *
53
 * or define below:
54
 *
55
 *   #define SHA2_UNROLL_TRANSFORM
56
 *
57
 */
58

59
/*** SHA-256/384/512 Machine Architecture Definitions *****************/
60

61
#if _PACKAGE_ast
62

63
#ifndef __USE_BSD
64
#define __undef__USE_BSD
65
#define __USE_BSD
66
#endif
67
#include <endian.h>
68
#ifdef	__undef__USE_BSD
69
#undef	__undef__USE_BSD
70
#undef	__USE_BSD
71
#endif
72

73
typedef  uint8_t sha2_byte;	/* Exactly 1 byte */
74
typedef uint32_t sha2_word32;	/* Exactly 4 bytes */
75
typedef uint64_t sha2_word64;	/* Exactly 8 bytes */
76

77
#define assert(x)
78

79
#undef	R
80
#undef	S32
81
#undef	S64
82

83
#else /* _PACKAGE_ast */
84

85
/*
86
 * BYTE_ORDER NOTE:
87
 *
88
 * Please make sure that your system defines BYTE_ORDER.  If your
89
 * architecture is little-endian, make sure it also defines
90
 * LITTLE_ENDIAN and that the two (BYTE_ORDER and LITTLE_ENDIAN) are
91
 * equivilent.
92
 *
93
 * If your system does not define the above, then you can do so by
94
 * hand like this:
95
 *
96
 *   #define LITTLE_ENDIAN 1234
97
 *   #define BIG_ENDIAN    4321
98
 *
99
 * And for little-endian machines, add:
100
 *
101
 *   #define BYTE_ORDER LITTLE_ENDIAN 
102
 *
103
 * Or for big-endian machines:
104
 *
105
 *   #define BYTE_ORDER BIG_ENDIAN
106
 *
107
 * The FreeBSD machine this was written on defines BYTE_ORDER
108
 * appropriately by including <sys/types.h> (which in turn includes
109
 * <machine/endian.h> where the appropriate definitions are actually
110
 * made).
111
 */
112

113
#if !defined(BYTE_ORDER) || (BYTE_ORDER != LITTLE_ENDIAN && BYTE_ORDER != BIG_ENDIAN)
114
#error Define BYTE_ORDER to be equal to either LITTLE_ENDIAN or BIG_ENDIAN
115
#endif
116

117
/*
118
 * Define the following sha2_* types to types of the correct length on
119
 * the native archtecture.   Most BSD systems and Linux define u_intXX_t
120
 * types.  Machines with very recent ANSI C headers, can use the
121
 * uintXX_t definintions from inttypes.h by defining SHA2_USE_INTTYPES_H
122
 * during compile or in the sha.h header file.
123
 *
124
 * Machines that support neither u_intXX_t nor inttypes.h's uintXX_t
125
 * will need to define these three typedefs below (and the appropriate
126
 * ones in sha.h too) by hand according to their system architecture.
127
 *
128
 * Thank you, Jun-ichiro itojun Hagino, for suggesting using u_intXX_t
129
 * types and pointing out recent ANSI C support for uintXX_t in inttypes.h.
130
 */
131

132
#ifdef SHA2_USE_INTTYPES_H
133

134
typedef uint8_t  sha2_byte;	/* Exactly 1 byte */
135
typedef uint32_t sha2_word32;	/* Exactly 4 bytes */
136
typedef uint64_t sha2_word64;	/* Exactly 8 bytes */
137

138
#else /* SHA2_USE_INTTYPES_H */
139

140
typedef u_int8_t  sha2_byte;	/* Exactly 1 byte */
141
typedef u_int32_t sha2_word32;	/* Exactly 4 bytes */
142
typedef u_int64_t sha2_word64;	/* Exactly 8 bytes */
143

144
#endif /* SHA2_USE_INTTYPES_H */
145

146
#endif /* _PACKAGE_ast */
147

148
/*** SHA-256/384/512 Various Length Definitions ***********************/
149

150
#define SHA256_BLOCK_LENGTH		64
151
#define SHA256_DIGEST_LENGTH		32
152
#define SHA384_BLOCK_LENGTH		128
153
#define SHA384_DIGEST_LENGTH		48
154
#define SHA512_BLOCK_LENGTH		128
155
#define SHA512_DIGEST_LENGTH		64
156

157
#define SHA256_SHORT_BLOCK_LENGTH	(SHA256_BLOCK_LENGTH - 8)
158
#define SHA384_SHORT_BLOCK_LENGTH	(SHA384_BLOCK_LENGTH - 16)
159
#define SHA512_SHORT_BLOCK_LENGTH	(SHA512_BLOCK_LENGTH - 16)
160

161
/*** ENDIAN REVERSAL MACROS *******************************************/
162
#if BYTE_ORDER == LITTLE_ENDIAN
163
#define REVERSE32(w,x)	{ \
164
	sha2_word32 tmp = (w); \
165
	tmp = (tmp >> 16) | (tmp << 16); \
166
	(x) = ((tmp & 0xff00ff00UL) >> 8) | ((tmp & 0x00ff00ffUL) << 8); \
167
}
168
#if _ast_LL
169
#define REVERSE64(w,x)	{ \
170
	sha2_word64 tmp = (w); \
171
	tmp = (tmp >> 32) | (tmp << 32); \
172
	tmp = ((tmp & 0xff00ff00ff00ff00ULL) >> 8) | \
173
	      ((tmp & 0x00ff00ff00ff00ffULL) << 8); \
174
	(x) = ((tmp & 0xffff0000ffff0000ULL) >> 16) | \
175
	      ((tmp & 0x0000ffff0000ffffULL) << 16); \
176
}
177
#else
178
#define REVERSE64(w,x)	{ \
179
	sha2_word64 tmp = (w); \
180
	tmp = (tmp >> 32) | (tmp << 32); \
181
	tmp = ((tmp & ((sha2_word64)0xff00ff00ff00ff00)) >> 8) | \
182
	      ((tmp & ((sha2_word64)0x00ff00ff00ff00ff)) << 8); \
183
	(x) = ((tmp & ((sha2_word64)0xffff0000ffff0000)) >> 16) | \
184
	      ((tmp & ((sha2_word64)0x0000ffff0000ffff)) << 16); \
185
}
186
#endif
187
#endif /* BYTE_ORDER == LITTLE_ENDIAN */
188

189
/*
190
 * Macro for incrementally adding the unsigned 64-bit integer n to the
191
 * unsigned 128-bit integer (represented using a two-element array of
192
 * 64-bit words):
193
 */
194

195
#define ADDINC128(w,n)	{ \
196
	(w)[1] += (sha2_word64)(n); \
197
	if ((w)[1] < (n)) { \
198
		(w)[0]++; \
199
	} \
200
}
201

202
/*
203
 * Macros for copying blocks of memory and for zeroing out ranges
204
 * of memory.  Using these macros makes it easy to switch from
205
 * using memset()/memcpy() and using bzero()/bcopy().
206
 *
207
 * Please define either SHA2_USE_MEMSET_MEMCPY or define
208
 * SHA2_USE_BZERO_BCOPY depending on which function set you
209
 * choose to use:
210
 */
211

212
#if !defined(SHA2_USE_MEMSET_MEMCPY) && !defined(SHA2_USE_BZERO_BCOPY)
213
/* Default to memset()/memcpy() if no option is specified */
214
#define	SHA2_USE_MEMSET_MEMCPY	1
215
#endif
216
#if defined(SHA2_USE_MEMSET_MEMCPY) && defined(SHA2_USE_BZERO_BCOPY)
217
/* Abort with an error if BOTH options are defined */
218
#error Define either SHA2_USE_MEMSET_MEMCPY or SHA2_USE_BZERO_BCOPY, not both!
219
#endif
220

221
#ifdef SHA2_USE_MEMSET_MEMCPY
222
#define MEMSET_BZERO(p,l)	memset((p), 0, (l))
223
#define MEMCPY_BCOPY(d,s,l)	memcpy((d), (s), (l))
224
#endif
225
#ifdef SHA2_USE_BZERO_BCOPY
226
#define MEMSET_BZERO(p,l)	bzero((p), (l))
227
#define MEMCPY_BCOPY(d,s,l)	bcopy((s), (d), (l))
228
#endif
229

230

231
/*** THE SIX LOGICAL FUNCTIONS ****************************************/
232
/*
233
 * Bit shifting and rotation (used by the six SHA-XYZ logical functions:
234
 *
235
 *   NOTE:  The naming of R and S appears backwards here (R is a SHIFT and
236
 *   S is a ROTATION) because the SHA-256/384/512 description document
237
 *   (see http://csrc.nist.gov/cryptval/shs/sha256-384-512.pdf) uses this
238
 *   same "backwards" definition.
239
 */
240

241
/* Shift-right (used in SHA-256, SHA-384, and SHA-512): */
242
#define R(b,x) 		((x) >> (b))
243
/* 32-bit Rotate-right (used in SHA-256): */
244
#define S32(b,x)	(((x) >> (b)) | ((x) << (32 - (b))))
245
/* 64-bit Rotate-right (used in SHA-384 and SHA-512): */
246
#define S64(b,x)	(((x) >> (b)) | ((x) << (64 - (b))))
247

248
/* Two of six logical functions used in SHA-256, SHA-384, and SHA-512: */
249
#define Ch(x,y,z)	(((x) & (y)) ^ ((~(x)) & (z)))
250
#define Maj(x,y,z)	(((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
251

252
/* Four of six logical functions used in SHA-256: */
253
#define Sigma0_256(x)	(S32(2,  (x)) ^ S32(13, (x)) ^ S32(22, (x)))
254
#define Sigma1_256(x)	(S32(6,  (x)) ^ S32(11, (x)) ^ S32(25, (x)))
255
#define sigma0_256(x)	(S32(7,  (x)) ^ S32(18, (x)) ^ R(3 ,   (x)))
256
#define sigma1_256(x)	(S32(17, (x)) ^ S32(19, (x)) ^ R(10,   (x)))
257

258
/* Four of six logical functions used in SHA-384 and SHA-512: */
259
#define Sigma0_512(x)	(S64(28, (x)) ^ S64(34, (x)) ^ S64(39, (x)))
260
#define Sigma1_512(x)	(S64(14, (x)) ^ S64(18, (x)) ^ S64(41, (x)))
261
#define sigma0_512(x)	(S64( 1, (x)) ^ S64( 8, (x)) ^ R( 7,   (x)))
262
#define sigma1_512(x)	(S64(19, (x)) ^ S64(61, (x)) ^ R( 6,   (x)))
263

264
/*** SHA-XYZ INITIAL HASH VALUES AND CONSTANTS ************************/
265
/* Hash constant words K for SHA-256: */
266
static const sha2_word32 K256[64] = {
267
	0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL,
268
	0x3956c25bUL, 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL,
269
	0xd807aa98UL, 0x12835b01UL, 0x243185beUL, 0x550c7dc3UL,
270
	0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL, 0xc19bf174UL,
271
	0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL,
272
	0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL,
273
	0x983e5152UL, 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL,
274
	0xc6e00bf3UL, 0xd5a79147UL, 0x06ca6351UL, 0x14292967UL,
275
	0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL, 0x53380d13UL,
276
	0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL,
277
	0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL,
278
	0xd192e819UL, 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL,
279
	0x19a4c116UL, 0x1e376c08UL, 0x2748774cUL, 0x34b0bcb5UL,
280
	0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL, 0x682e6ff3UL,
281
	0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL,
282
	0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL
283
};
284

285
/* Initial hash value H for SHA-256: */
286
static const sha2_word32 sha256_initial_hash_value[8] = {
287
	0x6a09e667UL,
288
	0xbb67ae85UL,
289
	0x3c6ef372UL,
290
	0xa54ff53aUL,
291
	0x510e527fUL,
292
	0x9b05688cUL,
293
	0x1f83d9abUL,
294
	0x5be0cd19UL
295
};
296

297
/* Hash constant words K for SHA-384 and SHA-512: */
298
static const sha2_word64 K512[80] = {
299
#if _ast_LL
300
	0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL,
301
	0xb5c0fbcfec4d3b2fULL, 0xe9b5dba58189dbbcULL,
302
	0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL,
303
	0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL,
304
	0xd807aa98a3030242ULL, 0x12835b0145706fbeULL,
305
	0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL,
306
	0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL,
307
	0x9bdc06a725c71235ULL, 0xc19bf174cf692694ULL,
308
	0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL,
309
	0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL,
310
	0x2de92c6f592b0275ULL, 0x4a7484aa6ea6e483ULL,
311
	0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL,
312
	0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL,
313
	0xb00327c898fb213fULL, 0xbf597fc7beef0ee4ULL,
314
	0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL,
315
	0x06ca6351e003826fULL, 0x142929670a0e6e70ULL,
316
	0x27b70a8546d22ffcULL, 0x2e1b21385c26c926ULL,
317
	0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL,
318
	0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL,
319
	0x81c2c92e47edaee6ULL, 0x92722c851482353bULL,
320
	0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL,
321
	0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL,
322
	0xd192e819d6ef5218ULL, 0xd69906245565a910ULL,
323
	0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL,
324
	0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL,
325
	0x2748774cdf8eeb99ULL, 0x34b0bcb5e19b48a8ULL,
326
	0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL,
327
	0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL,
328
	0x748f82ee5defb2fcULL, 0x78a5636f43172f60ULL,
329
	0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL,
330
	0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL,
331
	0xbef9a3f7b2c67915ULL, 0xc67178f2e372532bULL,
332
	0xca273eceea26619cULL, 0xd186b8c721c0c207ULL,
333
	0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL,
334
	0x06f067aa72176fbaULL, 0x0a637dc5a2c898a6ULL,
335
	0x113f9804bef90daeULL, 0x1b710b35131c471bULL,
336
	0x28db77f523047d84ULL, 0x32caab7b40c72493ULL,
337
	0x3c9ebe0a15c9bebcULL, 0x431d67c49c100d4cULL,
338
	0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL,
339
	0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL
340
#else
341
	((sha2_word64)0x428a2f98d728ae22), ((sha2_word64)0x7137449123ef65cd),
342
	((sha2_word64)0xb5c0fbcfec4d3b2f), ((sha2_word64)0xe9b5dba58189dbbc),
343
	((sha2_word64)0x3956c25bf348b538), ((sha2_word64)0x59f111f1b605d019),
344
	((sha2_word64)0x923f82a4af194f9b), ((sha2_word64)0xab1c5ed5da6d8118),
345
	((sha2_word64)0xd807aa98a3030242), ((sha2_word64)0x12835b0145706fbe),
346
	((sha2_word64)0x243185be4ee4b28c), ((sha2_word64)0x550c7dc3d5ffb4e2),
347
	((sha2_word64)0x72be5d74f27b896f), ((sha2_word64)0x80deb1fe3b1696b1),
348
	((sha2_word64)0x9bdc06a725c71235), ((sha2_word64)0xc19bf174cf692694),
349
	((sha2_word64)0xe49b69c19ef14ad2), ((sha2_word64)0xefbe4786384f25e3),
350
	((sha2_word64)0x0fc19dc68b8cd5b5), ((sha2_word64)0x240ca1cc77ac9c65),
351
	((sha2_word64)0x2de92c6f592b0275), ((sha2_word64)0x4a7484aa6ea6e483),
352
	((sha2_word64)0x5cb0a9dcbd41fbd4), ((sha2_word64)0x76f988da831153b5),
353
	((sha2_word64)0x983e5152ee66dfab), ((sha2_word64)0xa831c66d2db43210),
354
	((sha2_word64)0xb00327c898fb213f), ((sha2_word64)0xbf597fc7beef0ee4),
355
	((sha2_word64)0xc6e00bf33da88fc2), ((sha2_word64)0xd5a79147930aa725),
356
	((sha2_word64)0x06ca6351e003826f), ((sha2_word64)0x142929670a0e6e70),
357
	((sha2_word64)0x27b70a8546d22ffc), ((sha2_word64)0x2e1b21385c26c926),
358
	((sha2_word64)0x4d2c6dfc5ac42aed), ((sha2_word64)0x53380d139d95b3df),
359
	((sha2_word64)0x650a73548baf63de), ((sha2_word64)0x766a0abb3c77b2a8),
360
	((sha2_word64)0x81c2c92e47edaee6), ((sha2_word64)0x92722c851482353b),
361
	((sha2_word64)0xa2bfe8a14cf10364), ((sha2_word64)0xa81a664bbc423001),
362
	((sha2_word64)0xc24b8b70d0f89791), ((sha2_word64)0xc76c51a30654be30),
363
	((sha2_word64)0xd192e819d6ef5218), ((sha2_word64)0xd69906245565a910),
364
	((sha2_word64)0xf40e35855771202a), ((sha2_word64)0x106aa07032bbd1b8),
365
	((sha2_word64)0x19a4c116b8d2d0c8), ((sha2_word64)0x1e376c085141ab53),
366
	((sha2_word64)0x2748774cdf8eeb99), ((sha2_word64)0x34b0bcb5e19b48a8),
367
	((sha2_word64)0x391c0cb3c5c95a63), ((sha2_word64)0x4ed8aa4ae3418acb),
368
	((sha2_word64)0x5b9cca4f7763e373), ((sha2_word64)0x682e6ff3d6b2b8a3),
369
	((sha2_word64)0x748f82ee5defb2fc), ((sha2_word64)0x78a5636f43172f60),
370
	((sha2_word64)0x84c87814a1f0ab72), ((sha2_word64)0x8cc702081a6439ec),
371
	((sha2_word64)0x90befffa23631e28), ((sha2_word64)0xa4506cebde82bde9),
372
	((sha2_word64)0xbef9a3f7b2c67915), ((sha2_word64)0xc67178f2e372532b),
373
	((sha2_word64)0xca273eceea26619c), ((sha2_word64)0xd186b8c721c0c207),
374
	((sha2_word64)0xeada7dd6cde0eb1e), ((sha2_word64)0xf57d4f7fee6ed178),
375
	((sha2_word64)0x06f067aa72176fba), ((sha2_word64)0x0a637dc5a2c898a6),
376
	((sha2_word64)0x113f9804bef90dae), ((sha2_word64)0x1b710b35131c471b),
377
	((sha2_word64)0x28db77f523047d84), ((sha2_word64)0x32caab7b40c72493),
378
	((sha2_word64)0x3c9ebe0a15c9bebc), ((sha2_word64)0x431d67c49c100d4c),
379
	((sha2_word64)0x4cc5d4becb3e42b6), ((sha2_word64)0x597f299cfc657e2a),
380
	((sha2_word64)0x5fcb6fab3ad6faec), ((sha2_word64)0x6c44198c4a475817)
381
#endif
382
};
383

384
/* Initial hash value H for SHA-384 */
385
static const sha2_word64 sha384_initial_hash_value[8] = {
386
#if _ast_LL
387
	0xcbbb9d5dc1059ed8ULL,
388
	0x629a292a367cd507ULL,
389
	0x9159015a3070dd17ULL,
390
	0x152fecd8f70e5939ULL,
391
	0x67332667ffc00b31ULL,
392
	0x8eb44a8768581511ULL,
393
	0xdb0c2e0d64f98fa7ULL,
394
	0x47b5481dbefa4fa4ULL
395
#else
396
	((sha2_word64)0xcbbb9d5dc1059ed8),
397
	((sha2_word64)0x629a292a367cd507),
398
	((sha2_word64)0x9159015a3070dd17),
399
	((sha2_word64)0x152fecd8f70e5939),
400
	((sha2_word64)0x67332667ffc00b31),
401
	((sha2_word64)0x8eb44a8768581511),
402
	((sha2_word64)0xdb0c2e0d64f98fa7),
403
	((sha2_word64)0x47b5481dbefa4fa4)
404
#endif
405
};
406

407
/* Initial hash value H for SHA-512 */
408
static const sha2_word64 sha512_initial_hash_value[8] = {
409
#if _ast_LL
410
	0x6a09e667f3bcc908ULL,
411
	0xbb67ae8584caa73bULL,
412
	0x3c6ef372fe94f82bULL,
413
	0xa54ff53a5f1d36f1ULL,
414
	0x510e527fade682d1ULL,
415
	0x9b05688c2b3e6c1fULL,
416
	0x1f83d9abfb41bd6bULL,
417
	0x5be0cd19137e2179ULL
418
#else
419
	((sha2_word64)0x6a09e667f3bcc908),
420
	((sha2_word64)0xbb67ae8584caa73b),
421
	((sha2_word64)0x3c6ef372fe94f82b),
422
	((sha2_word64)0xa54ff53a5f1d36f1),
423
	((sha2_word64)0x510e527fade682d1),
424
	((sha2_word64)0x9b05688c2b3e6c1f),
425
	((sha2_word64)0x1f83d9abfb41bd6b),
426
	((sha2_word64)0x5be0cd19137e2179)
427
#endif
428
};
429

430
/*** SHA-256: *********************************************************/
431

432
#define sha256_description "FIPS SHA-256 secure hash algorithm."
433
#define sha256_options	"\
434
[+(version)?sha-256 (FIPS) 2000-01-01]\
435
[+(author)?Aaron D. Gifford]\
436
"
437
#define sha256_match	"sha256|sha-256|SHA256|SHA-256"
438
#define sha256_scale	0
439

440
#define sha256_padding	md5_pad
441

442
#define SHA256_CTX	Sha256_t
443

444
typedef struct Sha256_s
445
{
446
	_SUM_PUBLIC_
447
	_SUM_PRIVATE_
448
	sha2_byte	digest[SHA256_DIGEST_LENGTH];
449
	sha2_byte	digest_sum[SHA256_DIGEST_LENGTH];
450
	sha2_word32	state[8];
451
	sha2_word64	bitcount;
452
	sha2_byte	buffer[SHA256_BLOCK_LENGTH];
453
} Sha256_t;
454

455
#ifdef SHA2_UNROLL_TRANSFORM
456

457
/* Unrolled SHA-256 round macros: */
458

459
#if BYTE_ORDER == LITTLE_ENDIAN
460

461
#define ROUND256_0_TO_15(a,b,c,d,e,f,g,h)	\
462
	REVERSE32(*data++, W256[j]); \
463
	T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + \
464
             K256[j] + W256[j]; \
465
	(d) += T1; \
466
	(h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \
467
	j++
468

469

470
#else /* BYTE_ORDER == LITTLE_ENDIAN */
471

472
#define ROUND256_0_TO_15(a,b,c,d,e,f,g,h)	\
473
	T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + \
474
	     K256[j] + (W256[j] = *data++); \
475
	(d) += T1; \
476
	(h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \
477
	j++
478

479
#endif /* BYTE_ORDER == LITTLE_ENDIAN */
480

481
#define ROUND256(a,b,c,d,e,f,g,h)	\
482
	s0 = W256[(j+1)&0x0f]; \
483
	s0 = sigma0_256(s0); \
484
	s1 = W256[(j+14)&0x0f]; \
485
	s1 = sigma1_256(s1); \
486
	T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + K256[j] + \
487
	     (W256[j&0x0f] += s1 + W256[(j+9)&0x0f] + s0); \
488
	(d) += T1; \
489
	(h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \
490
	j++
491

492
static void SHA256_Transform(SHA256_CTX* sha, const sha2_word32* data) {
493
	sha2_word32	a, b, c, d, e, f, g, h, s0, s1;
494
	sha2_word32	T1, *W256;
495
	int		j;
496

497
	W256 = (sha2_word32*)sha->buffer;
498

499
	/* Initialize registers with the prev. intermediate value */
500
	a = sha->state[0];
501
	b = sha->state[1];
502
	c = sha->state[2];
503
	d = sha->state[3];
504
	e = sha->state[4];
505
	f = sha->state[5];
506
	g = sha->state[6];
507
	h = sha->state[7];
508

509
	j = 0;
510
	do {
511
		/* Rounds 0 to 15 (unrolled): */
512
		ROUND256_0_TO_15(a,b,c,d,e,f,g,h);
513
		ROUND256_0_TO_15(h,a,b,c,d,e,f,g);
514
		ROUND256_0_TO_15(g,h,a,b,c,d,e,f);
515
		ROUND256_0_TO_15(f,g,h,a,b,c,d,e);
516
		ROUND256_0_TO_15(e,f,g,h,a,b,c,d);
517
		ROUND256_0_TO_15(d,e,f,g,h,a,b,c);
518
		ROUND256_0_TO_15(c,d,e,f,g,h,a,b);
519
		ROUND256_0_TO_15(b,c,d,e,f,g,h,a);
520
	} while (j < 16);
521

522
	/* Now for the remaining rounds to 64: */
523
	do {
524
		ROUND256(a,b,c,d,e,f,g,h);
525
		ROUND256(h,a,b,c,d,e,f,g);
526
		ROUND256(g,h,a,b,c,d,e,f);
527
		ROUND256(f,g,h,a,b,c,d,e);
528
		ROUND256(e,f,g,h,a,b,c,d);
529
		ROUND256(d,e,f,g,h,a,b,c);
530
		ROUND256(c,d,e,f,g,h,a,b);
531
		ROUND256(b,c,d,e,f,g,h,a);
532
	} while (j < 64);
533

534
	/* Compute the current intermediate hash value */
535
	sha->state[0] += a;
536
	sha->state[1] += b;
537
	sha->state[2] += c;
538
	sha->state[3] += d;
539
	sha->state[4] += e;
540
	sha->state[5] += f;
541
	sha->state[6] += g;
542
	sha->state[7] += h;
543

544
	/* Clean up */
545
	a = b = c = d = e = f = g = h = T1 = 0;
546
}
547

548
#else /* SHA2_UNROLL_TRANSFORM */
549

550
static void SHA256_Transform(SHA256_CTX* sha, const sha2_word32* data) {
551
	sha2_word32	a, b, c, d, e, f, g, h, s0, s1;
552
	sha2_word32	T1, T2, *W256;
553
	int		j;
554

555
	W256 = (sha2_word32*)sha->buffer;
556

557
	/* Initialize registers with the prev. intermediate value */
558
	a = sha->state[0];
559
	b = sha->state[1];
560
	c = sha->state[2];
561
	d = sha->state[3];
562
	e = sha->state[4];
563
	f = sha->state[5];
564
	g = sha->state[6];
565
	h = sha->state[7];
566

567
	j = 0;
568
	do {
569
#if BYTE_ORDER == LITTLE_ENDIAN
570
		/* Copy data while converting to host byte order */
571
		REVERSE32(*data++,W256[j]);
572
		/* Apply the SHA-256 compression function to update a..h */
573
		T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + W256[j];
574
#else /* BYTE_ORDER == LITTLE_ENDIAN */
575
		/* Apply the SHA-256 compression function to update a..h with copy */
576
		T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + (W256[j] = *data++);
577
#endif /* BYTE_ORDER == LITTLE_ENDIAN */
578
		T2 = Sigma0_256(a) + Maj(a, b, c);
579
		h = g;
580
		g = f;
581
		f = e;
582
		e = d + T1;
583
		d = c;
584
		c = b;
585
		b = a;
586
		a = T1 + T2;
587

588
		j++;
589
	} while (j < 16);
590

591
	do {
592
		/* Part of the message block expansion: */
593
		s0 = W256[(j+1)&0x0f];
594
		s0 = sigma0_256(s0);
595
		s1 = W256[(j+14)&0x0f];	
596
		s1 = sigma1_256(s1);
597

598
		/* Apply the SHA-256 compression function to update a..h */
599
		T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + 
600
		     (W256[j&0x0f] += s1 + W256[(j+9)&0x0f] + s0);
601
		T2 = Sigma0_256(a) + Maj(a, b, c);
602
		h = g;
603
		g = f;
604
		f = e;
605
		e = d + T1;
606
		d = c;
607
		c = b;
608
		b = a;
609
		a = T1 + T2;
610

611
		j++;
612
	} while (j < 64);
613

614
	/* Compute the current intermediate hash value */
615
	sha->state[0] += a;
616
	sha->state[1] += b;
617
	sha->state[2] += c;
618
	sha->state[3] += d;
619
	sha->state[4] += e;
620
	sha->state[5] += f;
621
	sha->state[6] += g;
622
	sha->state[7] += h;
623

624
	/* Clean up */
625
	a = b = c = d = e = f = g = h = T1 = T2 = 0;
626
}
627

628
#endif /* SHA2_UNROLL_TRANSFORM */
629

630
static int
631
sha256_block(register Sum_t* p, const void* s, size_t len)
632
{
633
	Sha256_t*	sha = (Sha256_t*)p;
634
	sha2_byte*	data = (sha2_byte*)s;
635
	unsigned int	freespace, usedspace;
636

637
	if (!len)
638
		return 0;
639
	usedspace = (sha->bitcount >> 3) % SHA256_BLOCK_LENGTH;
640
	if (usedspace > 0) {
641
		/* Calculate how much free space is available in the buffer */
642
		freespace = SHA256_BLOCK_LENGTH - usedspace;
643

644
		if (len >= freespace) {
645
			/* Fill the buffer completely and process it */
646
			MEMCPY_BCOPY(&sha->buffer[usedspace], data, freespace);
647
			sha->bitcount += freespace << 3;
648
			len -= freespace;
649
			data += freespace;
650
			SHA256_Transform(sha, (sha2_word32*)sha->buffer);
651
		} else {
652
			/* The buffer is not yet full */
653
			MEMCPY_BCOPY(&sha->buffer[usedspace], data, len);
654
			sha->bitcount += len << 3;
655
			/* Clean up: */
656
			usedspace = freespace = 0;
657
			return 0;
658
		}
659
	}
660
	while (len >= SHA256_BLOCK_LENGTH) {
661
		/* Process as many complete blocks as we can */
662
		SHA256_Transform(sha, (sha2_word32*)data);
663
		sha->bitcount += SHA256_BLOCK_LENGTH << 3;
664
		len -= SHA256_BLOCK_LENGTH;
665
		data += SHA256_BLOCK_LENGTH;
666
	}
667
	if (len > 0) {
668
		/* There's left-overs, so save 'em */
669
		MEMCPY_BCOPY(sha->buffer, data, len);
670
		sha->bitcount += len << 3;
671
	}
672
	/* Clean up: */
673
	usedspace = freespace = 0;
674

675
	return 0;
676
}
677

678
static int
679
sha256_init(Sum_t* p)
680
{
681
	register Sha256_t*	sha = (Sha256_t*)p;
682

683
	MEMCPY_BCOPY(sha->state, sha256_initial_hash_value, SHA256_DIGEST_LENGTH);
684
	MEMSET_BZERO(sha->buffer, SHA256_BLOCK_LENGTH);
685
	sha->bitcount = 0;
686

687
	return 0;
688
}
689

690
static Sum_t*
691
sha256_open(const Method_t* method, const char* name)
692
{
693
	Sha256_t*	sha;
694

695
	if (sha = newof(0, Sha256_t, 1, 0))
696
	{
697
		sha->method = (Method_t*)method;
698
		sha->name = name;
699
		sha256_init((Sum_t*)sha);
700
	}
701
	return (Sum_t*)sha;
702
}
703

704
static int
705
sha256_done(Sum_t* p)
706
{
707
	Sha256_t*	sha = (Sha256_t*)p;
708
	unsigned int	usedspace;
709
	register int	i;
710

711
	/* Sanity check: */
712
	assert(sha != (SHA256_CTX*)0);
713

714
	usedspace = (sha->bitcount >> 3) % SHA256_BLOCK_LENGTH;
715
#if BYTE_ORDER == LITTLE_ENDIAN
716
	/* Convert FROM host byte order */
717
	REVERSE64(sha->bitcount,sha->bitcount);
718
#endif
719
	if (usedspace > 0) {
720
		/* Begin padding with a 1 bit: */
721
		sha->buffer[usedspace++] = 0x80;
722

723
		if (usedspace <= SHA256_SHORT_BLOCK_LENGTH) {
724
			/* Set-up for the last transform: */
725
			MEMSET_BZERO(&sha->buffer[usedspace], SHA256_SHORT_BLOCK_LENGTH - usedspace);
726
		} else {
727
			if (usedspace < SHA256_BLOCK_LENGTH) {
728
				MEMSET_BZERO(&sha->buffer[usedspace], SHA256_BLOCK_LENGTH - usedspace);
729
			}
730
			/* Do second-to-last transform: */
731
			SHA256_Transform(sha, (sha2_word32*)sha->buffer);
732

733
			/* And set-up for the last transform: */
734
			MEMSET_BZERO(sha->buffer, SHA256_SHORT_BLOCK_LENGTH);
735
		}
736
	} else {
737
		/* Set-up for the last transform: */
738
		MEMSET_BZERO(sha->buffer, SHA256_SHORT_BLOCK_LENGTH);
739

740
		/* Begin padding with a 1 bit: */
741
		*sha->buffer = 0x80;
742
	}
743
	/* Store the length of input data (in bits): */
744
	MEMCPY_BCOPY(&sha->buffer[SHA256_SHORT_BLOCK_LENGTH], &sha->bitcount, 8);
745

746
	/* Final transform: */
747
	SHA256_Transform(sha, (sha2_word32*)sha->buffer);
748

749
#if BYTE_ORDER == LITTLE_ENDIAN
750
	{
751
		/* Convert TO host byte order */
752
		int		j;
753
		sha2_word32*	d = (sha2_word32*)sha->digest;
754
		for (j = 0; j < 8; j++) {
755
			REVERSE32(sha->state[j],sha->state[j]);
756
			*d++ = sha->state[j];
757
		}
758
	}
759
#else
760
	MEMCPY_BCOPY(sha->digest, sha->state, SHA256_DIGEST_LENGTH);
761
#endif
762

763
	/* accumulate the digests */
764
	for (i = 0; i < SHA256_DIGEST_LENGTH; i++)
765
		sha->digest_sum[i] ^= sha->digest[i];
766

767
	/* Clean up state data: */
768
	MEMSET_BZERO(&sha->state, sizeof(*sha) - offsetof(Sha256_t, state));
769
	usedspace = 0;
770

771
	return 0;
772
}
773

774
static int
775
sha256_print(Sum_t* p, Sfio_t* sp, register int flags, size_t scale)
776
{
777
	register Sha256_t*	sha = (Sha256_t*)p;
778
	register sha2_byte*	d;
779
	register sha2_byte*	e;
780

781
	d = (flags & SUM_TOTAL) ? sha->digest_sum : sha->digest;
782
	e = d + SHA256_DIGEST_LENGTH;
783
	while (d < e)
784
		sfprintf(sp, "%02x", *d++);
785
	return 0;
786
}
787

788
static int
789
sha256_data(Sum_t* p, Sumdata_t* data)
790
{
791
	register Sha256_t*	sha = (Sha256_t*)p;
792

793
	data->size = SHA256_DIGEST_LENGTH;
794
	data->num = 0;
795
	data->buf = sha->digest;
796
	return 0;
797
}
798

799
/*** SHA-512: *********************************************************/
800

801
#define sha512_description "FIPS SHA-512 secure hash algorithm."
802
#define sha512_options	"\
803
[+(version)?sha-512 (FIPS) 2000-01-01]\
804
[+(author)?Aaron D. Gifford]\
805
"
806
#define sha512_match	"sha512|sha-512|SHA512|SHA-512"
807
#define sha512_scale	0
808

809
#define sha512_padding	md5_pad
810

811
#define SHA512_CTX	Sha512_t
812

813
typedef struct Sha512_s
814
{
815
	_SUM_PUBLIC_
816
	_SUM_PRIVATE_
817
	sha2_byte	digest[SHA512_DIGEST_LENGTH];
818
	sha2_byte	digest_sum[SHA512_DIGEST_LENGTH];
819
	sha2_word64	state[8];
820
	sha2_word64	bitcount[2];
821
	sha2_byte	buffer[SHA512_BLOCK_LENGTH];
822
} Sha512_t;
823

824
#ifdef SHA2_UNROLL_TRANSFORM
825

826
/* Unrolled SHA-512 round macros: */
827
#if BYTE_ORDER == LITTLE_ENDIAN
828

829
#define ROUND512_0_TO_15(a,b,c,d,e,f,g,h)	\
830
	REVERSE64(*data++, W512[j]); \
831
	T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + \
832
             K512[j] + W512[j]; \
833
	(d) += T1, \
834
	(h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)), \
835
	j++
836

837

838
#else /* BYTE_ORDER == LITTLE_ENDIAN */
839

840
#define ROUND512_0_TO_15(a,b,c,d,e,f,g,h)	\
841
	T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + \
842
             K512[j] + (W512[j] = *data++); \
843
	(d) += T1; \
844
	(h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)); \
845
	j++
846

847
#endif /* BYTE_ORDER == LITTLE_ENDIAN */
848

849
#define ROUND512(a,b,c,d,e,f,g,h)	\
850
	s0 = W512[(j+1)&0x0f]; \
851
	s0 = sigma0_512(s0); \
852
	s1 = W512[(j+14)&0x0f]; \
853
	s1 = sigma1_512(s1); \
854
	T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + K512[j] + \
855
             (W512[j&0x0f] += s1 + W512[(j+9)&0x0f] + s0); \
856
	(d) += T1; \
857
	(h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)); \
858
	j++
859

860
static void SHA512_Transform(SHA512_CTX* sha, const sha2_word64* data) {
861
	sha2_word64	a, b, c, d, e, f, g, h, s0, s1;
862
	sha2_word64	T1, *W512 = (sha2_word64*)sha->buffer;
863
	int		j;
864

865
	/* Initialize registers with the prev. intermediate value */
866
	a = sha->state[0];
867
	b = sha->state[1];
868
	c = sha->state[2];
869
	d = sha->state[3];
870
	e = sha->state[4];
871
	f = sha->state[5];
872
	g = sha->state[6];
873
	h = sha->state[7];
874

875
	j = 0;
876
	do {
877
		ROUND512_0_TO_15(a,b,c,d,e,f,g,h);
878
		ROUND512_0_TO_15(h,a,b,c,d,e,f,g);
879
		ROUND512_0_TO_15(g,h,a,b,c,d,e,f);
880
		ROUND512_0_TO_15(f,g,h,a,b,c,d,e);
881
		ROUND512_0_TO_15(e,f,g,h,a,b,c,d);
882
		ROUND512_0_TO_15(d,e,f,g,h,a,b,c);
883
		ROUND512_0_TO_15(c,d,e,f,g,h,a,b);
884
		ROUND512_0_TO_15(b,c,d,e,f,g,h,a);
885
	} while (j < 16);
886

887
	/* Now for the remaining rounds up to 79: */
888
	do {
889
		ROUND512(a,b,c,d,e,f,g,h);
890
		ROUND512(h,a,b,c,d,e,f,g);
891
		ROUND512(g,h,a,b,c,d,e,f);
892
		ROUND512(f,g,h,a,b,c,d,e);
893
		ROUND512(e,f,g,h,a,b,c,d);
894
		ROUND512(d,e,f,g,h,a,b,c);
895
		ROUND512(c,d,e,f,g,h,a,b);
896
		ROUND512(b,c,d,e,f,g,h,a);
897
	} while (j < 80);
898

899
	/* Compute the current intermediate hash value */
900
	sha->state[0] += a;
901
	sha->state[1] += b;
902
	sha->state[2] += c;
903
	sha->state[3] += d;
904
	sha->state[4] += e;
905
	sha->state[5] += f;
906
	sha->state[6] += g;
907
	sha->state[7] += h;
908

909
	/* Clean up */
910
	a = b = c = d = e = f = g = h = T1 = 0;
911
}
912

913
#else /* SHA2_UNROLL_TRANSFORM */
914

915
static void SHA512_Transform(SHA512_CTX* sha, const sha2_word64* data) {
916
	sha2_word64	a, b, c, d, e, f, g, h, s0, s1;
917
	sha2_word64	T1, T2, *W512 = (sha2_word64*)sha->buffer;
918
	int		j;
919

920
	/* Initialize registers with the prev. intermediate value */
921
	a = sha->state[0];
922
	b = sha->state[1];
923
	c = sha->state[2];
924
	d = sha->state[3];
925
	e = sha->state[4];
926
	f = sha->state[5];
927
	g = sha->state[6];
928
	h = sha->state[7];
929

930
	j = 0;
931
	do {
932
#if BYTE_ORDER == LITTLE_ENDIAN
933
		/* Convert TO host byte order */
934
		REVERSE64(*data++, W512[j]);
935
		/* Apply the SHA-512 compression function to update a..h */
936
		T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + W512[j];
937
#else /* BYTE_ORDER == LITTLE_ENDIAN */
938
		/* Apply the SHA-512 compression function to update a..h with copy */
939
		T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + (W512[j] = *data++);
940
#endif /* BYTE_ORDER == LITTLE_ENDIAN */
941
		T2 = Sigma0_512(a) + Maj(a, b, c);
942
		h = g;
943
		g = f;
944
		f = e;
945
		e = d + T1;
946
		d = c;
947
		c = b;
948
		b = a;
949
		a = T1 + T2;
950

951
		j++;
952
	} while (j < 16);
953

954
	do {
955
		/* Part of the message block expansion: */
956
		s0 = W512[(j+1)&0x0f];
957
		s0 = sigma0_512(s0);
958
		s1 = W512[(j+14)&0x0f];
959
		s1 =  sigma1_512(s1);
960

961
		/* Apply the SHA-512 compression function to update a..h */
962
		T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] +
963
		     (W512[j&0x0f] += s1 + W512[(j+9)&0x0f] + s0);
964
		T2 = Sigma0_512(a) + Maj(a, b, c);
965
		h = g;
966
		g = f;
967
		f = e;
968
		e = d + T1;
969
		d = c;
970
		c = b;
971
		b = a;
972
		a = T1 + T2;
973

974
		j++;
975
	} while (j < 80);
976

977
	/* Compute the current intermediate hash value */
978
	sha->state[0] += a;
979
	sha->state[1] += b;
980
	sha->state[2] += c;
981
	sha->state[3] += d;
982
	sha->state[4] += e;
983
	sha->state[5] += f;
984
	sha->state[6] += g;
985
	sha->state[7] += h;
986

987
	/* Clean up */
988
	a = b = c = d = e = f = g = h = T1 = T2 = 0;
989
}
990

991
#endif /* SHA2_UNROLL_TRANSFORM */
992

993
static int
994
sha512_block(register Sum_t* p, const void* s, size_t len)
995
{
996
	Sha512_t*	sha = (Sha512_t*)p;
997
	sha2_byte*	data = (sha2_byte*)s;
998
	unsigned int	freespace, usedspace;
999

1000
	if (!len)
1001
		return 0;
1002
	usedspace = (sha->bitcount[1] >> 3) % SHA512_BLOCK_LENGTH;
1003
	if (usedspace > 0) {
1004
		/* Calculate how much free space is available in the buffer */
1005
		freespace = SHA512_BLOCK_LENGTH - usedspace;
1006

1007
		if (len >= freespace) {
1008
			/* Fill the buffer completely and process it */
1009
			MEMCPY_BCOPY(&sha->buffer[usedspace], data, freespace);
1010
			ADDINC128(sha->bitcount, freespace << 3);
1011
			len -= freespace;
1012
			data += freespace;
1013
			SHA512_Transform(sha, (sha2_word64*)sha->buffer);
1014
		} else {
1015
			/* The buffer is not yet full */
1016
			MEMCPY_BCOPY(&sha->buffer[usedspace], data, len);
1017
			ADDINC128(sha->bitcount, len << 3);
1018
			/* Clean up: */
1019
			usedspace = freespace = 0;
1020
			return 0;
1021
		}
1022
	}
1023
	while (len >= SHA512_BLOCK_LENGTH) {
1024
		/* Process as many complete blocks as we can */
1025
		SHA512_Transform(sha, (sha2_word64*)data);
1026
		ADDINC128(sha->bitcount, SHA512_BLOCK_LENGTH << 3);
1027
		len -= SHA512_BLOCK_LENGTH;
1028
		data += SHA512_BLOCK_LENGTH;
1029
	}
1030
	if (len > 0) {
1031
		/* There's left-overs, so save 'em */
1032
		MEMCPY_BCOPY(sha->buffer, data, len);
1033
		ADDINC128(sha->bitcount, len << 3);
1034
	}
1035
	/* Clean up: */
1036
	usedspace = freespace = 0;
1037

1038
	return 0;
1039
}
1040

1041
static int
1042
sha512_init(Sum_t* p)
1043
{
1044
	register Sha512_t*	sha = (Sha512_t*)p;
1045

1046
	MEMCPY_BCOPY(sha->state, sha512_initial_hash_value, SHA512_DIGEST_LENGTH);
1047
	MEMSET_BZERO(sha->buffer, SHA512_BLOCK_LENGTH);
1048
	sha->bitcount[0] = sha->bitcount[1] =  0;
1049

1050
	return 0;
1051
}
1052

1053
static Sum_t*
1054
sha512_open(const Method_t* method, const char* name)
1055
{
1056
	Sha512_t*	sha;
1057

1058
	if (sha = newof(0, Sha512_t, 1, 0))
1059
	{
1060
		sha->method = (Method_t*)method;
1061
		sha->name = name;
1062
		sha512_init((Sum_t*)sha);
1063
	}
1064
	return (Sum_t*)sha;
1065
}
1066

1067
static int
1068
sha512_done(Sum_t* p)
1069
{
1070
	Sha512_t*	sha = (Sha512_t*)p;
1071
	unsigned int	usedspace;
1072
	register int	i;
1073

1074
	usedspace = (sha->bitcount[1] >> 3) % SHA512_BLOCK_LENGTH;
1075
#if BYTE_ORDER == LITTLE_ENDIAN
1076
	/* Convert FROM host byte order */
1077
	REVERSE64(sha->bitcount[0],sha->bitcount[0]);
1078
	REVERSE64(sha->bitcount[1],sha->bitcount[1]);
1079
#endif
1080
	if (usedspace > 0) {
1081
		/* Begin padding with a 1 bit: */
1082
		sha->buffer[usedspace++] = 0x80;
1083

1084
		if (usedspace <= SHA512_SHORT_BLOCK_LENGTH) {
1085
			/* Set-up for the last transform: */
1086
			MEMSET_BZERO(&sha->buffer[usedspace], SHA512_SHORT_BLOCK_LENGTH - usedspace);
1087
		} else {
1088
			if (usedspace < SHA512_BLOCK_LENGTH) {
1089
				MEMSET_BZERO(&sha->buffer[usedspace], SHA512_BLOCK_LENGTH - usedspace);
1090
			}
1091
			/* Do second-to-last transform: */
1092
			SHA512_Transform(sha, (sha2_word64*)sha->buffer);
1093

1094
			/* And set-up for the last transform: */
1095
			MEMSET_BZERO(sha->buffer, SHA512_BLOCK_LENGTH - 2);
1096
		}
1097
	} else {
1098
		/* Prepare for final transform: */
1099
		MEMSET_BZERO(sha->buffer, SHA512_SHORT_BLOCK_LENGTH);
1100

1101
		/* Begin padding with a 1 bit: */
1102
		*sha->buffer = 0x80;
1103
	}
1104
	/* Store the length of input data (in bits): */
1105
	MEMCPY_BCOPY(&sha->buffer[SHA512_SHORT_BLOCK_LENGTH], &sha->bitcount[0], 16);
1106

1107
	/* Final transform: */
1108
	SHA512_Transform(sha, (sha2_word64*)sha->buffer);
1109

1110
#if BYTE_ORDER == LITTLE_ENDIAN
1111
	{
1112
		/* Convert TO host byte order */
1113
		sha2_word64*	d = (sha2_word64*)sha->digest;
1114
		int		j;
1115
		for (j = 0; j < 8; j++) {
1116
			REVERSE64(sha->state[j],sha->state[j]);
1117
			*d++ = sha->state[j];
1118
		}
1119
	}
1120
#else
1121
	MEMCPY_BCOPY(sha->digest, sha->state, SHA512_DIGEST_LENGTH);
1122
#endif
1123

1124
	/* accumulate the digests */
1125
	for (i = 0; i < SHA512_DIGEST_LENGTH; i++)
1126
		sha->digest_sum[i] ^= sha->digest[i];
1127

1128
	/* Clean up state data: */
1129
	MEMSET_BZERO(&sha->state, sizeof(*sha) - offsetof(Sha512_t, state));
1130
	usedspace = 0;
1131

1132
	return 0;
1133
}
1134

1135
static int
1136
sha512_print(Sum_t* p, Sfio_t* sp, register int flags, size_t scale)
1137
{
1138
	register Sha512_t*	sha = (Sha512_t*)p;
1139
	register sha2_byte*	d;
1140
	register sha2_byte*	e;
1141

1142
	d = (flags & SUM_TOTAL) ? sha->digest_sum : sha->digest;
1143
	e = d + SHA512_DIGEST_LENGTH;
1144
	while (d < e)
1145
		sfprintf(sp, "%02x", *d++);
1146
	return 0;
1147
}
1148

1149
static int
1150
sha512_data(Sum_t* p, Sumdata_t* data)
1151
{
1152
	register Sha512_t*	sha = (Sha512_t*)p;
1153

1154
	data->size = SHA512_DIGEST_LENGTH;
1155
	data->num = 0;
1156
	data->buf = sha->digest;
1157
	return 0;
1158
}
1159

1160
/*** SHA-384: *********************************************************/
1161

1162
#define sha384_description "FIPS SHA-384 secure hash algorithm."
1163
#define sha384_options	"\
1164
[+(version)?sha-384 (FIPS) 2000-01-01]\
1165
[+(author)?Aaron D. Gifford]\
1166
"
1167
#define sha384_match	"sha384|sha-384|SHA384|SHA-384"
1168
#define sha384_scale	0
1169
#define sha384_block	sha512_block
1170
#define sha384_done	sha512_done
1171

1172
#define sha384_padding	md5_pad
1173

1174
#define Sha384_t		Sha512_t
1175
#define SHA384_CTX		Sha384_t
1176
#define SHA384_DIGEST_LENGTH	48
1177

1178
static int
1179
sha384_init(Sum_t* p)
1180
{
1181
	register Sha384_t*	sha = (Sha384_t*)p;
1182

1183
	MEMCPY_BCOPY(sha->state, sha384_initial_hash_value, SHA512_DIGEST_LENGTH);
1184
	MEMSET_BZERO(sha->buffer, SHA384_BLOCK_LENGTH);
1185
	sha->bitcount[0] = sha->bitcount[1] = 0;
1186

1187
	return 0;
1188
}
1189

1190
static Sum_t*
1191
sha384_open(const Method_t* method, const char* name)
1192
{
1193
	Sha384_t*	sha;
1194

1195
	if (sha = newof(0, Sha384_t, 1, 0))
1196
	{
1197
		sha->method = (Method_t*)method;
1198
		sha->name = name;
1199
		sha384_init((Sum_t*)sha);
1200
	}
1201
	return (Sum_t*)sha;
1202
}
1203

1204
static int
1205
sha384_print(Sum_t* p, Sfio_t* sp, register int flags, size_t scale)
1206
{
1207
	register Sha384_t*	sha = (Sha384_t*)p;
1208
	register sha2_byte*	d;
1209
	register sha2_byte*	e;
1210

1211
	d = (flags & SUM_TOTAL) ? sha->digest_sum : sha->digest;
1212
	e = d + SHA384_DIGEST_LENGTH;
1213
	while (d < e)
1214
		sfprintf(sp, "%02x", *d++);
1215
	return 0;
1216
}
1217

1218
static int
1219
sha384_data(Sum_t* p, Sumdata_t* data)
1220
{
1221
	register Sha384_t*	sha = (Sha384_t*)p;
1222

1223
	data->size = SHA384_DIGEST_LENGTH;
1224
	data->num = 0;
1225
	data->buf = sha->digest;
1226
	return 0;
1227
}
1228

1229
#endif /* _typ_int64_t */
1230

1231
Product

Resources

Company
