Ruby  2.1.10p492(2016-04-01revision54464)
sha2.c
Go to the documentation of this file.
1 /*
2  * FILE: sha2.c
3  * AUTHOR: Aaron D. Gifford - http://www.aarongifford.com/
4  *
5  * Copyright (c) 2000-2001, Aaron D. Gifford
6  * All rights reserved.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  * 1. Redistributions of source code must retain the above copyright
12  * notice, this list of conditions and the following disclaimer.
13  * 2. Redistributions in binary form must reproduce the above copyright
14  * notice, this list of conditions and the following disclaimer in the
15  * documentation and/or other materials provided with the distribution.
16  * 3. Neither the name of the copyright holder nor the names of contributors
17  * may be used to endorse or promote products derived from this software
18  * without specific prior written permission.
19  *
20  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTOR(S) ``AS IS'' AND
21  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23  * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTOR(S) BE LIABLE
24  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30  * SUCH DAMAGE.
31  *
32  * $OrigId: sha2.c,v 1.1 2001/11/08 00:01:51 adg Exp adg $
33  * $RoughId: sha2.c,v 1.3 2002/02/26 22:03:36 knu Exp $
34  * $Id: sha2.c 52797 2015-11-30 12:08:16Z usa $
35  */
36 
37 #include "../defs.h"
38 #include <string.h> /* memcpy()/memset() or bcopy()/bzero() */
39 #include <assert.h> /* assert() */
40 #include "sha2.h"
41 
42 /*
43  * ASSERT NOTE:
44  * Some sanity checking code is included using assert(). On my FreeBSD
45  * system, this additional code can be removed by compiling with NDEBUG
46  * defined. Check your own systems manpage on assert() to see how to
47  * compile WITHOUT the sanity checking code on your system.
48  *
49  * UNROLLED TRANSFORM LOOP NOTE:
50  * You can define SHA2_UNROLL_TRANSFORM to use the unrolled transform
51  * loop version for the hash transform rounds (defined using macros
52  * later in this file). Either define on the command line, for example:
53  *
54  * cc -DSHA2_UNROLL_TRANSFORM -o sha2 sha2.c sha2prog.c
55  *
56  * or define below:
57  *
58  * #define SHA2_UNROLL_TRANSFORM
59  *
60  */
61 
62 
63 /*** SHA-256/384/512 Machine Architecture Definitions *****************/
64 /*
65  * BYTE_ORDER NOTE:
66  *
67  * Please make sure that your system defines BYTE_ORDER. If your
68  * architecture is little-endian, make sure it also defines
69  * LITTLE_ENDIAN and that the two (BYTE_ORDER and LITTLE_ENDIAN) are
70  * equivilent.
71  *
72  * If your system does not define the above, then you can do so by
73  * hand like this:
74  *
75  * #define LITTLE_ENDIAN 1234
76  * #define BIG_ENDIAN 4321
77  *
78  * And for little-endian machines, add:
79  *
80  * #define BYTE_ORDER LITTLE_ENDIAN
81  *
82  * Or for big-endian machines:
83  *
84  * #define BYTE_ORDER BIG_ENDIAN
85  *
86  * The FreeBSD machine this was written on defines BYTE_ORDER
87  * appropriately by including <sys/types.h> (which in turn includes
88  * <machine/endian.h> where the appropriate definitions are actually
89  * made).
90  */
91 #if !defined(BYTE_ORDER) || (BYTE_ORDER != LITTLE_ENDIAN && BYTE_ORDER != BIG_ENDIAN)
92 #error Define BYTE_ORDER to be equal to either LITTLE_ENDIAN or BIG_ENDIAN
93 #endif
94 
95 /*
96  * Define the followingsha2_* types to types of the correct length on
97  * the native archtecture. Most BSD systems and Linux define u_intXX_t
98  * types. Machines with very recent ANSI C headers, can use the
99  * uintXX_t definintions from inttypes.h by defining SHA2_USE_INTTYPES_H
100  * during compile or in the sha.h header file.
101  *
102  * Machines that support neither u_intXX_t nor inttypes.h's uintXX_t
103  * will need to define these three typedefs below (and the appropriate
104  * ones in sha.h too) by hand according to their system architecture.
105  *
106  * Thank you, Jun-ichiro itojun Hagino, for suggesting using u_intXX_t
107  * types and pointing out recent ANSI C support for uintXX_t in inttypes.h.
108  */
109 #ifdef SHA2_USE_INTTYPES_H
110 
111 typedef uint8_t sha2_byte; /* Exactly 1 byte */
112 typedef uint32_t sha2_word32; /* Exactly 4 bytes */
113 typedef uint64_t sha2_word64; /* Exactly 8 bytes */
114 
115 #else /* SHA2_USE_INTTYPES_H */
116 
117 typedef u_int8_t sha2_byte; /* Exactly 1 byte */
118 typedef u_int32_t sha2_word32; /* Exactly 4 bytes */
119 typedef u_int64_t sha2_word64; /* Exactly 8 bytes */
120 
121 #endif /* SHA2_USE_INTTYPES_H */
122 
123 
124 /*** SHA-256/384/512 Various Length Definitions ***********************/
125 /* NOTE: Most of these are in sha2.h */
126 #define SHA256_SHORT_BLOCK_LENGTH (SHA256_BLOCK_LENGTH - 8)
127 #define SHA384_SHORT_BLOCK_LENGTH (SHA384_BLOCK_LENGTH - 16)
128 #define SHA512_SHORT_BLOCK_LENGTH (SHA512_BLOCK_LENGTH - 16)
129 
130 
131 #if (defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L)) || defined(__GNUC__) || defined(_HPUX_SOURCE) || defined(__IBMC__)
132 #define ULL(number) number##ULL
133 #else
134 #define ULL(number) (uint64_t)(number)
135 #endif
136 /*** ENDIAN REVERSAL MACROS *******************************************/
137 #if BYTE_ORDER == LITTLE_ENDIAN
138 #define REVERSE32(w,x) { \
139  sha2_word32 tmp = (w); \
140  tmp = (tmp >> 16) | (tmp << 16); \
141  (x) = ((tmp & (sha2_word32)0xff00ff00UL) >> 8) | ((tmp & (sha2_word32)0x00ff00ffUL) << 8); \
142 }
143 #define REVERSE64(w,x) { \
144  sha2_word64 tmp = (w); \
145  tmp = (tmp >> 32) | (tmp << 32); \
146  tmp = ((tmp & ULL(0xff00ff00ff00ff00)) >> 8) | \
147  ((tmp & ULL(0x00ff00ff00ff00ff)) << 8); \
148  (x) = ((tmp & ULL(0xffff0000ffff0000)) >> 16) | \
149  ((tmp & ULL(0x0000ffff0000ffff)) << 16); \
150 }
151 #endif /* BYTE_ORDER == LITTLE_ENDIAN */
152 
153 /*
154  * Macro for incrementally adding the unsigned 64-bit integer n to the
155  * unsigned 128-bit integer (represented using a two-element array of
156  * 64-bit words):
157  */
158 #define ADDINC128(w,n) { \
159  (w)[0] += (sha2_word64)(n); \
160  if ((w)[0] < (n)) { \
161  (w)[1]++; \
162  } \
163 }
164 
165 /*
166  * Macros for copying blocks of memory and for zeroing out ranges
167  * of memory. Using these macros makes it easy to switch from
168  * using memset()/memcpy() and using bzero()/bcopy().
169  *
170  * Please define either SHA2_USE_MEMSET_MEMCPY or define
171  * SHA2_USE_BZERO_BCOPY depending on which function set you
172  * choose to use:
173  */
174 #if !defined(SHA2_USE_MEMSET_MEMCPY) && !defined(SHA2_USE_BZERO_BCOPY)
175 /* Default to memset()/memcpy() if no option is specified */
176 #define SHA2_USE_MEMSET_MEMCPY 1
177 #endif
178 #if defined(SHA2_USE_MEMSET_MEMCPY) && defined(SHA2_USE_BZERO_BCOPY)
179 /* Abort with an error if BOTH options are defined */
180 #error Define either SHA2_USE_MEMSET_MEMCPY or SHA2_USE_BZERO_BCOPY, not both!
181 #endif
182 
183 #ifdef SHA2_USE_MEMSET_MEMCPY
184 #define MEMSET_BZERO(p,l) memset((p), 0, (l))
185 #define MEMCPY_BCOPY(d,s,l) memcpy((d), (s), (l))
186 #endif
187 #ifdef SHA2_USE_BZERO_BCOPY
188 #define MEMSET_BZERO(p,l) bzero((p), (l))
189 #define MEMCPY_BCOPY(d,s,l) bcopy((s), (d), (l))
190 #endif
191 
192 
193 /*** THE SIX LOGICAL FUNCTIONS ****************************************/
194 /*
195  * Bit shifting and rotation (used by the six SHA-XYZ logical functions:
196  *
197  * NOTE: The naming of R and S appears backwards here (R is a SHIFT and
198  * S is a ROTATION) because the SHA-256/384/512 description document
199  * (see http://csrc.nist.gov/cryptval/shs/sha256-384-512.pdf) uses this
200  * same "backwards" definition.
201  */
202 /* Shift-right (used in SHA-256, SHA-384, and SHA-512): */
203 #define R(b,x) ((x) >> (b))
204 /* 32-bit Rotate-right (used in SHA-256): */
205 #define S32(b,x) (((x) >> (b)) | ((x) << (32 - (b))))
206 /* 64-bit Rotate-right (used in SHA-384 and SHA-512): */
207 #define S64(b,x) (((x) >> (b)) | ((x) << (64 - (b))))
208 
209 /* Two of six logical functions used in SHA-256, SHA-384, and SHA-512: */
210 #define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z)))
211 #define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
212 
213 /* Four of six logical functions used in SHA-256: */
214 #define Sigma0_256(x) (S32(2, (x)) ^ S32(13, (x)) ^ S32(22, (x)))
215 #define Sigma1_256(x) (S32(6, (x)) ^ S32(11, (x)) ^ S32(25, (x)))
216 #define sigma0_256(x) (S32(7, (x)) ^ S32(18, (x)) ^ R(3 , (x)))
217 #define sigma1_256(x) (S32(17, (x)) ^ S32(19, (x)) ^ R(10, (x)))
218 
219 /* Four of six logical functions used in SHA-384 and SHA-512: */
220 #define Sigma0_512(x) (S64(28, (x)) ^ S64(34, (x)) ^ S64(39, (x)))
221 #define Sigma1_512(x) (S64(14, (x)) ^ S64(18, (x)) ^ S64(41, (x)))
222 #define sigma0_512(x) (S64( 1, (x)) ^ S64( 8, (x)) ^ R( 7, (x)))
223 #define sigma1_512(x) (S64(19, (x)) ^ S64(61, (x)) ^ R( 6, (x)))
224 
225 /*** INTERNAL FUNCTION PROTOTYPES *************************************/
226 /* NOTE: These should not be accessed directly from outside this
227  * library -- they are intended for private internal visibility/use
228  * only.
229  */
230 void SHA512_Last(SHA512_CTX*);
233 
234 
235 /*** SHA-XYZ INITIAL HASH VALUES AND CONSTANTS ************************/
236 /* Hash constant words K for SHA-256: */
237 static const sha2_word32 K256[64] = {
238  0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL,
239  0x3956c25bUL, 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL,
240  0xd807aa98UL, 0x12835b01UL, 0x243185beUL, 0x550c7dc3UL,
241  0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL, 0xc19bf174UL,
242  0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL,
243  0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL,
244  0x983e5152UL, 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL,
245  0xc6e00bf3UL, 0xd5a79147UL, 0x06ca6351UL, 0x14292967UL,
246  0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL, 0x53380d13UL,
247  0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL,
248  0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL,
249  0xd192e819UL, 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL,
250  0x19a4c116UL, 0x1e376c08UL, 0x2748774cUL, 0x34b0bcb5UL,
251  0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL, 0x682e6ff3UL,
252  0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL,
253  0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL
254 };
255 
256 /* Initial hash value H for SHA-256: */
258  0x6a09e667UL,
259  0xbb67ae85UL,
260  0x3c6ef372UL,
261  0xa54ff53aUL,
262  0x510e527fUL,
263  0x9b05688cUL,
264  0x1f83d9abUL,
265  0x5be0cd19UL
266 };
267 
268 /* Hash constant words K for SHA-384 and SHA-512: */
269 static const sha2_word64 K512[80] = {
270  ULL(0x428a2f98d728ae22), ULL(0x7137449123ef65cd),
271  ULL(0xb5c0fbcfec4d3b2f), ULL(0xe9b5dba58189dbbc),
272  ULL(0x3956c25bf348b538), ULL(0x59f111f1b605d019),
273  ULL(0x923f82a4af194f9b), ULL(0xab1c5ed5da6d8118),
274  ULL(0xd807aa98a3030242), ULL(0x12835b0145706fbe),
275  ULL(0x243185be4ee4b28c), ULL(0x550c7dc3d5ffb4e2),
276  ULL(0x72be5d74f27b896f), ULL(0x80deb1fe3b1696b1),
277  ULL(0x9bdc06a725c71235), ULL(0xc19bf174cf692694),
278  ULL(0xe49b69c19ef14ad2), ULL(0xefbe4786384f25e3),
279  ULL(0x0fc19dc68b8cd5b5), ULL(0x240ca1cc77ac9c65),
280  ULL(0x2de92c6f592b0275), ULL(0x4a7484aa6ea6e483),
281  ULL(0x5cb0a9dcbd41fbd4), ULL(0x76f988da831153b5),
282  ULL(0x983e5152ee66dfab), ULL(0xa831c66d2db43210),
283  ULL(0xb00327c898fb213f), ULL(0xbf597fc7beef0ee4),
284  ULL(0xc6e00bf33da88fc2), ULL(0xd5a79147930aa725),
285  ULL(0x06ca6351e003826f), ULL(0x142929670a0e6e70),
286  ULL(0x27b70a8546d22ffc), ULL(0x2e1b21385c26c926),
287  ULL(0x4d2c6dfc5ac42aed), ULL(0x53380d139d95b3df),
288  ULL(0x650a73548baf63de), ULL(0x766a0abb3c77b2a8),
289  ULL(0x81c2c92e47edaee6), ULL(0x92722c851482353b),
290  ULL(0xa2bfe8a14cf10364), ULL(0xa81a664bbc423001),
291  ULL(0xc24b8b70d0f89791), ULL(0xc76c51a30654be30),
292  ULL(0xd192e819d6ef5218), ULL(0xd69906245565a910),
293  ULL(0xf40e35855771202a), ULL(0x106aa07032bbd1b8),
294  ULL(0x19a4c116b8d2d0c8), ULL(0x1e376c085141ab53),
295  ULL(0x2748774cdf8eeb99), ULL(0x34b0bcb5e19b48a8),
296  ULL(0x391c0cb3c5c95a63), ULL(0x4ed8aa4ae3418acb),
297  ULL(0x5b9cca4f7763e373), ULL(0x682e6ff3d6b2b8a3),
298  ULL(0x748f82ee5defb2fc), ULL(0x78a5636f43172f60),
299  ULL(0x84c87814a1f0ab72), ULL(0x8cc702081a6439ec),
300  ULL(0x90befffa23631e28), ULL(0xa4506cebde82bde9),
301  ULL(0xbef9a3f7b2c67915), ULL(0xc67178f2e372532b),
302  ULL(0xca273eceea26619c), ULL(0xd186b8c721c0c207),
303  ULL(0xeada7dd6cde0eb1e), ULL(0xf57d4f7fee6ed178),
304  ULL(0x06f067aa72176fba), ULL(0x0a637dc5a2c898a6),
305  ULL(0x113f9804bef90dae), ULL(0x1b710b35131c471b),
306  ULL(0x28db77f523047d84), ULL(0x32caab7b40c72493),
307  ULL(0x3c9ebe0a15c9bebc), ULL(0x431d67c49c100d4c),
308  ULL(0x4cc5d4becb3e42b6), ULL(0x597f299cfc657e2a),
309  ULL(0x5fcb6fab3ad6faec), ULL(0x6c44198c4a475817)
310 };
311 
312 /* Initial hash value H for SHA-384 */
314  ULL(0xcbbb9d5dc1059ed8),
315  ULL(0x629a292a367cd507),
316  ULL(0x9159015a3070dd17),
317  ULL(0x152fecd8f70e5939),
318  ULL(0x67332667ffc00b31),
319  ULL(0x8eb44a8768581511),
320  ULL(0xdb0c2e0d64f98fa7),
321  ULL(0x47b5481dbefa4fa4)
322 };
323 
324 /* Initial hash value H for SHA-512 */
326  ULL(0x6a09e667f3bcc908),
327  ULL(0xbb67ae8584caa73b),
328  ULL(0x3c6ef372fe94f82b),
329  ULL(0xa54ff53a5f1d36f1),
330  ULL(0x510e527fade682d1),
331  ULL(0x9b05688c2b3e6c1f),
332  ULL(0x1f83d9abfb41bd6b),
333  ULL(0x5be0cd19137e2179)
334 };
335 
336 /*
337  * Constant used by SHA256/384/512_End() functions for converting the
338  * digest to a readable hexadecimal character string:
339  */
340 static const char *sha2_hex_digits = "0123456789abcdef";
341 
342 
343 /*** SHA-256: *********************************************************/
344 void SHA256_Init(SHA256_CTX* context) {
345  if (context == (SHA256_CTX*)0) {
346  return;
347  }
350  context->bitcount = 0;
351 }
352 
353 #ifdef SHA2_UNROLL_TRANSFORM
354 
355 /* Unrolled SHA-256 round macros: */
356 
357 #if BYTE_ORDER == LITTLE_ENDIAN
358 
359 #define ROUND256_0_TO_15(a,b,c,d,e,f,g,h) \
360  REVERSE32(*data++, W256[j]); \
361  T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + \
362  K256[j] + W256[j]; \
363  (d) += T1; \
364  (h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \
365  j++
366 
367 
368 #else /* BYTE_ORDER == LITTLE_ENDIAN */
369 
370 #define ROUND256_0_TO_15(a,b,c,d,e,f,g,h) \
371  T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + \
372  K256[j] + (W256[j] = *data++); \
373  (d) += T1; \
374  (h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \
375  j++
376 
377 #endif /* BYTE_ORDER == LITTLE_ENDIAN */
378 
379 #define ROUND256(a,b,c,d,e,f,g,h) \
380  s0 = W256[(j+1)&0x0f]; \
381  s0 = sigma0_256(s0); \
382  s1 = W256[(j+14)&0x0f]; \
383  s1 = sigma1_256(s1); \
384  T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + K256[j] + \
385  (W256[j&0x0f] += s1 + W256[(j+9)&0x0f] + s0); \
386  (d) += T1; \
387  (h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \
388  j++
389 
390 void SHA256_Transform(SHA256_CTX* context, const sha2_word32* data) {
391  sha2_word32 a, b, c, d, e, f, g, h, s0, s1;
392  sha2_word32 T1, *W256;
393  int j;
394 
395  W256 = (sha2_word32*)context->buffer;
396 
397  /* Initialize registers with the prev. intermediate value */
398  a = context->state[0];
399  b = context->state[1];
400  c = context->state[2];
401  d = context->state[3];
402  e = context->state[4];
403  f = context->state[5];
404  g = context->state[6];
405  h = context->state[7];
406 
407  j = 0;
408  do {
409  /* Rounds 0 to 15 (unrolled): */
410  ROUND256_0_TO_15(a,b,c,d,e,f,g,h);
411  ROUND256_0_TO_15(h,a,b,c,d,e,f,g);
412  ROUND256_0_TO_15(g,h,a,b,c,d,e,f);
413  ROUND256_0_TO_15(f,g,h,a,b,c,d,e);
414  ROUND256_0_TO_15(e,f,g,h,a,b,c,d);
415  ROUND256_0_TO_15(d,e,f,g,h,a,b,c);
416  ROUND256_0_TO_15(c,d,e,f,g,h,a,b);
417  ROUND256_0_TO_15(b,c,d,e,f,g,h,a);
418  } while (j < 16);
419 
420  /* Now for the remaining rounds to 64: */
421  do {
422  ROUND256(a,b,c,d,e,f,g,h);
423  ROUND256(h,a,b,c,d,e,f,g);
424  ROUND256(g,h,a,b,c,d,e,f);
425  ROUND256(f,g,h,a,b,c,d,e);
426  ROUND256(e,f,g,h,a,b,c,d);
427  ROUND256(d,e,f,g,h,a,b,c);
428  ROUND256(c,d,e,f,g,h,a,b);
429  ROUND256(b,c,d,e,f,g,h,a);
430  } while (j < 64);
431 
432  /* Compute the current intermediate hash value */
433  context->state[0] += a;
434  context->state[1] += b;
435  context->state[2] += c;
436  context->state[3] += d;
437  context->state[4] += e;
438  context->state[5] += f;
439  context->state[6] += g;
440  context->state[7] += h;
441 
442  /* Clean up */
443  a = b = c = d = e = f = g = h = T1 = 0;
444 }
445 
446 #else /* SHA2_UNROLL_TRANSFORM */
447 
448 void SHA256_Transform(SHA256_CTX* context, const sha2_word32* data) {
449  sha2_word32 a, b, c, d, e, f, g, h, s0, s1;
450  sha2_word32 T1, T2, *W256;
451  int j;
452 
453  W256 = (sha2_word32*)context->buffer;
454 
455  /* Initialize registers with the prev. intermediate value */
456  a = context->state[0];
457  b = context->state[1];
458  c = context->state[2];
459  d = context->state[3];
460  e = context->state[4];
461  f = context->state[5];
462  g = context->state[6];
463  h = context->state[7];
464 
465  j = 0;
466  do {
468  /* Copy data while converting to host byte order */
469  REVERSE32(*data++,W256[j]);
470  /* Apply the SHA-256 compression function to update a..h */
471  T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + W256[j];
472 #else /* BYTE_ORDER == LITTLE_ENDIAN */
473  /* Apply the SHA-256 compression function to update a..h with copy */
474  T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + (W256[j] = *data++);
475 #endif /* BYTE_ORDER == LITTLE_ENDIAN */
476  T2 = Sigma0_256(a) + Maj(a, b, c);
477  h = g;
478  g = f;
479  f = e;
480  e = d + T1;
481  d = c;
482  c = b;
483  b = a;
484  a = T1 + T2;
485 
486  j++;
487  } while (j < 16);
488 
489  do {
490  /* Part of the message block expansion: */
491  s0 = W256[(j+1)&0x0f];
492  s0 = sigma0_256(s0);
493  s1 = W256[(j+14)&0x0f];
494  s1 = sigma1_256(s1);
495 
496  /* Apply the SHA-256 compression function to update a..h */
497  T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] +
498  (W256[j&0x0f] += s1 + W256[(j+9)&0x0f] + s0);
499  T2 = Sigma0_256(a) + Maj(a, b, c);
500  h = g;
501  g = f;
502  f = e;
503  e = d + T1;
504  d = c;
505  c = b;
506  b = a;
507  a = T1 + T2;
508 
509  j++;
510  } while (j < 64);
511 
512  /* Compute the current intermediate hash value */
513  context->state[0] += a;
514  context->state[1] += b;
515  context->state[2] += c;
516  context->state[3] += d;
517  context->state[4] += e;
518  context->state[5] += f;
519  context->state[6] += g;
520  context->state[7] += h;
521 
522  /* Clean up */
523  a = b = c = d = e = f = g = h = T1 = T2 = 0;
524 }
525 
526 #endif /* SHA2_UNROLL_TRANSFORM */
527 
528 void SHA256_Update(SHA256_CTX* context, const sha2_byte *data, size_t len) {
529  unsigned int freespace, usedspace;
530 
531  if (len == 0) {
532  /* Calling with no data is valid - we do nothing */
533  return;
534  }
535 
536  /* Sanity check: */
537  assert(context != (SHA256_CTX*)0 && data != (sha2_byte*)0);
538 
539  usedspace = (unsigned int)((context->bitcount >> 3) % SHA256_BLOCK_LENGTH);
540  if (usedspace > 0) {
541  /* Calculate how much free space is available in the buffer */
542  freespace = SHA256_BLOCK_LENGTH - usedspace;
543 
544  if (len >= freespace) {
545  /* Fill the buffer completely and process it */
546  MEMCPY_BCOPY(&context->buffer[usedspace], data, freespace);
547  context->bitcount += freespace << 3;
548  len -= freespace;
549  data += freespace;
550  SHA256_Transform(context, (sha2_word32*)context->buffer);
551  } else {
552  /* The buffer is not yet full */
553  MEMCPY_BCOPY(&context->buffer[usedspace], data, len);
554  context->bitcount += len << 3;
555  /* Clean up: */
556  usedspace = freespace = 0;
557  return;
558  }
559  }
560  while (len >= SHA256_BLOCK_LENGTH) {
561  /* Process as many complete blocks as we can */
562  MEMCPY_BCOPY(context->buffer, data, SHA256_BLOCK_LENGTH);
563  SHA256_Transform(context, (sha2_word32*)context->buffer);
564  context->bitcount += SHA256_BLOCK_LENGTH << 3;
565  len -= SHA256_BLOCK_LENGTH;
566  data += SHA256_BLOCK_LENGTH;
567  }
568  if (len > 0) {
569  /* There's left-overs, so save 'em */
570  MEMCPY_BCOPY(context->buffer, data, len);
571  context->bitcount += len << 3;
572  }
573  /* Clean up: */
574  usedspace = freespace = 0;
575 }
576 
577 void SHA256_Final(sha2_byte digest[], SHA256_CTX* context) {
578  sha2_word32 *d = (sha2_word32*)digest;
579  unsigned int usedspace;
580 
581  /* Sanity check: */
582  assert(context != (SHA256_CTX*)0);
583 
584  /* If no digest buffer is passed, we don't bother doing this: */
585  if (digest != (sha2_byte*)0) {
586  usedspace = (unsigned int)((context->bitcount >> 3) % SHA256_BLOCK_LENGTH);
587 #if BYTE_ORDER == LITTLE_ENDIAN
588  /* Convert FROM host byte order */
589  REVERSE64(context->bitcount,context->bitcount);
590 #endif
591  if (usedspace > 0) {
592  /* Begin padding with a 1 bit: */
593  context->buffer[usedspace++] = 0x80;
594 
595  if (usedspace <= SHA256_SHORT_BLOCK_LENGTH) {
596  /* Set-up for the last transform: */
597  MEMSET_BZERO(&context->buffer[usedspace], SHA256_SHORT_BLOCK_LENGTH - usedspace);
598  } else {
599  if (usedspace < SHA256_BLOCK_LENGTH) {
600  MEMSET_BZERO(&context->buffer[usedspace], SHA256_BLOCK_LENGTH - usedspace);
601  }
602  /* Do second-to-last transform: */
603  SHA256_Transform(context, (sha2_word32*)context->buffer);
604 
605  /* And set-up for the last transform: */
607  }
608  } else {
609  /* Set-up for the last transform: */
611 
612  /* Begin padding with a 1 bit: */
613  *context->buffer = 0x80;
614  }
615  /* Set the bit count: */
617  sizeof(sha2_word64));
618 
619  /* Final transform: */
620  SHA256_Transform(context, (sha2_word32*)context->buffer);
621 
622 #if BYTE_ORDER == LITTLE_ENDIAN
623  {
624  /* Convert TO host byte order */
625  int j;
626  for (j = 0; j < 8; j++) {
627  REVERSE32(context->state[j],context->state[j]);
628  *d++ = context->state[j];
629  }
630  }
631 #else
633 #endif
634  }
635 
636  /* Clean up state data: */
637  MEMSET_BZERO(context, sizeof(*context));
638  usedspace = 0;
639 }
640 
641 char *SHA256_End(SHA256_CTX* context, char buffer[]) {
642  sha2_byte digest[SHA256_DIGEST_LENGTH], *d = digest;
643  int i;
644 
645  /* Sanity check: */
646  assert(context != (SHA256_CTX*)0);
647 
648  if (buffer != (char*)0) {
649  SHA256_Final(digest, context);
650  for (i = 0; i < SHA256_DIGEST_LENGTH; i++) {
651  *buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4];
652  *buffer++ = sha2_hex_digits[*d & 0x0f];
653  d++;
654  }
655  *buffer = (char)0;
656  } else {
657  MEMSET_BZERO(context, sizeof(*context));
658  }
660  return buffer;
661 }
662 
663 char* SHA256_Data(const sha2_byte* data, size_t len, char digest[SHA256_DIGEST_STRING_LENGTH]) {
664  SHA256_CTX context;
665 
666  SHA256_Init(&context);
667  SHA256_Update(&context, data, len);
668  return SHA256_End(&context, digest);
669 }
670 
671 
672 /*** SHA-512: *********************************************************/
673 void SHA512_Init(SHA512_CTX* context) {
674  if (context == (SHA512_CTX*)0) {
675  return;
676  }
679  context->bitcount[0] = context->bitcount[1] = 0;
680 }
681 
682 #ifdef SHA2_UNROLL_TRANSFORM
683 
684 /* Unrolled SHA-512 round macros: */
685 #if BYTE_ORDER == LITTLE_ENDIAN
686 
687 #define ROUND512_0_TO_15(a,b,c,d,e,f,g,h) \
688  REVERSE64(*data++, W512[j]); \
689  T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + \
690  K512[j] + W512[j]; \
691  (d) += T1, \
692  (h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)), \
693  j++
694 
695 
696 #else /* BYTE_ORDER == LITTLE_ENDIAN */
697 
698 #define ROUND512_0_TO_15(a,b,c,d,e,f,g,h) \
699  T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + \
700  K512[j] + (W512[j] = *data++); \
701  (d) += T1; \
702  (h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)); \
703  j++
704 
705 #endif /* BYTE_ORDER == LITTLE_ENDIAN */
706 
707 #define ROUND512(a,b,c,d,e,f,g,h) \
708  s0 = W512[(j+1)&0x0f]; \
709  s0 = sigma0_512(s0); \
710  s1 = W512[(j+14)&0x0f]; \
711  s1 = sigma1_512(s1); \
712  T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + K512[j] + \
713  (W512[j&0x0f] += s1 + W512[(j+9)&0x0f] + s0); \
714  (d) += T1; \
715  (h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)); \
716  j++
717 
718 void SHA512_Transform(SHA512_CTX* context, const sha2_word64* data) {
719  sha2_word64 a, b, c, d, e, f, g, h, s0, s1;
720  sha2_word64 T1, *W512 = (sha2_word64*)context->buffer;
721  int j;
722 
723  /* Initialize registers with the prev. intermediate value */
724  a = context->state[0];
725  b = context->state[1];
726  c = context->state[2];
727  d = context->state[3];
728  e = context->state[4];
729  f = context->state[5];
730  g = context->state[6];
731  h = context->state[7];
732 
733  j = 0;
734  do {
735  ROUND512_0_TO_15(a,b,c,d,e,f,g,h);
736  ROUND512_0_TO_15(h,a,b,c,d,e,f,g);
737  ROUND512_0_TO_15(g,h,a,b,c,d,e,f);
738  ROUND512_0_TO_15(f,g,h,a,b,c,d,e);
739  ROUND512_0_TO_15(e,f,g,h,a,b,c,d);
740  ROUND512_0_TO_15(d,e,f,g,h,a,b,c);
741  ROUND512_0_TO_15(c,d,e,f,g,h,a,b);
742  ROUND512_0_TO_15(b,c,d,e,f,g,h,a);
743  } while (j < 16);
744 
745  /* Now for the remaining rounds up to 79: */
746  do {
747  ROUND512(a,b,c,d,e,f,g,h);
748  ROUND512(h,a,b,c,d,e,f,g);
749  ROUND512(g,h,a,b,c,d,e,f);
750  ROUND512(f,g,h,a,b,c,d,e);
751  ROUND512(e,f,g,h,a,b,c,d);
752  ROUND512(d,e,f,g,h,a,b,c);
753  ROUND512(c,d,e,f,g,h,a,b);
754  ROUND512(b,c,d,e,f,g,h,a);
755  } while (j < 80);
756 
757  /* Compute the current intermediate hash value */
758  context->state[0] += a;
759  context->state[1] += b;
760  context->state[2] += c;
761  context->state[3] += d;
762  context->state[4] += e;
763  context->state[5] += f;
764  context->state[6] += g;
765  context->state[7] += h;
766 
767  /* Clean up */
768  a = b = c = d = e = f = g = h = T1 = 0;
769 }
770 
771 #else /* SHA2_UNROLL_TRANSFORM */
772 
773 void SHA512_Transform(SHA512_CTX* context, const sha2_word64* data) {
774  sha2_word64 a, b, c, d, e, f, g, h, s0, s1;
775  sha2_word64 T1, T2, *W512 = (sha2_word64*)context->buffer;
776  int j;
777 
778  /* Initialize registers with the prev. intermediate value */
779  a = context->state[0];
780  b = context->state[1];
781  c = context->state[2];
782  d = context->state[3];
783  e = context->state[4];
784  f = context->state[5];
785  g = context->state[6];
786  h = context->state[7];
787 
788  j = 0;
789  do {
791  /* Convert TO host byte order */
792  REVERSE64(*data++, W512[j]);
793  /* Apply the SHA-512 compression function to update a..h */
794  T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + W512[j];
795 #else /* BYTE_ORDER == LITTLE_ENDIAN */
796  /* Apply the SHA-512 compression function to update a..h with copy */
797  T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + (W512[j] = *data++);
798 #endif /* BYTE_ORDER == LITTLE_ENDIAN */
799  T2 = Sigma0_512(a) + Maj(a, b, c);
800  h = g;
801  g = f;
802  f = e;
803  e = d + T1;
804  d = c;
805  c = b;
806  b = a;
807  a = T1 + T2;
808 
809  j++;
810  } while (j < 16);
811 
812  do {
813  /* Part of the message block expansion: */
814  s0 = W512[(j+1)&0x0f];
815  s0 = sigma0_512(s0);
816  s1 = W512[(j+14)&0x0f];
817  s1 = sigma1_512(s1);
818 
819  /* Apply the SHA-512 compression function to update a..h */
820  T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] +
821  (W512[j&0x0f] += s1 + W512[(j+9)&0x0f] + s0);
822  T2 = Sigma0_512(a) + Maj(a, b, c);
823  h = g;
824  g = f;
825  f = e;
826  e = d + T1;
827  d = c;
828  c = b;
829  b = a;
830  a = T1 + T2;
831 
832  j++;
833  } while (j < 80);
834 
835  /* Compute the current intermediate hash value */
836  context->state[0] += a;
837  context->state[1] += b;
838  context->state[2] += c;
839  context->state[3] += d;
840  context->state[4] += e;
841  context->state[5] += f;
842  context->state[6] += g;
843  context->state[7] += h;
844 
845  /* Clean up */
846  a = b = c = d = e = f = g = h = T1 = T2 = 0;
847 }
848 
849 #endif /* SHA2_UNROLL_TRANSFORM */
850 
851 void SHA512_Update(SHA512_CTX* context, const sha2_byte *data, size_t len) {
852  unsigned int freespace, usedspace;
853 
854  if (len == 0) {
855  /* Calling with no data is valid - we do nothing */
856  return;
857  }
858 
859  /* Sanity check: */
860  assert(context != (SHA512_CTX*)0 && data != (sha2_byte*)0);
861 
862  usedspace = (unsigned int)((context->bitcount[0] >> 3) % SHA512_BLOCK_LENGTH);
863  if (usedspace > 0) {
864  /* Calculate how much free space is available in the buffer */
865  freespace = SHA512_BLOCK_LENGTH - usedspace;
866 
867  if (len >= freespace) {
868  /* Fill the buffer completely and process it */
869  MEMCPY_BCOPY(&context->buffer[usedspace], data, freespace);
870  ADDINC128(context->bitcount, freespace << 3);
871  len -= freespace;
872  data += freespace;
873  SHA512_Transform(context, (sha2_word64*)context->buffer);
874  } else {
875  /* The buffer is not yet full */
876  MEMCPY_BCOPY(&context->buffer[usedspace], data, len);
877  ADDINC128(context->bitcount, len << 3);
878  /* Clean up: */
879  usedspace = freespace = 0;
880  return;
881  }
882  }
883  while (len >= SHA512_BLOCK_LENGTH) {
884  /* Process as many complete blocks as we can */
885  MEMCPY_BCOPY(context->buffer, data, SHA512_BLOCK_LENGTH);
886  SHA512_Transform(context, (sha2_word64*)context->buffer);
887  ADDINC128(context->bitcount, SHA512_BLOCK_LENGTH << 3);
888  len -= SHA512_BLOCK_LENGTH;
889  data += SHA512_BLOCK_LENGTH;
890  }
891  if (len > 0) {
892  /* There's left-overs, so save 'em */
893  MEMCPY_BCOPY(context->buffer, data, len);
894  ADDINC128(context->bitcount, len << 3);
895  }
896  /* Clean up: */
897  usedspace = freespace = 0;
898 }
899 
900 void SHA512_Last(SHA512_CTX* context) {
901  unsigned int usedspace;
902 
903  usedspace = (unsigned int)((context->bitcount[0] >> 3) % SHA512_BLOCK_LENGTH);
904 #if BYTE_ORDER == LITTLE_ENDIAN
905  /* Convert FROM host byte order */
906  REVERSE64(context->bitcount[0],context->bitcount[0]);
907  REVERSE64(context->bitcount[1],context->bitcount[1]);
908 #endif
909  if (usedspace > 0) {
910  /* Begin padding with a 1 bit: */
911  context->buffer[usedspace++] = 0x80;
912 
913  if (usedspace <= SHA512_SHORT_BLOCK_LENGTH) {
914  /* Set-up for the last transform: */
915  MEMSET_BZERO(&context->buffer[usedspace], SHA512_SHORT_BLOCK_LENGTH - usedspace);
916  } else {
917  if (usedspace < SHA512_BLOCK_LENGTH) {
918  MEMSET_BZERO(&context->buffer[usedspace], SHA512_BLOCK_LENGTH - usedspace);
919  }
920  /* Do second-to-last transform: */
921  SHA512_Transform(context, (sha2_word64*)context->buffer);
922 
923  /* And set-up for the last transform: */
924  MEMSET_BZERO(context->buffer, SHA512_BLOCK_LENGTH - 2);
925  }
926  } else {
927  /* Prepare for final transform: */
929 
930  /* Begin padding with a 1 bit: */
931  *context->buffer = 0x80;
932  }
933  /* Store the length of input data (in bits): */
934  MEMCPY_BCOPY(&context->buffer[SHA512_SHORT_BLOCK_LENGTH], &context->bitcount[1],
935  sizeof(sha2_word64));
936  MEMCPY_BCOPY(&context->buffer[SHA512_SHORT_BLOCK_LENGTH+8], &context->bitcount[0],
937  sizeof(sha2_word64));
938 
939  /* Final transform: */
940  SHA512_Transform(context, (sha2_word64*)context->buffer);
941 }
942 
943 void SHA512_Final(sha2_byte digest[], SHA512_CTX* context) {
944  sha2_word64 *d = (sha2_word64*)digest;
945 
946  /* Sanity check: */
947  assert(context != (SHA512_CTX*)0);
948 
949  /* If no digest buffer is passed, we don't bother doing this: */
950  if (digest != (sha2_byte*)0) {
951  SHA512_Last(context);
952 
953  /* Save the hash data for output: */
954 #if BYTE_ORDER == LITTLE_ENDIAN
955  {
956  /* Convert TO host byte order */
957  int j;
958  for (j = 0; j < 8; j++) {
959  REVERSE64(context->state[j],context->state[j]);
960  *d++ = context->state[j];
961  }
962  }
963 #else
965 #endif
966  }
967 
968  /* Zero out state data */
969  MEMSET_BZERO(context, sizeof(*context));
970 }
971 
972 char *SHA512_End(SHA512_CTX* context, char buffer[]) {
973  sha2_byte digest[SHA512_DIGEST_LENGTH], *d = digest;
974  int i;
975 
976  /* Sanity check: */
977  assert(context != (SHA512_CTX*)0);
978 
979  if (buffer != (char*)0) {
980  SHA512_Final(digest, context);
981  for (i = 0; i < SHA512_DIGEST_LENGTH; i++) {
982  *buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4];
983  *buffer++ = sha2_hex_digits[*d & 0x0f];
984  d++;
985  }
986  *buffer = (char)0;
987  } else {
988  MEMSET_BZERO(context, sizeof(*context));
989  }
991  return buffer;
992 }
993 
994 char* SHA512_Data(const sha2_byte* data, size_t len, char digest[SHA512_DIGEST_STRING_LENGTH]) {
995  SHA512_CTX context;
996 
997  SHA512_Init(&context);
998  SHA512_Update(&context, data, len);
999  return SHA512_End(&context, digest);
1000 }
1001 
1002 
1003 /*** SHA-384: *********************************************************/
1004 void SHA384_Init(SHA384_CTX* context) {
1005  if (context == (SHA384_CTX*)0) {
1006  return;
1007  }
1010  context->bitcount[0] = context->bitcount[1] = 0;
1011 }
1012 
1013 void SHA384_Update(SHA384_CTX* context, const sha2_byte* data, size_t len) {
1014  SHA512_Update((SHA512_CTX*)context, data, len);
1015 }
1016 
1017 void SHA384_Final(sha2_byte digest[], SHA384_CTX* context) {
1018  sha2_word64 *d = (sha2_word64*)digest;
1019 
1020  /* Sanity check: */
1021  assert(context != (SHA384_CTX*)0);
1022 
1023  /* If no digest buffer is passed, we don't bother doing this: */
1024  if (digest != (sha2_byte*)0) {
1025  SHA512_Last((SHA512_CTX*)context);
1026 
1027  /* Save the hash data for output: */
1028 #if BYTE_ORDER == LITTLE_ENDIAN
1029  {
1030  /* Convert TO host byte order */
1031  int j;
1032  for (j = 0; j < 6; j++) {
1033  REVERSE64(context->state[j],context->state[j]);
1034  *d++ = context->state[j];
1035  }
1036  }
1037 #else
1038  MEMCPY_BCOPY(d, context->state, SHA384_DIGEST_LENGTH);
1039 #endif
1040  }
1041 
1042  /* Zero out state data */
1043  MEMSET_BZERO(context, sizeof(*context));
1044 }
1045 
1046 char *SHA384_End(SHA384_CTX* context, char buffer[]) {
1047  sha2_byte digest[SHA384_DIGEST_LENGTH], *d = digest;
1048  int i;
1049 
1050  /* Sanity check: */
1051  assert(context != (SHA384_CTX*)0);
1052 
1053  if (buffer != (char*)0) {
1054  SHA384_Final(digest, context);
1055  for (i = 0; i < SHA384_DIGEST_LENGTH; i++) {
1056  *buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4];
1057  *buffer++ = sha2_hex_digits[*d & 0x0f];
1058  d++;
1059  }
1060  *buffer = (char)0;
1061  } else {
1062  MEMSET_BZERO(context, sizeof(*context));
1063  }
1065  return buffer;
1066 }
1067 
1068 char* SHA384_Data(const sha2_byte* data, size_t len, char digest[SHA384_DIGEST_STRING_LENGTH]) {
1069  SHA384_CTX context;
1070 
1071  SHA384_Init(&context);
1072  SHA384_Update(&context, data, len);
1073  return SHA384_End(&context, digest);
1074 }
1075 
#define Sigma0_512(x)
Definition: sha2.c:220
void SHA256_Init(SHA256_CTX *context)
Definition: sha2.c:344
uint64_t state[8]
Definition: sha2.h:128
#define SHA256_DIGEST_STRING_LENGTH
Definition: sha2.h:80
#define SHA384_BLOCK_LENGTH
Definition: sha2.h:81
static const sha2_word64 sha512_initial_hash_value[8]
Definition: sha2.c:325
#define BYTE_ORDER
Definition: random.c:1237
uint32_t sha2_word32
Definition: sha2.c:112
char * SHA384_End(SHA384_CTX *context, char buffer[])
Definition: sha2.c:1046
#define SHA256_BLOCK_LENGTH
Definition: sha2.h:78
static const sha2_word32 K256[64]
Definition: sha2.c:237
void SHA256_Update(SHA256_CTX *context, const sha2_byte *data, size_t len)
Definition: sha2.c:528
uint8_t buffer[SHA512_BLOCK_LENGTH]
Definition: sha2.h:130
void SHA512_Transform(SHA512_CTX *, const sha2_word64 *)
Definition: sha2.c:773
#define Ch(x, y, z)
Definition: sha2.c:210
char * SHA512_End(SHA512_CTX *context, char buffer[])
Definition: sha2.c:972
#define sigma1_512(x)
Definition: sha2.c:223
unsigned char uint8_t
Definition: sha2.h:100
char * SHA256_End(SHA256_CTX *context, char buffer[])
Definition: sha2.c:641
static const sha2_word64 K512[80]
Definition: sha2.c:269
#define Sigma1_256(x)
Definition: sha2.c:215
#define sigma1_256(x)
Definition: sha2.c:217
unsigned long long uint64_t
Definition: sha2.h:102
void SHA512_Last(SHA512_CTX *)
Definition: sha2.c:900
#define MEMCPY_BCOPY(d, s, l)
Definition: sha2.c:185
void SHA512_Final(sha2_byte digest[], SHA512_CTX *context)
Definition: sha2.c:943
#define MEMSET_BZERO(p, l)
Definition: sha2.c:184
void SHA384_Init(SHA384_CTX *context)
Definition: sha2.c:1004
uint64_t bitcount[2]
Definition: sha2.h:129
#define REVERSE64(w, x)
Definition: sha2.c:143
#define SHA384_DIGEST_LENGTH
Definition: sha2.h:82
#define sigma0_256(x)
Definition: sha2.c:216
void SHA384_Final(sha2_byte digest[], SHA384_CTX *context)
Definition: sha2.c:1017
static const sha2_word32 sha256_initial_hash_value[8]
Definition: sha2.c:257
static const char * sha2_hex_digits
Definition: sha2.c:340
void SHA256_Final(sha2_byte digest[], SHA256_CTX *context)
Definition: sha2.c:577
#define T1
Definition: md5.c:132
#define ULL(number)
Definition: sha2.c:134
#define ADDINC128(w, n)
Definition: sha2.c:158
#define T2
Definition: md5.c:133
char * SHA256_Data(const sha2_byte *data, size_t len, char digest[SHA256_DIGEST_STRING_LENGTH])
Definition: sha2.c:663
#define LITTLE_ENDIAN
Definition: random.c:1240
void SHA512_Init(SHA512_CTX *context)
Definition: sha2.c:673
void SHA384_Update(SHA384_CTX *context, const sha2_byte *data, size_t len)
Definition: sha2.c:1013
char * SHA384_Data(const sha2_byte *data, size_t len, char digest[SHA384_DIGEST_STRING_LENGTH])
Definition: sha2.c:1068
#define Sigma0_256(x)
Definition: sha2.c:214
static const sha2_word64 sha384_initial_hash_value[8]
Definition: sha2.c:313
unsigned int uint32_t
Definition: sha2.h:101
uint64_t sha2_word64
Definition: sha2.c:113
#define SHA256_DIGEST_LENGTH
Definition: sha2.h:79
#define SHA512_SHORT_BLOCK_LENGTH
Definition: sha2.c:128
#define sigma0_512(x)
Definition: sha2.c:222
#define f
void SHA512_Update(SHA512_CTX *context, const sha2_byte *data, size_t len)
Definition: sha2.c:851
uint32_t state[8]
Definition: sha2.h:123
uint8_t sha2_byte
Definition: sha2.c:111
#define Maj(x, y, z)
Definition: sha2.c:211
#define SHA384_DIGEST_STRING_LENGTH
Definition: sha2.h:83
#define assert(condition)
Definition: ossl.h:45
#define Sigma1_512(x)
Definition: sha2.c:221
#define SHA512_DIGEST_LENGTH
Definition: sha2.h:85
#define SHA512_BLOCK_LENGTH
Definition: sha2.h:84
#define SHA256_SHORT_BLOCK_LENGTH
Definition: sha2.c:126
void SHA256_Transform(SHA256_CTX *, const sha2_word32 *)
Definition: sha2.c:448
uint64_t bitcount
Definition: sha2.h:124
uint8_t buffer[SHA256_BLOCK_LENGTH]
Definition: sha2.h:125
char * SHA512_Data(const sha2_byte *data, size_t len, char digest[SHA512_DIGEST_STRING_LENGTH])
Definition: sha2.c:994
#define REVERSE32(w, x)
Definition: sha2.c:138
#define SHA512_DIGEST_STRING_LENGTH
Definition: sha2.h:86