sha2.c revision aa520ab1cb5d6b9a72d186ded1bff22e31ae1e88
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt/*
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews * Copyright (C) 2005, 2006 Internet Systems Consortium, Inc. ("ISC")
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt *
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews * Permission to use, copy, modify, and distribute this software for any
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews * purpose with or without fee is hereby granted, provided that the above
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews * copyright notice and this permission notice appear in all copies.
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt *
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
207845805eb591b77ffbd99735617cab7e2ed804Evan Hunt * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
cf786a52ce85fd069c764a7de3d036b63a741153Automatic Updater * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt * PERFORMANCE OF THIS SOFTWARE.
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt */
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt/* $Id: sha2.c,v 1.6 2006/01/31 01:58:12 marka Exp $ */
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt/* $FreeBSD: src/sys/crypto/sha2/sha2.c,v 1.2.2.2 2002/03/05 08:36:47 ume Exp $ */
50f64cf0e58073f61bea3e1e4a9ad258bca80961Francis Dupont/* $KAME: sha2.c,v 1.8 2001/11/08 01:07:52 itojun Exp $ */
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt/*
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt * sha2.c
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt *
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt * Version 1.0.0beta1
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt *
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt * Written by Aaron D. Gifford <me@aarongifford.com>
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt *
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt * Copyright 2000 Aaron D. Gifford. All rights reserved.
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt *
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt * Redistribution and use in source and binary forms, with or without
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt * modification, are permitted provided that the following conditions
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt * are met:
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt * 1. Redistributions of source code must retain the above copyright
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt * notice, this list of conditions and the following disclaimer.
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt * 2. Redistributions in binary form must reproduce the above copyright
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt * notice, this list of conditions and the following disclaimer in the
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt * documentation and/or other materials provided with the distribution.
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt * 3. Neither the name of the copyright holder nor the names of contributors
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt * may be used to endorse or promote products derived from this software
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt * without specific prior written permission.
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt *
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) AND CONTRIBUTOR(S) ``AS IS'' AND
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
50f64cf0e58073f61bea3e1e4a9ad258bca80961Francis Dupont * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR(S) OR CONTRIBUTOR(S) BE LIABLE
50f64cf0e58073f61bea3e1e4a9ad258bca80961Francis Dupont * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
50f64cf0e58073f61bea3e1e4a9ad258bca80961Francis Dupont * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
50f64cf0e58073f61bea3e1e4a9ad258bca80961Francis Dupont * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
50f64cf0e58073f61bea3e1e4a9ad258bca80961Francis Dupont * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
50f64cf0e58073f61bea3e1e4a9ad258bca80961Francis Dupont * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50f64cf0e58073f61bea3e1e4a9ad258bca80961Francis Dupont * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
50f64cf0e58073f61bea3e1e4a9ad258bca80961Francis Dupont * SUCH DAMAGE.
50f64cf0e58073f61bea3e1e4a9ad258bca80961Francis Dupont *
50f64cf0e58073f61bea3e1e4a9ad258bca80961Francis Dupont */
50f64cf0e58073f61bea3e1e4a9ad258bca80961Francis Dupont
50f64cf0e58073f61bea3e1e4a9ad258bca80961Francis Dupont
50f64cf0e58073f61bea3e1e4a9ad258bca80961Francis Dupont#include <config.h>
50f64cf0e58073f61bea3e1e4a9ad258bca80961Francis Dupont
50f64cf0e58073f61bea3e1e4a9ad258bca80961Francis Dupont#include <isc/assertions.h>
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt#include <isc/sha2.h>
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt#include <isc/string.h>
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt#include <isc/util.h>
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt/*
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt * UNROLLED TRANSFORM LOOP NOTE:
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt * You can define SHA2_UNROLL_TRANSFORM to use the unrolled transform
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt * loop version for the hash transform rounds (defined using macros
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt * later in this file). Either define on the command line, for example:
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt *
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt * cc -DISC_SHA2_UNROLL_TRANSFORM -o sha2 sha2.c sha2prog.c
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt *
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt * or define below:
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt *
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt * #define ISC_SHA2_UNROLL_TRANSFORM
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt *
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt */
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt/*** SHA-256/384/512 Machine Architecture Definitions *****************/
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt/*
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt * BYTE_ORDER NOTE:
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt *
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt * Please make sure that your system defines BYTE_ORDER. If your
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt * architecture is little-endian, make sure it also defines
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt * LITTLE_ENDIAN and that the two (BYTE_ORDER and LITTLE_ENDIAN) are
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt * equivilent.
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt *
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt * If your system does not define the above, then you can do so by
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt * hand like this:
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt *
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt * #define LITTLE_ENDIAN 1234
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt * #define BIG_ENDIAN 4321
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt *
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt * And for little-endian machines, add:
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt *
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt * #define BYTE_ORDER LITTLE_ENDIAN
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt *
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt * Or for big-endian machines:
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt *
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt * #define BYTE_ORDER BIG_ENDIAN
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt *
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt * The FreeBSD machine this was written on defines BYTE_ORDER
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt * appropriately by including <sys/types.h> (which in turn includes
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt * <machine/endian.h> where the appropriate definitions are actually
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt * made).
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt */
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt#if !defined(BYTE_ORDER) || (BYTE_ORDER != LITTLE_ENDIAN && BYTE_ORDER != BIG_ENDIAN)
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt#ifndef BYTE_ORDER
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt#ifndef BIG_ENDIAN
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt#define BIG_ENDIAN 4321
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt#endif
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt#ifndef LITTLE_ENDIAN
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt#define LITTLE_ENDIAN 1234
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt#endif
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt#ifdef WORDS_BIGENDIAN
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt#define BYTE_ORDER BIG_ENDIAN
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt#else
cf786a52ce85fd069c764a7de3d036b63a741153Automatic Updater#define BYTE_ORDER LITTLE_ENDIAN
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt#endif
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt#else
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt#error Define BYTE_ORDER to be equal to either LITTLE_ENDIAN or BIG_ENDIAN
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt#endif
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt#endif
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt/*** SHA-256/384/512 Various Length Definitions ***********************/
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt/* NOTE: Most of these are in sha2.h */
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt#define ISC_SHA256_SHORT_BLOCK_LENGTH (ISC_SHA256_BLOCK_LENGTH - 8)
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt#define ISC_SHA384_SHORT_BLOCK_LENGTH (ISC_SHA384_BLOCK_LENGTH - 16)
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt#define ISC_SHA512_SHORT_BLOCK_LENGTH (ISC_SHA512_BLOCK_LENGTH - 16)
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt/*** ENDIAN REVERSAL MACROS *******************************************/
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt#if BYTE_ORDER == LITTLE_ENDIAN
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt#define REVERSE32(w,x) { \
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt isc_uint32_t tmp = (w); \
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt tmp = (tmp >> 16) | (tmp << 16); \
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt (x) = ((tmp & 0xff00ff00UL) >> 8) | ((tmp & 0x00ff00ffUL) << 8); \
793814f80703afdd69b59ade91e63efa81ae4178Evan Hunt}
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt#define REVERSE64(w,x) { \
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt isc_uint64_t tmp = (w); \
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt tmp = (tmp >> 32) | (tmp << 32); \
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt tmp = ((tmp & 0xff00ff00ff00ff00ULL) >> 8) | \
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt ((tmp & 0x00ff00ff00ff00ffULL) << 8); \
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt (x) = ((tmp & 0xffff0000ffff0000ULL) >> 16) | \
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt ((tmp & 0x0000ffff0000ffffULL) << 16); \
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt}
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt#endif /* BYTE_ORDER == LITTLE_ENDIAN */
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt/*
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt * Macro for incrementally adding the unsigned 64-bit integer n to the
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt * unsigned 128-bit integer (represented using a two-element array of
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt * 64-bit words):
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt */
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt#define ADDINC128(w,n) { \
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt (w)[0] += (isc_uint64_t)(n); \
abff0f462a758383d012887d3a97da4dac0c5a94Evan Hunt if ((w)[0] < (n)) { \
abff0f462a758383d012887d3a97da4dac0c5a94Evan Hunt (w)[1]++; \
abff0f462a758383d012887d3a97da4dac0c5a94Evan Hunt } \
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt}
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt/*** THE SIX LOGICAL FUNCTIONS ****************************************/
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt/*
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt * Bit shifting and rotation (used by the six SHA-XYZ logical functions:
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt *
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt * NOTE: The naming of R and S appears backwards here (R is a SHIFT and
abff0f462a758383d012887d3a97da4dac0c5a94Evan Hunt * S is a ROTATION) because the SHA-256/384/512 description document
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt * (see http://csrc.nist.gov/cryptval/shs/sha256-384-512.pdf) uses this
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt * same "backwards" definition.
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt */
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt/* Shift-right (used in SHA-256, SHA-384, and SHA-512): */
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt#define R(b,x) ((x) >> (b))
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt/* 32-bit Rotate-right (used in SHA-256): */
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt#define S32(b,x) (((x) >> (b)) | ((x) << (32 - (b))))
793814f80703afdd69b59ade91e63efa81ae4178Evan Hunt/* 64-bit Rotate-right (used in SHA-384 and SHA-512): */
793814f80703afdd69b59ade91e63efa81ae4178Evan Hunt#define S64(b,x) (((x) >> (b)) | ((x) << (64 - (b))))
793814f80703afdd69b59ade91e63efa81ae4178Evan Hunt
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt/* Two of six logical functions used in SHA-256, SHA-384, and SHA-512: */
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt#define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z)))
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt#define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt/* Four of six logical functions used in SHA-256: */
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt#define Sigma0_256(x) (S32(2, (x)) ^ S32(13, (x)) ^ S32(22, (x)))
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt#define Sigma1_256(x) (S32(6, (x)) ^ S32(11, (x)) ^ S32(25, (x)))
793814f80703afdd69b59ade91e63efa81ae4178Evan Hunt#define sigma0_256(x) (S32(7, (x)) ^ S32(18, (x)) ^ R(3 , (x)))
793814f80703afdd69b59ade91e63efa81ae4178Evan Hunt#define sigma1_256(x) (S32(17, (x)) ^ S32(19, (x)) ^ R(10, (x)))
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt/* Four of six logical functions used in SHA-384 and SHA-512: */
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt#define Sigma0_512(x) (S64(28, (x)) ^ S64(34, (x)) ^ S64(39, (x)))
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt#define Sigma1_512(x) (S64(14, (x)) ^ S64(18, (x)) ^ S64(41, (x)))
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt#define sigma0_512(x) (S64( 1, (x)) ^ S64( 8, (x)) ^ R( 7, (x)))
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt#define sigma1_512(x) (S64(19, (x)) ^ S64(61, (x)) ^ R( 6, (x)))
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt/*** INTERNAL FUNCTION PROTOTYPES *************************************/
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt/* NOTE: These should not be accessed directly from outside this
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt * library -- they are intended for private internal visibility/use
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt * only.
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt */
cf786a52ce85fd069c764a7de3d036b63a741153Automatic Updatervoid isc_sha512_last(isc_sha512_t *);
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Huntvoid isc_sha256_transform(isc_sha256_t *, const isc_uint32_t*);
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Huntvoid isc_sha512_transform(isc_sha512_t *, const isc_uint64_t*);
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt/*** SHA-XYZ INITIAL HASH VALUES AND CONSTANTS ************************/
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt/* Hash constant words K for SHA-224 and SHA-256: */
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Huntstatic const isc_uint32_t K256[64] = {
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt 0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL,
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt 0x3956c25bUL, 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL,
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt 0xd807aa98UL, 0x12835b01UL, 0x243185beUL, 0x550c7dc3UL,
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt 0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL, 0xc19bf174UL,
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt 0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL,
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt 0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL,
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt 0x983e5152UL, 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL,
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt 0xc6e00bf3UL, 0xd5a79147UL, 0x06ca6351UL, 0x14292967UL,
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt 0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL, 0x53380d13UL,
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt 0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL,
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt 0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL,
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt 0xd192e819UL, 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL,
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt 0x19a4c116UL, 0x1e376c08UL, 0x2748774cUL, 0x34b0bcb5UL,
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt 0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL, 0x682e6ff3UL,
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt 0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL,
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt 0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt};
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt/* Initial hash value H for SHA-224: */
41bbb34bc20f189af62e7047ce42822615417f15Evan Huntstatic const isc_uint32_t sha224_initial_hash_value[8] = {
41bbb34bc20f189af62e7047ce42822615417f15Evan Hunt 0xc1059ed8UL,
41bbb34bc20f189af62e7047ce42822615417f15Evan Hunt 0x367cd507UL,
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt 0x3070dd17UL,
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt 0xf70e5939UL,
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt 0xffc00b31UL,
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt 0x68581511UL,
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt 0x64f98fa7UL,
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt 0xbefa4fa4UL
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt};
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt/* Initial hash value H for SHA-256: */
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Huntstatic const isc_uint32_t sha256_initial_hash_value[8] = {
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt 0x6a09e667UL,
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt 0xbb67ae85UL,
c1d33c159bf81d6faf9948ac9a6f307ca52284afEvan Hunt 0x3c6ef372UL,
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt 0xa54ff53aUL,
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt 0x510e527fUL,
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt 0x9b05688cUL,
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt 0x1f83d9abUL,
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt 0x5be0cd19UL
c1d33c159bf81d6faf9948ac9a6f307ca52284afEvan Hunt};
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt/* Hash constant words K for SHA-384 and SHA-512: */
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Huntstatic const isc_uint64_t K512[80] = {
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt 0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL,
45b727f651aba2cbd2f9db51ccfb4b541520a5deMark Andrews 0xb5c0fbcfec4d3b2fULL, 0xe9b5dba58189dbbcULL,
08df939613d7f20bdac132a93efc537bb457ccfaTinderbox User 0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL,
45b727f651aba2cbd2f9db51ccfb4b541520a5deMark Andrews 0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL,
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt 0xd807aa98a3030242ULL, 0x12835b0145706fbeULL,
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt 0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL,
0148654d85b2818f9317b428a67701f4585c8243Scott Mann 0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL,
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt 0x9bdc06a725c71235ULL, 0xc19bf174cf692694ULL,
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt 0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL,
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt 0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL,
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt 0x2de92c6f592b0275ULL, 0x4a7484aa6ea6e483ULL,
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt 0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL,
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt 0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL,
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt 0xb00327c898fb213fULL, 0xbf597fc7beef0ee4ULL,
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt 0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL,
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt 0x06ca6351e003826fULL, 0x142929670a0e6e70ULL,
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt 0x27b70a8546d22ffcULL, 0x2e1b21385c26c926ULL,
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt 0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL,
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt 0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL,
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt 0x81c2c92e47edaee6ULL, 0x92722c851482353bULL,
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt 0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL,
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt 0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL,
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt 0xd192e819d6ef5218ULL, 0xd69906245565a910ULL,
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt 0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL,
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt 0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL,
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt 0x2748774cdf8eeb99ULL, 0x34b0bcb5e19b48a8ULL,
c1d33c159bf81d6faf9948ac9a6f307ca52284afEvan Hunt 0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL,
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt 0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL,
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt 0x748f82ee5defb2fcULL, 0x78a5636f43172f60ULL,
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt 0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL,
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt 0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL,
50f64cf0e58073f61bea3e1e4a9ad258bca80961Francis Dupont 0xbef9a3f7b2c67915ULL, 0xc67178f2e372532bULL,
50f64cf0e58073f61bea3e1e4a9ad258bca80961Francis Dupont 0xca273eceea26619cULL, 0xd186b8c721c0c207ULL,
50f64cf0e58073f61bea3e1e4a9ad258bca80961Francis Dupont 0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL,
50f64cf0e58073f61bea3e1e4a9ad258bca80961Francis Dupont 0x06f067aa72176fbaULL, 0x0a637dc5a2c898a6ULL,
50f64cf0e58073f61bea3e1e4a9ad258bca80961Francis Dupont 0x113f9804bef90daeULL, 0x1b710b35131c471bULL,
50f64cf0e58073f61bea3e1e4a9ad258bca80961Francis Dupont 0x28db77f523047d84ULL, 0x32caab7b40c72493ULL,
50f64cf0e58073f61bea3e1e4a9ad258bca80961Francis Dupont 0x3c9ebe0a15c9bebcULL, 0x431d67c49c100d4cULL,
50f64cf0e58073f61bea3e1e4a9ad258bca80961Francis Dupont 0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL,
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt 0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt};
abff0f462a758383d012887d3a97da4dac0c5a94Evan Hunt
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt/* Initial hash value H for SHA-384: */
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Huntstatic const isc_uint64_t sha384_initial_hash_value[8] = {
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt 0xcbbb9d5dc1059ed8ULL,
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt 0x629a292a367cd507ULL,
c1d33c159bf81d6faf9948ac9a6f307ca52284afEvan Hunt 0x9159015a3070dd17ULL,
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt 0x152fecd8f70e5939ULL,
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt 0x67332667ffc00b31ULL,
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt 0x8eb44a8768581511ULL,
50f64cf0e58073f61bea3e1e4a9ad258bca80961Francis Dupont 0xdb0c2e0d64f98fa7ULL,
50f64cf0e58073f61bea3e1e4a9ad258bca80961Francis Dupont 0x47b5481dbefa4fa4ULL
50f64cf0e58073f61bea3e1e4a9ad258bca80961Francis Dupont};
50f64cf0e58073f61bea3e1e4a9ad258bca80961Francis Dupont
50f64cf0e58073f61bea3e1e4a9ad258bca80961Francis Dupont/* Initial hash value H for SHA-512: */
50f64cf0e58073f61bea3e1e4a9ad258bca80961Francis Dupontstatic const isc_uint64_t sha512_initial_hash_value[8] = {
50f64cf0e58073f61bea3e1e4a9ad258bca80961Francis Dupont 0x6a09e667f3bcc908ULL,
50f64cf0e58073f61bea3e1e4a9ad258bca80961Francis Dupont 0xbb67ae8584caa73bULL,
50f64cf0e58073f61bea3e1e4a9ad258bca80961Francis Dupont 0x3c6ef372fe94f82bULL,
50f64cf0e58073f61bea3e1e4a9ad258bca80961Francis Dupont 0xa54ff53a5f1d36f1ULL,
50f64cf0e58073f61bea3e1e4a9ad258bca80961Francis Dupont 0x510e527fade682d1ULL,
50f64cf0e58073f61bea3e1e4a9ad258bca80961Francis Dupont 0x9b05688c2b3e6c1fULL,
50f64cf0e58073f61bea3e1e4a9ad258bca80961Francis Dupont 0x1f83d9abfb41bd6bULL,
50f64cf0e58073f61bea3e1e4a9ad258bca80961Francis Dupont 0x5be0cd19137e2179ULL
50f64cf0e58073f61bea3e1e4a9ad258bca80961Francis Dupont};
50f64cf0e58073f61bea3e1e4a9ad258bca80961Francis Dupont
50f64cf0e58073f61bea3e1e4a9ad258bca80961Francis Dupont/*
50f64cf0e58073f61bea3e1e4a9ad258bca80961Francis Dupont * Constant used by SHA256/384/512_End() functions for converting the
50f64cf0e58073f61bea3e1e4a9ad258bca80961Francis Dupont * digest to a readable hexadecimal character string:
50f64cf0e58073f61bea3e1e4a9ad258bca80961Francis Dupont */
50f64cf0e58073f61bea3e1e4a9ad258bca80961Francis Dupontstatic const char *sha2_hex_digits = "0123456789abcdef";
50f64cf0e58073f61bea3e1e4a9ad258bca80961Francis Dupont
261543671b70b078a2d55bbf16ef78ae2074bbdcEvan Hunt
261543671b70b078a2d55bbf16ef78ae2074bbdcEvan Hunt
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt/*** SHA-224: *********************************************************/
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Huntvoid
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Huntisc_sha224_init(isc_sha224_t *context) {
cbd1fa092ea66bfa9990c5e515725646295396c5Evan Hunt if (context == (isc_sha256_t *)0) {
cbd1fa092ea66bfa9990c5e515725646295396c5Evan Hunt return;
cbd1fa092ea66bfa9990c5e515725646295396c5Evan Hunt }
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt memcpy(context->state, sha224_initial_hash_value,
cbd1fa092ea66bfa9990c5e515725646295396c5Evan Hunt ISC_SHA256_DIGESTLENGTH);
cbd1fa092ea66bfa9990c5e515725646295396c5Evan Hunt memset(context->buffer, 0, ISC_SHA256_BLOCK_LENGTH);
cbd1fa092ea66bfa9990c5e515725646295396c5Evan Hunt context->bitcount = 0;
d51456e4537729c2263303350abeff45379b1105Evan Hunt}
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Huntvoid
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Huntisc_sha224_update(isc_sha224_t *context, const isc_uint8_t* data, size_t len) {
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt isc_sha256_update((isc_sha256_t *)context, data, len);
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt}
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Huntvoid
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Huntisc_sha224_final(isc_uint8_t digest[], isc_sha256_t *context) {
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt isc_uint8_t sha256_digest[ISC_SHA256_DIGESTLENGTH];
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt isc_sha256_final(sha256_digest, (isc_sha256_t *)context);
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt memcpy(digest, sha256_digest, ISC_SHA224_DIGESTLENGTH);
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt memset(sha256_digest, 0, ISC_SHA256_DIGESTLENGTH);
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt}
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Huntchar *
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Huntisc_sha224_end(isc_sha224_t *context, char buffer[]) {
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt isc_uint8_t digest[ISC_SHA224_DIGESTLENGTH], *d = digest;
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt unsigned int i;
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt /* Sanity check: */
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt REQUIRE(context != (isc_sha224_t *)0);
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt if (buffer != (char*)0) {
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt isc_sha224_final(digest, context);
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt for (i = 0; i < ISC_SHA224_DIGESTLENGTH; i++) {
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt *buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4];
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt *buffer++ = sha2_hex_digits[*d & 0x0f];
45b727f651aba2cbd2f9db51ccfb4b541520a5deMark Andrews d++;
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt }
45b727f651aba2cbd2f9db51ccfb4b541520a5deMark Andrews *buffer = (char)0;
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt } else {
45b727f651aba2cbd2f9db51ccfb4b541520a5deMark Andrews memset(context, 0, sizeof(context));
50f64cf0e58073f61bea3e1e4a9ad258bca80961Francis Dupont }
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt memset(digest, 0, ISC_SHA224_DIGESTLENGTH);
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt return buffer;
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt}
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Huntchar*
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Huntisc_sha224_data(const isc_uint8_t *data, size_t len,
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt char digest[ISC_SHA224_DIGESTSTRINGLENGTH])
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt{
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt isc_sha224_t context;
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt isc_sha224_init(&context);
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt isc_sha224_update(&context, data, len);
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt return (isc_sha224_end(&context, digest));
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt}
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt/*** SHA-256: *********************************************************/
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Huntvoid
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Huntisc_sha256_init(isc_sha256_t *context) {
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt if (context == (isc_sha256_t *)0) {
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt return;
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt }
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt memcpy(context->state, sha256_initial_hash_value,
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt ISC_SHA256_DIGESTLENGTH);
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt memset(context->buffer, 0, ISC_SHA256_BLOCK_LENGTH);
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt context->bitcount = 0;
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt}
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt#ifdef ISC_SHA2_UNROLL_TRANSFORM
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt/* Unrolled SHA-256 round macros: */
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt#if BYTE_ORDER == LITTLE_ENDIAN
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt#define ROUND256_0_TO_15(a,b,c,d,e,f,g,h) \
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt REVERSE32(*data++, W256[j]); \
50f64cf0e58073f61bea3e1e4a9ad258bca80961Francis Dupont T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + \
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt K256[j] + W256[j]; \
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt (d) += T1; \
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt (h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt j++
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt#else /* BYTE_ORDER == LITTLE_ENDIAN */
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt#define ROUND256_0_TO_15(a,b,c,d,e,f,g,h) \
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + \
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt K256[j] + (W256[j] = *data++); \
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt (d) += T1; \
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt (h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt j++
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt#endif /* BYTE_ORDER == LITTLE_ENDIAN */
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt#define ROUND256(a,b,c,d,e,f,g,h) \
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt s0 = W256[(j+1)&0x0f]; \
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt s0 = sigma0_256(s0); \
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt s1 = W256[(j+14)&0x0f]; \
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt s1 = sigma1_256(s1); \
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + K256[j] + \
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt (W256[j&0x0f] += s1 + W256[(j+9)&0x0f] + s0); \
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt (d) += T1; \
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt (h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt j++
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Huntvoid isc_sha256_transform(isc_sha256_t *context, const isc_uint32_t* data) {
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt isc_uint32_t a, b, c, d, e, f, g, h, s0, s1;
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt isc_uint32_t T1, *W256;
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt int j;
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt W256 = (isc_uint32_t*)context->buffer;
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt /* Initialize registers with the prev. intermediate value */
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt a = context->state[0];
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt b = context->state[1];
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt c = context->state[2];
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt d = context->state[3];
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt e = context->state[4];
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt f = context->state[5];
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt g = context->state[6];
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt h = context->state[7];
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt j = 0;
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt do {
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt /* Rounds 0 to 15 (unrolled): */
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt ROUND256_0_TO_15(a,b,c,d,e,f,g,h);
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt ROUND256_0_TO_15(h,a,b,c,d,e,f,g);
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt ROUND256_0_TO_15(g,h,a,b,c,d,e,f);
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt ROUND256_0_TO_15(f,g,h,a,b,c,d,e);
2b8bed6681d1541474f022586cbe728dfce36880Evan Hunt ROUND256_0_TO_15(e,f,g,h,a,b,c,d);
2b8bed6681d1541474f022586cbe728dfce36880Evan Hunt ROUND256_0_TO_15(d,e,f,g,h,a,b,c);
2b8bed6681d1541474f022586cbe728dfce36880Evan Hunt ROUND256_0_TO_15(c,d,e,f,g,h,a,b);
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt ROUND256_0_TO_15(b,c,d,e,f,g,h,a);
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt } while (j < 16);
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt /* Now for the remaining rounds to 64: */
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt do {
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt ROUND256(a,b,c,d,e,f,g,h);
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt ROUND256(h,a,b,c,d,e,f,g);
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt ROUND256(g,h,a,b,c,d,e,f);
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt ROUND256(f,g,h,a,b,c,d,e);
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt ROUND256(e,f,g,h,a,b,c,d);
2b8bed6681d1541474f022586cbe728dfce36880Evan Hunt ROUND256(d,e,f,g,h,a,b,c);
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt ROUND256(c,d,e,f,g,h,a,b);
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt ROUND256(b,c,d,e,f,g,h,a);
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt } while (j < 64);
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt /* Compute the current intermediate hash value */
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt context->state[0] += a;
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt context->state[1] += b;
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt context->state[2] += c;
2732d4922c2e72a399204320791acfd2fd3d6c7cMark Andrews context->state[3] += d;
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt context->state[4] += e;
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt context->state[5] += f;
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt context->state[6] += g;
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt context->state[7] += h;
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt /* Clean up */
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt a = b = c = d = e = f = g = h = T1 = 0;
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt}
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt#else /* ISC_SHA2_UNROLL_TRANSFORM */
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Huntvoid
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Huntisc_sha256_transform(isc_sha256_t *context, const isc_uint32_t* data) {
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt isc_uint32_t a, b, c, d, e, f, g, h, s0, s1;
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt isc_uint32_t T1, T2, *W256;
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt int j;
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt W256 = (isc_uint32_t*)context->buffer;
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt /* Initialize registers with the prev. intermediate value */
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt a = context->state[0];
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt b = context->state[1];
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt c = context->state[2];
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt d = context->state[3];
2732d4922c2e72a399204320791acfd2fd3d6c7cMark Andrews e = context->state[4];
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt f = context->state[5];
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt g = context->state[6];
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt h = context->state[7];
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt j = 0;
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt do {
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt#if BYTE_ORDER == LITTLE_ENDIAN
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt /* Copy data while converting to host byte order */
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt REVERSE32(*data++,W256[j]);
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt /* Apply the SHA-256 compression function to update a..h */
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + W256[j];
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt#else /* BYTE_ORDER == LITTLE_ENDIAN */
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt /* Apply the SHA-256 compression function to update a..h with copy */
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + (W256[j] = *data++);
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt#endif /* BYTE_ORDER == LITTLE_ENDIAN */
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt T2 = Sigma0_256(a) + Maj(a, b, c);
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt h = g;
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt g = f;
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt f = e;
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt e = d + T1;
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt d = c;
2732d4922c2e72a399204320791acfd2fd3d6c7cMark Andrews c = b;
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt b = a;
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt a = T1 + T2;
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt j++;
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt } while (j < 16);
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt do {
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt /* Part of the message block expansion: */
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt s0 = W256[(j+1)&0x0f];
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt s0 = sigma0_256(s0);
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt s1 = W256[(j+14)&0x0f];
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt s1 = sigma1_256(s1);
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt /* Apply the SHA-256 compression function to update a..h */
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] +
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt (W256[j&0x0f] += s1 + W256[(j+9)&0x0f] + s0);
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt T2 = Sigma0_256(a) + Maj(a, b, c);
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt h = g;
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt g = f;
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt f = e;
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt e = d + T1;
2732d4922c2e72a399204320791acfd2fd3d6c7cMark Andrews d = c;
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt c = b;
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt b = a;
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt a = T1 + T2;
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt j++;
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt } while (j < 64);
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt /* Compute the current intermediate hash value */
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt context->state[0] += a;
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt context->state[1] += b;
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt context->state[2] += c;
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt context->state[3] += d;
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt context->state[4] += e;
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt context->state[5] += f;
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt context->state[6] += g;
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt context->state[7] += h;
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt /* Clean up */
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt a = b = c = d = e = f = g = h = T1 = T2 = 0;
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt}
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt#endif /* ISC_SHA2_UNROLL_TRANSFORM */
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Huntvoid
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Huntisc_sha256_update(isc_sha256_t *context, const isc_uint8_t *data, size_t len) {
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt unsigned int freespace, usedspace;
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt if (len == 0) {
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt /* Calling with no data is valid - we do nothing */
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt return;
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt }
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt /* Sanity check: */
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt REQUIRE(context != (isc_sha256_t *)0 && data != (isc_uint8_t*)0);
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt usedspace = (context->bitcount >> 3) % ISC_SHA256_BLOCK_LENGTH;
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt if (usedspace > 0) {
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt /* Calculate how much free space is available in the buffer */
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt freespace = ISC_SHA256_BLOCK_LENGTH - usedspace;
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt if (len >= freespace) {
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt /* Fill the buffer completely and process it */
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt memcpy(&context->buffer[usedspace], data, freespace);
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt context->bitcount += freespace << 3;
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt len -= freespace;
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt data += freespace;
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt isc_sha256_transform(context, (isc_uint32_t*)context->buffer);
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt } else {
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt /* The buffer is not yet full */
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt memcpy(&context->buffer[usedspace], data, len);
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt context->bitcount += len << 3;
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt /* Clean up: */
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt usedspace = freespace = 0;
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt return;
72c86c105a7cf315036d7131a4ef408bc6227639Evan Hunt }
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt }
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt while (len >= ISC_SHA256_BLOCK_LENGTH) {
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt /* Process as many complete blocks as we can */
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt isc_sha256_transform(context, (const isc_uint32_t*)data);
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt context->bitcount += ISC_SHA256_BLOCK_LENGTH << 3;
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt len -= ISC_SHA256_BLOCK_LENGTH;
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt data += ISC_SHA256_BLOCK_LENGTH;
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt }
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt if (len > 0) {
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt /* There's left-overs, so save 'em */
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt memcpy(context->buffer, data, len);
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt context->bitcount += len << 3;
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt }
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt /* Clean up: */
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt usedspace = freespace = 0;
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt}
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Huntvoid
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Huntisc_sha256_final(isc_uint8_t digest[], isc_sha256_t *context) {
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt isc_uint32_t *d = (isc_uint32_t*)digest;
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt unsigned int usedspace;
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt /* Sanity check: */
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt REQUIRE(context != (isc_sha256_t *)0);
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt
422009fe5b15e31e7f5d09212bd1480121a1464eEvan Hunt /* If no digest buffer is passed, we don't bother doing this: */
if (digest != (isc_uint8_t*)0) {
usedspace = (context->bitcount >> 3) % ISC_SHA256_BLOCK_LENGTH;
#if BYTE_ORDER == LITTLE_ENDIAN
/* Convert FROM host byte order */
REVERSE64(context->bitcount,context->bitcount);
#endif
if (usedspace > 0) {
/* Begin padding with a 1 bit: */
context->buffer[usedspace++] = 0x80;
if (usedspace <= ISC_SHA256_SHORT_BLOCK_LENGTH) {
/* Set-up for the last transform: */
memset(&context->buffer[usedspace], 0, ISC_SHA256_SHORT_BLOCK_LENGTH - usedspace);
} else {
if (usedspace < ISC_SHA256_BLOCK_LENGTH) {
memset(&context->buffer[usedspace], 0, ISC_SHA256_BLOCK_LENGTH - usedspace);
}
/* Do second-to-last transform: */
isc_sha256_transform(context, (isc_uint32_t*)context->buffer);
/* And set-up for the last transform: */
memset(context->buffer, 0, ISC_SHA256_SHORT_BLOCK_LENGTH);
}
} else {
/* Set-up for the last transform: */
memset(context->buffer, 0, ISC_SHA256_SHORT_BLOCK_LENGTH);
/* Begin padding with a 1 bit: */
*context->buffer = 0x80;
}
/* Set the bit count: */
*(isc_uint64_t*)&context->buffer[ISC_SHA256_SHORT_BLOCK_LENGTH] = context->bitcount;
/* Final transform: */
isc_sha256_transform(context, (isc_uint32_t*)context->buffer);
#if BYTE_ORDER == LITTLE_ENDIAN
{
/* Convert TO host byte order */
int j;
for (j = 0; j < 8; j++) {
REVERSE32(context->state[j],context->state[j]);
*d++ = context->state[j];
}
}
#else
memcpy(d, context->state, ISC_SHA256_DIGESTLENGTH);
#endif
}
/* Clean up state data: */
memset(context, 0, sizeof(context));
usedspace = 0;
}
char *
isc_sha256_end(isc_sha256_t *context, char buffer[]) {
isc_uint8_t digest[ISC_SHA256_DIGESTLENGTH], *d = digest;
unsigned int i;
/* Sanity check: */
REQUIRE(context != (isc_sha256_t *)0);
if (buffer != (char*)0) {
isc_sha256_final(digest, context);
for (i = 0; i < ISC_SHA256_DIGESTLENGTH; i++) {
*buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4];
*buffer++ = sha2_hex_digits[*d & 0x0f];
d++;
}
*buffer = (char)0;
} else {
memset(context, 0, sizeof(context));
}
memset(digest, 0, ISC_SHA256_DIGESTLENGTH);
return buffer;
}
char *
isc_sha256_data(const isc_uint8_t* data, size_t len,
char digest[ISC_SHA256_DIGESTSTRINGLENGTH])
{
isc_sha256_t context;
isc_sha256_init(&context);
isc_sha256_update(&context, data, len);
return (isc_sha256_end(&context, digest));
}
/*** SHA-512: *********************************************************/
void
isc_sha512_init(isc_sha512_t *context) {
if (context == (isc_sha512_t *)0) {
return;
}
memcpy(context->state, sha512_initial_hash_value,
ISC_SHA512_DIGESTLENGTH);
memset(context->buffer, 0, ISC_SHA512_BLOCK_LENGTH);
context->bitcount[0] = context->bitcount[1] = 0;
}
#ifdef ISC_SHA2_UNROLL_TRANSFORM
/* Unrolled SHA-512 round macros: */
#if BYTE_ORDER == LITTLE_ENDIAN
#define ROUND512_0_TO_15(a,b,c,d,e,f,g,h) \
REVERSE64(*data++, W512[j]); \
T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + \
K512[j] + W512[j]; \
(d) += T1, \
(h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)), \
j++
#else /* BYTE_ORDER == LITTLE_ENDIAN */
#define ROUND512_0_TO_15(a,b,c,d,e,f,g,h) \
T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + \
K512[j] + (W512[j] = *data++); \
(d) += T1; \
(h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)); \
j++
#endif /* BYTE_ORDER == LITTLE_ENDIAN */
#define ROUND512(a,b,c,d,e,f,g,h) \
s0 = W512[(j+1)&0x0f]; \
s0 = sigma0_512(s0); \
s1 = W512[(j+14)&0x0f]; \
s1 = sigma1_512(s1); \
T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + K512[j] + \
(W512[j&0x0f] += s1 + W512[(j+9)&0x0f] + s0); \
(d) += T1; \
(h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)); \
j++
void isc_sha512_transform(isc_sha512_t *context, const isc_uint64_t* data) {
isc_uint64_t a, b, c, d, e, f, g, h, s0, s1;
isc_uint64_t T1, *W512 = (isc_uint64_t*)context->buffer;
int j;
/* Initialize registers with the prev. intermediate value */
a = context->state[0];
b = context->state[1];
c = context->state[2];
d = context->state[3];
e = context->state[4];
f = context->state[5];
g = context->state[6];
h = context->state[7];
j = 0;
do {
ROUND512_0_TO_15(a,b,c,d,e,f,g,h);
ROUND512_0_TO_15(h,a,b,c,d,e,f,g);
ROUND512_0_TO_15(g,h,a,b,c,d,e,f);
ROUND512_0_TO_15(f,g,h,a,b,c,d,e);
ROUND512_0_TO_15(e,f,g,h,a,b,c,d);
ROUND512_0_TO_15(d,e,f,g,h,a,b,c);
ROUND512_0_TO_15(c,d,e,f,g,h,a,b);
ROUND512_0_TO_15(b,c,d,e,f,g,h,a);
} while (j < 16);
/* Now for the remaining rounds up to 79: */
do {
ROUND512(a,b,c,d,e,f,g,h);
ROUND512(h,a,b,c,d,e,f,g);
ROUND512(g,h,a,b,c,d,e,f);
ROUND512(f,g,h,a,b,c,d,e);
ROUND512(e,f,g,h,a,b,c,d);
ROUND512(d,e,f,g,h,a,b,c);
ROUND512(c,d,e,f,g,h,a,b);
ROUND512(b,c,d,e,f,g,h,a);
} while (j < 80);
/* Compute the current intermediate hash value */
context->state[0] += a;
context->state[1] += b;
context->state[2] += c;
context->state[3] += d;
context->state[4] += e;
context->state[5] += f;
context->state[6] += g;
context->state[7] += h;
/* Clean up */
a = b = c = d = e = f = g = h = T1 = 0;
}
#else /* ISC_SHA2_UNROLL_TRANSFORM */
void
isc_sha512_transform(isc_sha512_t *context, const isc_uint64_t* data) {
isc_uint64_t a, b, c, d, e, f, g, h, s0, s1;
isc_uint64_t T1, T2, *W512 = (isc_uint64_t*)context->buffer;
int j;
/* Initialize registers with the prev. intermediate value */
a = context->state[0];
b = context->state[1];
c = context->state[2];
d = context->state[3];
e = context->state[4];
f = context->state[5];
g = context->state[6];
h = context->state[7];
j = 0;
do {
#if BYTE_ORDER == LITTLE_ENDIAN
/* Convert TO host byte order */
REVERSE64(*data++, W512[j]);
/* Apply the SHA-512 compression function to update a..h */
T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + W512[j];
#else /* BYTE_ORDER == LITTLE_ENDIAN */
/* Apply the SHA-512 compression function to update a..h with copy */
T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + (W512[j] = *data++);
#endif /* BYTE_ORDER == LITTLE_ENDIAN */
T2 = Sigma0_512(a) + Maj(a, b, c);
h = g;
g = f;
f = e;
e = d + T1;
d = c;
c = b;
b = a;
a = T1 + T2;
j++;
} while (j < 16);
do {
/* Part of the message block expansion: */
s0 = W512[(j+1)&0x0f];
s0 = sigma0_512(s0);
s1 = W512[(j+14)&0x0f];
s1 = sigma1_512(s1);
/* Apply the SHA-512 compression function to update a..h */
T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] +
(W512[j&0x0f] += s1 + W512[(j+9)&0x0f] + s0);
T2 = Sigma0_512(a) + Maj(a, b, c);
h = g;
g = f;
f = e;
e = d + T1;
d = c;
c = b;
b = a;
a = T1 + T2;
j++;
} while (j < 80);
/* Compute the current intermediate hash value */
context->state[0] += a;
context->state[1] += b;
context->state[2] += c;
context->state[3] += d;
context->state[4] += e;
context->state[5] += f;
context->state[6] += g;
context->state[7] += h;
/* Clean up */
a = b = c = d = e = f = g = h = T1 = T2 = 0;
}
#endif /* ISC_SHA2_UNROLL_TRANSFORM */
void isc_sha512_update(isc_sha512_t *context, const isc_uint8_t *data, size_t len) {
unsigned int freespace, usedspace;
if (len == 0) {
/* Calling with no data is valid - we do nothing */
return;
}
/* Sanity check: */
REQUIRE(context != (isc_sha512_t *)0 && data != (isc_uint8_t*)0);
usedspace = (context->bitcount[0] >> 3) % ISC_SHA512_BLOCK_LENGTH;
if (usedspace > 0) {
/* Calculate how much free space is available in the buffer */
freespace = ISC_SHA512_BLOCK_LENGTH - usedspace;
if (len >= freespace) {
/* Fill the buffer completely and process it */
memcpy(&context->buffer[usedspace], data, freespace);
ADDINC128(context->bitcount, freespace << 3);
len -= freespace;
data += freespace;
isc_sha512_transform(context, (isc_uint64_t*)context->buffer);
} else {
/* The buffer is not yet full */
memcpy(&context->buffer[usedspace], data, len);
ADDINC128(context->bitcount, len << 3);
/* Clean up: */
usedspace = freespace = 0;
return;
}
}
while (len >= ISC_SHA512_BLOCK_LENGTH) {
/* Process as many complete blocks as we can */
isc_sha512_transform(context, (const isc_uint64_t*)data);
ADDINC128(context->bitcount, ISC_SHA512_BLOCK_LENGTH << 3);
len -= ISC_SHA512_BLOCK_LENGTH;
data += ISC_SHA512_BLOCK_LENGTH;
}
if (len > 0) {
/* There's left-overs, so save 'em */
memcpy(context->buffer, data, len);
ADDINC128(context->bitcount, len << 3);
}
/* Clean up: */
usedspace = freespace = 0;
}
void isc_sha512_last(isc_sha512_t *context) {
unsigned int usedspace;
usedspace = (context->bitcount[0] >> 3) % ISC_SHA512_BLOCK_LENGTH;
#if BYTE_ORDER == LITTLE_ENDIAN
/* Convert FROM host byte order */
REVERSE64(context->bitcount[0],context->bitcount[0]);
REVERSE64(context->bitcount[1],context->bitcount[1]);
#endif
if (usedspace > 0) {
/* Begin padding with a 1 bit: */
context->buffer[usedspace++] = 0x80;
if (usedspace <= ISC_SHA512_SHORT_BLOCK_LENGTH) {
/* Set-up for the last transform: */
memset(&context->buffer[usedspace], 0, ISC_SHA512_SHORT_BLOCK_LENGTH - usedspace);
} else {
if (usedspace < ISC_SHA512_BLOCK_LENGTH) {
memset(&context->buffer[usedspace], 0, ISC_SHA512_BLOCK_LENGTH - usedspace);
}
/* Do second-to-last transform: */
isc_sha512_transform(context, (isc_uint64_t*)context->buffer);
/* And set-up for the last transform: */
memset(context->buffer, 0, ISC_SHA512_BLOCK_LENGTH - 2);
}
} else {
/* Prepare for final transform: */
memset(context->buffer, 0, ISC_SHA512_SHORT_BLOCK_LENGTH);
/* Begin padding with a 1 bit: */
*context->buffer = 0x80;
}
/* Store the length of input data (in bits): */
*(isc_uint64_t*)&context->buffer[ISC_SHA512_SHORT_BLOCK_LENGTH] = context->bitcount[1];
*(isc_uint64_t*)&context->buffer[ISC_SHA512_SHORT_BLOCK_LENGTH+8] = context->bitcount[0];
/* Final transform: */
isc_sha512_transform(context, (isc_uint64_t*)context->buffer);
}
void isc_sha512_final(isc_uint8_t digest[], isc_sha512_t *context) {
isc_uint64_t *d = (isc_uint64_t*)digest;
/* Sanity check: */
REQUIRE(context != (isc_sha512_t *)0);
/* If no digest buffer is passed, we don't bother doing this: */
if (digest != (isc_uint8_t*)0) {
isc_sha512_last(context);
/* Save the hash data for output: */
#if BYTE_ORDER == LITTLE_ENDIAN
{
/* Convert TO host byte order */
int j;
for (j = 0; j < 8; j++) {
REVERSE64(context->state[j],context->state[j]);
*d++ = context->state[j];
}
}
#else
memcpy(d, context->state, ISC_SHA512_DIGESTLENGTH);
#endif
}
/* Zero out state data */
memset(context, 0, sizeof(context));
}
char *
isc_sha512_end(isc_sha512_t *context, char buffer[]) {
isc_uint8_t digest[ISC_SHA512_DIGESTLENGTH], *d = digest;
unsigned int i;
/* Sanity check: */
REQUIRE(context != (isc_sha512_t *)0);
if (buffer != (char*)0) {
isc_sha512_final(digest, context);
for (i = 0; i < ISC_SHA512_DIGESTLENGTH; i++) {
*buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4];
*buffer++ = sha2_hex_digits[*d & 0x0f];
d++;
}
*buffer = (char)0;
} else {
memset(context, 0, sizeof(context));
}
memset(digest, 0, ISC_SHA512_DIGESTLENGTH);
return buffer;
}
char *
isc_sha512_data(const isc_uint8_t *data, size_t len,
char digest[ISC_SHA512_DIGESTSTRINGLENGTH])
{
isc_sha512_t context;
isc_sha512_init(&context);
isc_sha512_update(&context, data, len);
return (isc_sha512_end(&context, digest));
}
/*** SHA-384: *********************************************************/
void
isc_sha384_init(isc_sha384_t *context) {
if (context == (isc_sha384_t *)0) {
return;
}
memcpy(context->state, sha384_initial_hash_value,
ISC_SHA512_DIGESTLENGTH);
memset(context->buffer, 0, ISC_SHA384_BLOCK_LENGTH);
context->bitcount[0] = context->bitcount[1] = 0;
}
void
isc_sha384_update(isc_sha384_t *context, const isc_uint8_t* data, size_t len) {
isc_sha512_update((isc_sha512_t *)context, data, len);
}
void
isc_sha384_final(isc_uint8_t digest[], isc_sha384_t *context) {
isc_uint64_t *d = (isc_uint64_t*)digest;
/* Sanity check: */
REQUIRE(context != (isc_sha384_t *)0);
/* If no digest buffer is passed, we don't bother doing this: */
if (digest != (isc_uint8_t*)0) {
isc_sha512_last((isc_sha512_t *)context);
/* Save the hash data for output: */
#if BYTE_ORDER == LITTLE_ENDIAN
{
/* Convert TO host byte order */
int j;
for (j = 0; j < 6; j++) {
REVERSE64(context->state[j],context->state[j]);
*d++ = context->state[j];
}
}
#else
memcpy(d, context->state, ISC_SHA384_DIGESTLENGTH);
#endif
}
/* Zero out state data */
memset(context, 0, sizeof(context));
}
char *
isc_sha384_end(isc_sha384_t *context, char buffer[]) {
isc_uint8_t digest[ISC_SHA384_DIGESTLENGTH], *d = digest;
unsigned int i;
/* Sanity check: */
REQUIRE(context != (isc_sha384_t *)0);
if (buffer != (char*)0) {
isc_sha384_final(digest, context);
for (i = 0; i < ISC_SHA384_DIGESTLENGTH; i++) {
*buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4];
*buffer++ = sha2_hex_digits[*d & 0x0f];
d++;
}
*buffer = (char)0;
} else {
memset(context, 0, sizeof(context));
}
memset(digest, 0, ISC_SHA384_DIGESTLENGTH);
return buffer;
}
char*
isc_sha384_data(const isc_uint8_t *data, size_t len,
char digest[ISC_SHA384_DIGESTSTRINGLENGTH])
{
isc_sha384_t context;
isc_sha384_init(&context);
isc_sha384_update(&context, data, len);
return (isc_sha384_end(&context, digest));
}