Ruby  2.5.0dev(2017-10-22revision60238)
sha2.c
Go to the documentation of this file.
1 /*
2  * FILE: sha2.c
3  * AUTHOR: Aaron D. Gifford - http://www.aarongifford.com/
4  *
5  * Copyright (c) 2000-2001, Aaron D. Gifford
6  * All rights reserved.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  * 1. Redistributions of source code must retain the above copyright
12  * notice, this list of conditions and the following disclaimer.
13  * 2. Redistributions in binary form must reproduce the above copyright
14  * notice, this list of conditions and the following disclaimer in the
15  * documentation and/or other materials provided with the distribution.
16  * 3. Neither the name of the copyright holder nor the names of contributors
17  * may be used to endorse or promote products derived from this software
18  * without specific prior written permission.
19  *
20  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTOR(S) ``AS IS'' AND
21  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23  * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTOR(S) BE LIABLE
24  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30  * SUCH DAMAGE.
31  *
32  * $OrigId: sha2.c,v 1.1 2001/11/08 00:01:51 adg Exp adg $
33  * $RoughId: sha2.c,v 1.3 2002/02/26 22:03:36 knu Exp $
34  * $Id$
35  */
36 
37 #include "../defs.h"
38 #include <string.h> /* memcpy()/memset() or bcopy()/bzero() */
39 #include <assert.h> /* assert() */
40 #include "sha2.h"
41 
42 /*
43  * ASSERT NOTE:
44  * Some sanity checking code is included using assert(). On my FreeBSD
45  * system, this additional code can be removed by compiling with NDEBUG
46  * defined. Check your own systems manpage on assert() to see how to
47  * compile WITHOUT the sanity checking code on your system.
48  *
49  * UNROLLED TRANSFORM LOOP NOTE:
50  * You can define SHA2_UNROLL_TRANSFORM to use the unrolled transform
51  * loop version for the hash transform rounds (defined using macros
52  * later in this file). Either define on the command line, for example:
53  *
54  * cc -DSHA2_UNROLL_TRANSFORM -o sha2 sha2.c sha2prog.c
55  *
56  * or define below:
57  *
58  * #define SHA2_UNROLL_TRANSFORM
59  *
60  */
61 
62 
63 /*** SHA-256/384/512 Machine Architecture Definitions *****************/
64 /*
65  * BYTE_ORDER NOTE:
66  *
67  * Please make sure that your system defines BYTE_ORDER. If your
68  * architecture is little-endian, make sure it also defines
69  * LITTLE_ENDIAN and that the two (BYTE_ORDER and LITTLE_ENDIAN) are
70  * equivalent.
71  *
72  * If your system does not define the above, then you can do so by
73  * hand like this:
74  *
75  * #define LITTLE_ENDIAN 1234
76  * #define BIG_ENDIAN 4321
77  *
78  * And for little-endian machines, add:
79  *
80  * #define BYTE_ORDER LITTLE_ENDIAN
81  *
82  * Or for big-endian machines:
83  *
84  * #define BYTE_ORDER BIG_ENDIAN
85  *
86  * The FreeBSD machine this was written on defines BYTE_ORDER
87  * appropriately by including <sys/types.h> (which in turn includes
88  * <machine/endian.h> where the appropriate definitions are actually
89  * made).
90  */
91 #if !defined(BYTE_ORDER) || (BYTE_ORDER != LITTLE_ENDIAN && BYTE_ORDER != BIG_ENDIAN)
92 #error Define BYTE_ORDER to be equal to either LITTLE_ENDIAN or BIG_ENDIAN
93 #endif
94 
95 /*
96  * Define the followingsha2_* types to types of the correct length on
97  * the native archtecture. Most BSD systems and Linux define u_intXX_t
98  * types. Machines with very recent ANSI C headers, can use the
99  * uintXX_t definintions from inttypes.h by defining SHA2_USE_INTTYPES_H
100  * during compile or in the sha.h header file.
101  *
102  * Machines that support neither u_intXX_t nor inttypes.h's uintXX_t
103  * will need to define these three typedefs below (and the appropriate
104  * ones in sha.h too) by hand according to their system architecture.
105  *
106  * Thank you, Jun-ichiro itojun Hagino, for suggesting using u_intXX_t
107  * types and pointing out recent ANSI C support for uintXX_t in inttypes.h.
108  */
109 #ifdef SHA2_USE_INTTYPES_H
110 
111 typedef uint8_t sha2_byte; /* Exactly 1 byte */
112 typedef uint32_t sha2_word32; /* Exactly 4 bytes */
113 typedef uint64_t sha2_word64; /* Exactly 8 bytes */
114 
115 #else /* SHA2_USE_INTTYPES_H */
116 
117 typedef u_int8_t sha2_byte; /* Exactly 1 byte */
118 typedef u_int32_t sha2_word32; /* Exactly 4 bytes */
119 typedef u_int64_t sha2_word64; /* Exactly 8 bytes */
120 
121 #endif /* SHA2_USE_INTTYPES_H */
122 
123 
124 /*** SHA-256/384/512 Various Length Definitions ***********************/
125 /* NOTE: Most of these are in sha2.h */
126 #define SHA256_SHORT_BLOCK_LENGTH (SHA256_BLOCK_LENGTH - 8)
127 #define SHA384_SHORT_BLOCK_LENGTH (SHA384_BLOCK_LENGTH - 16)
128 #define SHA512_SHORT_BLOCK_LENGTH (SHA512_BLOCK_LENGTH - 16)
129 
130 
131 #if (defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L)) || defined(__GNUC__) || defined(_HPUX_SOURCE) || defined(__IBMC__)
132 #define ULL(number) number##ULL
133 #else
134 #define ULL(number) (uint64_t)(number)
135 #endif
136 /*** ENDIAN REVERSAL MACROS *******************************************/
137 #if BYTE_ORDER == LITTLE_ENDIAN
138 #define REVERSE32(w,x) { \
139  sha2_word32 tmp = (w); \
140  tmp = (tmp >> 16) | (tmp << 16); \
141  (x) = ((tmp & (sha2_word32)0xff00ff00UL) >> 8) | ((tmp & (sha2_word32)0x00ff00ffUL) << 8); \
142 }
143 #define REVERSE64(w,x) { \
144  sha2_word64 tmp = (w); \
145  tmp = (tmp >> 32) | (tmp << 32); \
146  tmp = ((tmp & ULL(0xff00ff00ff00ff00)) >> 8) | \
147  ((tmp & ULL(0x00ff00ff00ff00ff)) << 8); \
148  (x) = ((tmp & ULL(0xffff0000ffff0000)) >> 16) | \
149  ((tmp & ULL(0x0000ffff0000ffff)) << 16); \
150 }
151 #endif /* BYTE_ORDER == LITTLE_ENDIAN */
152 
153 /*
154  * Macro for incrementally adding the unsigned 64-bit integer n to the
155  * unsigned 128-bit integer (represented using a two-element array of
156  * 64-bit words):
157  */
158 #define ADDINC128(w,n) { \
159  (w)[0] += (sha2_word64)(n); \
160  if ((w)[0] < (n)) { \
161  (w)[1]++; \
162  } \
163 }
164 
165 /*
166  * Macros for copying blocks of memory and for zeroing out ranges
167  * of memory. Using these macros makes it easy to switch from
168  * using memset()/memcpy() and using bzero()/bcopy().
169  *
170  * Please define either SHA2_USE_MEMSET_MEMCPY or define
171  * SHA2_USE_BZERO_BCOPY depending on which function set you
172  * choose to use:
173  */
174 #if !defined(SHA2_USE_MEMSET_MEMCPY) && !defined(SHA2_USE_BZERO_BCOPY)
175 /* Default to memset()/memcpy() if no option is specified */
176 #define SHA2_USE_MEMSET_MEMCPY 1
177 #endif
178 #if defined(SHA2_USE_MEMSET_MEMCPY) && defined(SHA2_USE_BZERO_BCOPY)
179 /* Abort with an error if BOTH options are defined */
180 #error Define either SHA2_USE_MEMSET_MEMCPY or SHA2_USE_BZERO_BCOPY, not both!
181 #endif
182 
183 #ifdef SHA2_USE_MEMSET_MEMCPY
184 #define MEMSET_BZERO(p,l) memset((p), 0, (l))
185 #define MEMCPY_BCOPY(d,s,l) memcpy((d), (s), (l))
186 #endif
187 #ifdef SHA2_USE_BZERO_BCOPY
188 #define MEMSET_BZERO(p,l) bzero((p), (l))
189 #define MEMCPY_BCOPY(d,s,l) bcopy((s), (d), (l))
190 #endif
191 
192 
193 /*** THE SIX LOGICAL FUNCTIONS ****************************************/
194 /*
195  * Bit shifting and rotation (used by the six SHA-XYZ logical functions:
196  *
197  * NOTE: The naming of R and S appears backwards here (R is a SHIFT and
198  * S is a ROTATION) because the SHA-256/384/512 description document
199  * (see http://csrc.nist.gov/cryptval/shs/sha256-384-512.pdf) uses this
200  * same "backwards" definition.
201  */
202 /* Shift-right (used in SHA-256, SHA-384, and SHA-512): */
203 #define R(b,x) ((x) >> (b))
204 /* 32-bit Rotate-right (used in SHA-256): */
205 #define S32(b,x) (((x) >> (b)) | ((x) << (32 - (b))))
206 /* 64-bit Rotate-right (used in SHA-384 and SHA-512): */
207 #define S64(b,x) (((x) >> (b)) | ((x) << (64 - (b))))
208 
209 /* Two of six logical functions used in SHA-256, SHA-384, and SHA-512: */
210 #define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z)))
211 #define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
212 
213 /* Four of six logical functions used in SHA-256: */
214 #define Sigma0_256(x) (S32(2, (x)) ^ S32(13, (x)) ^ S32(22, (x)))
215 #define Sigma1_256(x) (S32(6, (x)) ^ S32(11, (x)) ^ S32(25, (x)))
216 #define sigma0_256(x) (S32(7, (x)) ^ S32(18, (x)) ^ R(3 , (x)))
217 #define sigma1_256(x) (S32(17, (x)) ^ S32(19, (x)) ^ R(10, (x)))
218 
219 /* Four of six logical functions used in SHA-384 and SHA-512: */
220 #define Sigma0_512(x) (S64(28, (x)) ^ S64(34, (x)) ^ S64(39, (x)))
221 #define Sigma1_512(x) (S64(14, (x)) ^ S64(18, (x)) ^ S64(41, (x)))
222 #define sigma0_512(x) (S64( 1, (x)) ^ S64( 8, (x)) ^ R( 7, (x)))
223 #define sigma1_512(x) (S64(19, (x)) ^ S64(61, (x)) ^ R( 6, (x)))
224 
225 /*** INTERNAL FUNCTION PROTOTYPES *************************************/
226 /* NOTE: These should not be accessed directly from outside this
227  * library -- they are intended for private internal visibility/use
228  * only.
229  */
230 void SHA512_Last(SHA512_CTX*);
231 void SHA256_Transform(SHA256_CTX*, const sha2_word32*);
232 void SHA512_Transform(SHA512_CTX*, const sha2_word64*);
233 
234 
235 /*** SHA-XYZ INITIAL HASH VALUES AND CONSTANTS ************************/
236 /* Hash constant words K for SHA-256: */
237 static const sha2_word32 K256[64] = {
238  0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL,
239  0x3956c25bUL, 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL,
240  0xd807aa98UL, 0x12835b01UL, 0x243185beUL, 0x550c7dc3UL,
241  0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL, 0xc19bf174UL,
242  0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL,
243  0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL,
244  0x983e5152UL, 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL,
245  0xc6e00bf3UL, 0xd5a79147UL, 0x06ca6351UL, 0x14292967UL,
246  0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL, 0x53380d13UL,
247  0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL,
248  0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL,
249  0xd192e819UL, 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL,
250  0x19a4c116UL, 0x1e376c08UL, 0x2748774cUL, 0x34b0bcb5UL,
251  0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL, 0x682e6ff3UL,
252  0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL,
253  0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL
254 };
255 
256 /* Initial hash value H for SHA-256: */
257 static const sha2_word32 sha256_initial_hash_value[8] = {
258  0x6a09e667UL,
259  0xbb67ae85UL,
260  0x3c6ef372UL,
261  0xa54ff53aUL,
262  0x510e527fUL,
263  0x9b05688cUL,
264  0x1f83d9abUL,
265  0x5be0cd19UL
266 };
267 
268 /* Hash constant words K for SHA-384 and SHA-512: */
269 static const sha2_word64 K512[80] = {
270  ULL(0x428a2f98d728ae22), ULL(0x7137449123ef65cd),
271  ULL(0xb5c0fbcfec4d3b2f), ULL(0xe9b5dba58189dbbc),
272  ULL(0x3956c25bf348b538), ULL(0x59f111f1b605d019),
273  ULL(0x923f82a4af194f9b), ULL(0xab1c5ed5da6d8118),
274  ULL(0xd807aa98a3030242), ULL(0x12835b0145706fbe),
275  ULL(0x243185be4ee4b28c), ULL(0x550c7dc3d5ffb4e2),
276  ULL(0x72be5d74f27b896f), ULL(0x80deb1fe3b1696b1),
277  ULL(0x9bdc06a725c71235), ULL(0xc19bf174cf692694),
278  ULL(0xe49b69c19ef14ad2), ULL(0xefbe4786384f25e3),
279  ULL(0x0fc19dc68b8cd5b5), ULL(0x240ca1cc77ac9c65),
280  ULL(0x2de92c6f592b0275), ULL(0x4a7484aa6ea6e483),
281  ULL(0x5cb0a9dcbd41fbd4), ULL(0x76f988da831153b5),
282  ULL(0x983e5152ee66dfab), ULL(0xa831c66d2db43210),
283  ULL(0xb00327c898fb213f), ULL(0xbf597fc7beef0ee4),
284  ULL(0xc6e00bf33da88fc2), ULL(0xd5a79147930aa725),
285  ULL(0x06ca6351e003826f), ULL(0x142929670a0e6e70),
286  ULL(0x27b70a8546d22ffc), ULL(0x2e1b21385c26c926),
287  ULL(0x4d2c6dfc5ac42aed), ULL(0x53380d139d95b3df),
288  ULL(0x650a73548baf63de), ULL(0x766a0abb3c77b2a8),
289  ULL(0x81c2c92e47edaee6), ULL(0x92722c851482353b),
290  ULL(0xa2bfe8a14cf10364), ULL(0xa81a664bbc423001),
291  ULL(0xc24b8b70d0f89791), ULL(0xc76c51a30654be30),
292  ULL(0xd192e819d6ef5218), ULL(0xd69906245565a910),
293  ULL(0xf40e35855771202a), ULL(0x106aa07032bbd1b8),
294  ULL(0x19a4c116b8d2d0c8), ULL(0x1e376c085141ab53),
295  ULL(0x2748774cdf8eeb99), ULL(0x34b0bcb5e19b48a8),
296  ULL(0x391c0cb3c5c95a63), ULL(0x4ed8aa4ae3418acb),
297  ULL(0x5b9cca4f7763e373), ULL(0x682e6ff3d6b2b8a3),
298  ULL(0x748f82ee5defb2fc), ULL(0x78a5636f43172f60),
299  ULL(0x84c87814a1f0ab72), ULL(0x8cc702081a6439ec),
300  ULL(0x90befffa23631e28), ULL(0xa4506cebde82bde9),
301  ULL(0xbef9a3f7b2c67915), ULL(0xc67178f2e372532b),
302  ULL(0xca273eceea26619c), ULL(0xd186b8c721c0c207),
303  ULL(0xeada7dd6cde0eb1e), ULL(0xf57d4f7fee6ed178),
304  ULL(0x06f067aa72176fba), ULL(0x0a637dc5a2c898a6),
305  ULL(0x113f9804bef90dae), ULL(0x1b710b35131c471b),
306  ULL(0x28db77f523047d84), ULL(0x32caab7b40c72493),
307  ULL(0x3c9ebe0a15c9bebc), ULL(0x431d67c49c100d4c),
308  ULL(0x4cc5d4becb3e42b6), ULL(0x597f299cfc657e2a),
309  ULL(0x5fcb6fab3ad6faec), ULL(0x6c44198c4a475817)
310 };
311 
312 /* Initial hash value H for SHA-384 */
313 static const sha2_word64 sha384_initial_hash_value[8] = {
314  ULL(0xcbbb9d5dc1059ed8),
315  ULL(0x629a292a367cd507),
316  ULL(0x9159015a3070dd17),
317  ULL(0x152fecd8f70e5939),
318  ULL(0x67332667ffc00b31),
319  ULL(0x8eb44a8768581511),
320  ULL(0xdb0c2e0d64f98fa7),
321  ULL(0x47b5481dbefa4fa4)
322 };
323 
324 /* Initial hash value H for SHA-512 */
325 static const sha2_word64 sha512_initial_hash_value[8] = {
326  ULL(0x6a09e667f3bcc908),
327  ULL(0xbb67ae8584caa73b),
328  ULL(0x3c6ef372fe94f82b),
329  ULL(0xa54ff53a5f1d36f1),
330  ULL(0x510e527fade682d1),
331  ULL(0x9b05688c2b3e6c1f),
332  ULL(0x1f83d9abfb41bd6b),
333  ULL(0x5be0cd19137e2179)
334 };
335 
336 /*
337  * Constant used by SHA256/384/512_End() functions for converting the
338  * digest to a readable hexadecimal character string:
339  */
340 static const char *sha2_hex_digits = "0123456789abcdef";
341 
342 
343 /*** SHA-256: *********************************************************/
344 int SHA256_Init(SHA256_CTX* context) {
345  if (context == (SHA256_CTX*)0) {
346  return 0;
347  }
348  MEMCPY_BCOPY(context->state, sha256_initial_hash_value, SHA256_DIGEST_LENGTH);
349  MEMSET_BZERO(context->buffer, SHA256_BLOCK_LENGTH);
350  context->bitcount = 0;
351  return 1;
352 }
353 
354 #ifdef SHA2_UNROLL_TRANSFORM
355 
356 /* Unrolled SHA-256 round macros: */
357 
358 #if BYTE_ORDER == LITTLE_ENDIAN
359 
360 #define ROUND256_0_TO_15(a,b,c,d,e,f,g,h) \
361  REVERSE32(*data++, W256[j]); \
362  T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + \
363  K256[j] + W256[j]; \
364  (d) += T1; \
365  (h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \
366  j++
367 
368 
369 #else /* BYTE_ORDER == LITTLE_ENDIAN */
370 
371 #define ROUND256_0_TO_15(a,b,c,d,e,f,g,h) \
372  T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + \
373  K256[j] + (W256[j] = *data++); \
374  (d) += T1; \
375  (h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \
376  j++
377 
378 #endif /* BYTE_ORDER == LITTLE_ENDIAN */
379 
380 #define ROUND256(a,b,c,d,e,f,g,h) \
381  s0 = W256[(j+1)&0x0f]; \
382  s0 = sigma0_256(s0); \
383  s1 = W256[(j+14)&0x0f]; \
384  s1 = sigma1_256(s1); \
385  T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + K256[j] + \
386  (W256[j&0x0f] += s1 + W256[(j+9)&0x0f] + s0); \
387  (d) += T1; \
388  (h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \
389  j++
390 
391 void SHA256_Transform(SHA256_CTX* context, const sha2_word32* data) {
392  sha2_word32 a, b, c, d, e, f, g, h, s0, s1;
393  sha2_word32 T1, *W256;
394  int j;
395 
396  W256 = (sha2_word32*)context->buffer;
397 
398  /* Initialize registers with the prev. intermediate value */
399  a = context->state[0];
400  b = context->state[1];
401  c = context->state[2];
402  d = context->state[3];
403  e = context->state[4];
404  f = context->state[5];
405  g = context->state[6];
406  h = context->state[7];
407 
408  j = 0;
409  do {
410  /* Rounds 0 to 15 (unrolled): */
411  ROUND256_0_TO_15(a,b,c,d,e,f,g,h);
412  ROUND256_0_TO_15(h,a,b,c,d,e,f,g);
413  ROUND256_0_TO_15(g,h,a,b,c,d,e,f);
414  ROUND256_0_TO_15(f,g,h,a,b,c,d,e);
415  ROUND256_0_TO_15(e,f,g,h,a,b,c,d);
416  ROUND256_0_TO_15(d,e,f,g,h,a,b,c);
417  ROUND256_0_TO_15(c,d,e,f,g,h,a,b);
418  ROUND256_0_TO_15(b,c,d,e,f,g,h,a);
419  } while (j < 16);
420 
421  /* Now for the remaining rounds to 64: */
422  do {
423  ROUND256(a,b,c,d,e,f,g,h);
424  ROUND256(h,a,b,c,d,e,f,g);
425  ROUND256(g,h,a,b,c,d,e,f);
426  ROUND256(f,g,h,a,b,c,d,e);
427  ROUND256(e,f,g,h,a,b,c,d);
428  ROUND256(d,e,f,g,h,a,b,c);
429  ROUND256(c,d,e,f,g,h,a,b);
430  ROUND256(b,c,d,e,f,g,h,a);
431  } while (j < 64);
432 
433  /* Compute the current intermediate hash value */
434  context->state[0] += a;
435  context->state[1] += b;
436  context->state[2] += c;
437  context->state[3] += d;
438  context->state[4] += e;
439  context->state[5] += f;
440  context->state[6] += g;
441  context->state[7] += h;
442 
443  /* Clean up */
444  a = b = c = d = e = f = g = h = T1 = 0;
445 }
446 
447 #else /* SHA2_UNROLL_TRANSFORM */
448 
449 void SHA256_Transform(SHA256_CTX* context, const sha2_word32* data) {
450  sha2_word32 a, b, c, d, e, f, g, h, s0, s1;
451  sha2_word32 T1, T2, *W256;
452  int j;
453 
454  W256 = (sha2_word32*)context->buffer;
455 
456  /* Initialize registers with the prev. intermediate value */
457  a = context->state[0];
458  b = context->state[1];
459  c = context->state[2];
460  d = context->state[3];
461  e = context->state[4];
462  f = context->state[5];
463  g = context->state[6];
464  h = context->state[7];
465 
466  j = 0;
467  do {
468 #if BYTE_ORDER == LITTLE_ENDIAN
469  /* Copy data while converting to host byte order */
470  REVERSE32(*data++,W256[j]);
471  /* Apply the SHA-256 compression function to update a..h */
472  T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + W256[j];
473 #else /* BYTE_ORDER == LITTLE_ENDIAN */
474  /* Apply the SHA-256 compression function to update a..h with copy */
475  T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + (W256[j] = *data++);
476 #endif /* BYTE_ORDER == LITTLE_ENDIAN */
477  T2 = Sigma0_256(a) + Maj(a, b, c);
478  h = g;
479  g = f;
480  f = e;
481  e = d + T1;
482  d = c;
483  c = b;
484  b = a;
485  a = T1 + T2;
486 
487  j++;
488  } while (j < 16);
489 
490  do {
491  /* Part of the message block expansion: */
492  s0 = W256[(j+1)&0x0f];
493  s0 = sigma0_256(s0);
494  s1 = W256[(j+14)&0x0f];
495  s1 = sigma1_256(s1);
496 
497  /* Apply the SHA-256 compression function to update a..h */
498  T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] +
499  (W256[j&0x0f] += s1 + W256[(j+9)&0x0f] + s0);
500  T2 = Sigma0_256(a) + Maj(a, b, c);
501  h = g;
502  g = f;
503  f = e;
504  e = d + T1;
505  d = c;
506  c = b;
507  b = a;
508  a = T1 + T2;
509 
510  j++;
511  } while (j < 64);
512 
513  /* Compute the current intermediate hash value */
514  context->state[0] += a;
515  context->state[1] += b;
516  context->state[2] += c;
517  context->state[3] += d;
518  context->state[4] += e;
519  context->state[5] += f;
520  context->state[6] += g;
521  context->state[7] += h;
522 
523  /* Clean up */
524  a = b = c = d = e = f = g = h = T1 = T2 = 0;
525 }
526 
527 #endif /* SHA2_UNROLL_TRANSFORM */
528 
529 void SHA256_Update(SHA256_CTX* context, const sha2_byte *data, size_t len) {
530  unsigned int freespace, usedspace;
531 
532  if (len == 0) {
533  /* Calling with no data is valid - we do nothing */
534  return;
535  }
536 
537  /* Sanity check: */
538  assert(context != (SHA256_CTX*)0 && data != (sha2_byte*)0);
539 
540  usedspace = (unsigned int)((context->bitcount >> 3) % SHA256_BLOCK_LENGTH);
541  if (usedspace > 0) {
542  /* Calculate how much free space is available in the buffer */
543  freespace = SHA256_BLOCK_LENGTH - usedspace;
544 
545  if (len >= freespace) {
546  /* Fill the buffer completely and process it */
547  MEMCPY_BCOPY(&context->buffer[usedspace], data, freespace);
548  context->bitcount += freespace << 3;
549  len -= freespace;
550  data += freespace;
551  SHA256_Transform(context, (sha2_word32*)context->buffer);
552  } else {
553  /* The buffer is not yet full */
554  MEMCPY_BCOPY(&context->buffer[usedspace], data, len);
555  context->bitcount += len << 3;
556  /* Clean up: */
557  usedspace = freespace = 0;
558  return;
559  }
560  }
561  while (len >= SHA256_BLOCK_LENGTH) {
562  /* Process as many complete blocks as we can */
563  MEMCPY_BCOPY(context->buffer, data, SHA256_BLOCK_LENGTH);
564  SHA256_Transform(context, (sha2_word32*)context->buffer);
565  context->bitcount += SHA256_BLOCK_LENGTH << 3;
566  len -= SHA256_BLOCK_LENGTH;
567  data += SHA256_BLOCK_LENGTH;
568  }
569  if (len > 0) {
570  /* There's left-overs, so save 'em */
571  MEMCPY_BCOPY(context->buffer, data, len);
572  context->bitcount += len << 3;
573  }
574  /* Clean up: */
575  usedspace = freespace = 0;
576 }
577 
578 int SHA256_Final(sha2_byte digest[], SHA256_CTX* context) {
579  sha2_word32 *d = (sha2_word32*)digest;
580  unsigned int usedspace;
581 
582  /* Sanity check: */
583  assert(context != (SHA256_CTX*)0);
584 
585  /* If no digest buffer is passed, we don't bother doing this: */
586  if (digest != (sha2_byte*)0) {
587  usedspace = (unsigned int)((context->bitcount >> 3) % SHA256_BLOCK_LENGTH);
588 #if BYTE_ORDER == LITTLE_ENDIAN
589  /* Convert FROM host byte order */
590  REVERSE64(context->bitcount,context->bitcount);
591 #endif
592  if (usedspace > 0) {
593  /* Begin padding with a 1 bit: */
594  context->buffer[usedspace++] = 0x80;
595 
596  if (usedspace <= SHA256_SHORT_BLOCK_LENGTH) {
597  /* Set-up for the last transform: */
598  MEMSET_BZERO(&context->buffer[usedspace], SHA256_SHORT_BLOCK_LENGTH - usedspace);
599  } else {
600  if (usedspace < SHA256_BLOCK_LENGTH) {
601  MEMSET_BZERO(&context->buffer[usedspace], SHA256_BLOCK_LENGTH - usedspace);
602  }
603  /* Do second-to-last transform: */
604  SHA256_Transform(context, (sha2_word32*)context->buffer);
605 
606  /* And set-up for the last transform: */
607  MEMSET_BZERO(context->buffer, SHA256_SHORT_BLOCK_LENGTH);
608  }
609  } else {
610  /* Set-up for the last transform: */
611  MEMSET_BZERO(context->buffer, SHA256_SHORT_BLOCK_LENGTH);
612 
613  /* Begin padding with a 1 bit: */
614  *context->buffer = 0x80;
615  }
616  /* Set the bit count: */
617  MEMCPY_BCOPY(&context->buffer[SHA256_SHORT_BLOCK_LENGTH], &context->bitcount,
618  sizeof(sha2_word64));
619 
620  /* Final transform: */
621  SHA256_Transform(context, (sha2_word32*)context->buffer);
622 
623 #if BYTE_ORDER == LITTLE_ENDIAN
624  {
625  /* Convert TO host byte order */
626  int j;
627  for (j = 0; j < 8; j++) {
628  REVERSE32(context->state[j],context->state[j]);
629  *d++ = context->state[j];
630  }
631  }
632 #else
633  MEMCPY_BCOPY(d, context->state, SHA256_DIGEST_LENGTH);
634 #endif
635  }
636 
637  /* Clean up state data: */
638  MEMSET_BZERO(context, sizeof(*context));
639  usedspace = 0;
640  return 1;
641 }
642 
643 char *SHA256_End(SHA256_CTX* context, char buffer[]) {
644  sha2_byte digest[SHA256_DIGEST_LENGTH], *d = digest;
645  int i;
646 
647  /* Sanity check: */
648  assert(context != (SHA256_CTX*)0);
649 
650  if (buffer != (char*)0) {
651  SHA256_Final(digest, context);
652  for (i = 0; i < SHA256_DIGEST_LENGTH; i++) {
653  *buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4];
654  *buffer++ = sha2_hex_digits[*d & 0x0f];
655  d++;
656  }
657  *buffer = (char)0;
658  } else {
659  MEMSET_BZERO(context, sizeof(*context));
660  }
661  MEMSET_BZERO(digest, SHA256_DIGEST_LENGTH);
662  return buffer;
663 }
664 
665 char* SHA256_Data(const sha2_byte* data, size_t len, char digest[SHA256_DIGEST_STRING_LENGTH]) {
666  SHA256_CTX context;
667 
668  SHA256_Init(&context);
669  SHA256_Update(&context, data, len);
670  return SHA256_End(&context, digest);
671 }
672 
673 
674 /*** SHA-512: *********************************************************/
675 int SHA512_Init(SHA512_CTX* context) {
676  if (context == (SHA512_CTX*)0) {
677  return 0;
678  }
679  MEMCPY_BCOPY(context->state, sha512_initial_hash_value, SHA512_DIGEST_LENGTH);
680  MEMSET_BZERO(context->buffer, SHA512_BLOCK_LENGTH);
681  context->bitcount[0] = context->bitcount[1] = 0;
682  return 1;
683 }
684 
685 #ifdef SHA2_UNROLL_TRANSFORM
686 
687 /* Unrolled SHA-512 round macros: */
688 #if BYTE_ORDER == LITTLE_ENDIAN
689 
690 #define ROUND512_0_TO_15(a,b,c,d,e,f,g,h) \
691  REVERSE64(*data++, W512[j]); \
692  T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + \
693  K512[j] + W512[j]; \
694  (d) += T1, \
695  (h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)), \
696  j++
697 
698 
699 #else /* BYTE_ORDER == LITTLE_ENDIAN */
700 
701 #define ROUND512_0_TO_15(a,b,c,d,e,f,g,h) \
702  T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + \
703  K512[j] + (W512[j] = *data++); \
704  (d) += T1; \
705  (h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)); \
706  j++
707 
708 #endif /* BYTE_ORDER == LITTLE_ENDIAN */
709 
710 #define ROUND512(a,b,c,d,e,f,g,h) \
711  s0 = W512[(j+1)&0x0f]; \
712  s0 = sigma0_512(s0); \
713  s1 = W512[(j+14)&0x0f]; \
714  s1 = sigma1_512(s1); \
715  T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + K512[j] + \
716  (W512[j&0x0f] += s1 + W512[(j+9)&0x0f] + s0); \
717  (d) += T1; \
718  (h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)); \
719  j++
720 
721 void SHA512_Transform(SHA512_CTX* context, const sha2_word64* data) {
722  sha2_word64 a, b, c, d, e, f, g, h, s0, s1;
723  sha2_word64 T1, *W512 = (sha2_word64*)context->buffer;
724  int j;
725 
726  /* Initialize registers with the prev. intermediate value */
727  a = context->state[0];
728  b = context->state[1];
729  c = context->state[2];
730  d = context->state[3];
731  e = context->state[4];
732  f = context->state[5];
733  g = context->state[6];
734  h = context->state[7];
735 
736  j = 0;
737  do {
738  ROUND512_0_TO_15(a,b,c,d,e,f,g,h);
739  ROUND512_0_TO_15(h,a,b,c,d,e,f,g);
740  ROUND512_0_TO_15(g,h,a,b,c,d,e,f);
741  ROUND512_0_TO_15(f,g,h,a,b,c,d,e);
742  ROUND512_0_TO_15(e,f,g,h,a,b,c,d);
743  ROUND512_0_TO_15(d,e,f,g,h,a,b,c);
744  ROUND512_0_TO_15(c,d,e,f,g,h,a,b);
745  ROUND512_0_TO_15(b,c,d,e,f,g,h,a);
746  } while (j < 16);
747 
748  /* Now for the remaining rounds up to 79: */
749  do {
750  ROUND512(a,b,c,d,e,f,g,h);
751  ROUND512(h,a,b,c,d,e,f,g);
752  ROUND512(g,h,a,b,c,d,e,f);
753  ROUND512(f,g,h,a,b,c,d,e);
754  ROUND512(e,f,g,h,a,b,c,d);
755  ROUND512(d,e,f,g,h,a,b,c);
756  ROUND512(c,d,e,f,g,h,a,b);
757  ROUND512(b,c,d,e,f,g,h,a);
758  } while (j < 80);
759 
760  /* Compute the current intermediate hash value */
761  context->state[0] += a;
762  context->state[1] += b;
763  context->state[2] += c;
764  context->state[3] += d;
765  context->state[4] += e;
766  context->state[5] += f;
767  context->state[6] += g;
768  context->state[7] += h;
769 
770  /* Clean up */
771  a = b = c = d = e = f = g = h = T1 = 0;
772 }
773 
774 #else /* SHA2_UNROLL_TRANSFORM */
775 
776 void SHA512_Transform(SHA512_CTX* context, const sha2_word64* data) {
777  sha2_word64 a, b, c, d, e, f, g, h, s0, s1;
778  sha2_word64 T1, T2, *W512 = (sha2_word64*)context->buffer;
779  int j;
780 
781  /* Initialize registers with the prev. intermediate value */
782  a = context->state[0];
783  b = context->state[1];
784  c = context->state[2];
785  d = context->state[3];
786  e = context->state[4];
787  f = context->state[5];
788  g = context->state[6];
789  h = context->state[7];
790 
791  j = 0;
792  do {
793 #if BYTE_ORDER == LITTLE_ENDIAN
794  /* Convert TO host byte order */
795  REVERSE64(*data++, W512[j]);
796  /* Apply the SHA-512 compression function to update a..h */
797  T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + W512[j];
798 #else /* BYTE_ORDER == LITTLE_ENDIAN */
799  /* Apply the SHA-512 compression function to update a..h with copy */
800  T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + (W512[j] = *data++);
801 #endif /* BYTE_ORDER == LITTLE_ENDIAN */
802  T2 = Sigma0_512(a) + Maj(a, b, c);
803  h = g;
804  g = f;
805  f = e;
806  e = d + T1;
807  d = c;
808  c = b;
809  b = a;
810  a = T1 + T2;
811 
812  j++;
813  } while (j < 16);
814 
815  do {
816  /* Part of the message block expansion: */
817  s0 = W512[(j+1)&0x0f];
818  s0 = sigma0_512(s0);
819  s1 = W512[(j+14)&0x0f];
820  s1 = sigma1_512(s1);
821 
822  /* Apply the SHA-512 compression function to update a..h */
823  T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] +
824  (W512[j&0x0f] += s1 + W512[(j+9)&0x0f] + s0);
825  T2 = Sigma0_512(a) + Maj(a, b, c);
826  h = g;
827  g = f;
828  f = e;
829  e = d + T1;
830  d = c;
831  c = b;
832  b = a;
833  a = T1 + T2;
834 
835  j++;
836  } while (j < 80);
837 
838  /* Compute the current intermediate hash value */
839  context->state[0] += a;
840  context->state[1] += b;
841  context->state[2] += c;
842  context->state[3] += d;
843  context->state[4] += e;
844  context->state[5] += f;
845  context->state[6] += g;
846  context->state[7] += h;
847 
848  /* Clean up */
849  a = b = c = d = e = f = g = h = T1 = T2 = 0;
850 }
851 
852 #endif /* SHA2_UNROLL_TRANSFORM */
853 
854 void SHA512_Update(SHA512_CTX* context, const sha2_byte *data, size_t len) {
855  unsigned int freespace, usedspace;
856 
857  if (len == 0) {
858  /* Calling with no data is valid - we do nothing */
859  return;
860  }
861 
862  /* Sanity check: */
863  assert(context != (SHA512_CTX*)0 && data != (sha2_byte*)0);
864 
865  usedspace = (unsigned int)((context->bitcount[0] >> 3) % SHA512_BLOCK_LENGTH);
866  if (usedspace > 0) {
867  /* Calculate how much free space is available in the buffer */
868  freespace = SHA512_BLOCK_LENGTH - usedspace;
869 
870  if (len >= freespace) {
871  /* Fill the buffer completely and process it */
872  MEMCPY_BCOPY(&context->buffer[usedspace], data, freespace);
873  ADDINC128(context->bitcount, freespace << 3);
874  len -= freespace;
875  data += freespace;
876  SHA512_Transform(context, (sha2_word64*)context->buffer);
877  } else {
878  /* The buffer is not yet full */
879  MEMCPY_BCOPY(&context->buffer[usedspace], data, len);
880  ADDINC128(context->bitcount, len << 3);
881  /* Clean up: */
882  usedspace = freespace = 0;
883  return;
884  }
885  }
886  while (len >= SHA512_BLOCK_LENGTH) {
887  /* Process as many complete blocks as we can */
888  MEMCPY_BCOPY(context->buffer, data, SHA512_BLOCK_LENGTH);
889  SHA512_Transform(context, (sha2_word64*)context->buffer);
890  ADDINC128(context->bitcount, SHA512_BLOCK_LENGTH << 3);
891  len -= SHA512_BLOCK_LENGTH;
892  data += SHA512_BLOCK_LENGTH;
893  }
894  if (len > 0) {
895  /* There's left-overs, so save 'em */
896  MEMCPY_BCOPY(context->buffer, data, len);
897  ADDINC128(context->bitcount, len << 3);
898  }
899  /* Clean up: */
900  usedspace = freespace = 0;
901 }
902 
903 void SHA512_Last(SHA512_CTX* context) {
904  unsigned int usedspace;
905 
906  usedspace = (unsigned int)((context->bitcount[0] >> 3) % SHA512_BLOCK_LENGTH);
907 #if BYTE_ORDER == LITTLE_ENDIAN
908  /* Convert FROM host byte order */
909  REVERSE64(context->bitcount[0],context->bitcount[0]);
910  REVERSE64(context->bitcount[1],context->bitcount[1]);
911 #endif
912  if (usedspace > 0) {
913  /* Begin padding with a 1 bit: */
914  context->buffer[usedspace++] = 0x80;
915 
916  if (usedspace <= SHA512_SHORT_BLOCK_LENGTH) {
917  /* Set-up for the last transform: */
918  MEMSET_BZERO(&context->buffer[usedspace], SHA512_SHORT_BLOCK_LENGTH - usedspace);
919  } else {
920  if (usedspace < SHA512_BLOCK_LENGTH) {
921  MEMSET_BZERO(&context->buffer[usedspace], SHA512_BLOCK_LENGTH - usedspace);
922  }
923  /* Do second-to-last transform: */
924  SHA512_Transform(context, (sha2_word64*)context->buffer);
925 
926  /* And set-up for the last transform: */
927  MEMSET_BZERO(context->buffer, SHA512_BLOCK_LENGTH - 2);
928  }
929  } else {
930  /* Prepare for final transform: */
931  MEMSET_BZERO(context->buffer, SHA512_SHORT_BLOCK_LENGTH);
932 
933  /* Begin padding with a 1 bit: */
934  *context->buffer = 0x80;
935  }
936  /* Store the length of input data (in bits): */
937  MEMCPY_BCOPY(&context->buffer[SHA512_SHORT_BLOCK_LENGTH], &context->bitcount[1],
938  sizeof(sha2_word64));
939  MEMCPY_BCOPY(&context->buffer[SHA512_SHORT_BLOCK_LENGTH+8], &context->bitcount[0],
940  sizeof(sha2_word64));
941 
942  /* Final transform: */
943  SHA512_Transform(context, (sha2_word64*)context->buffer);
944 }
945 
946 int SHA512_Final(sha2_byte digest[], SHA512_CTX* context) {
947  sha2_word64 *d = (sha2_word64*)digest;
948 
949  /* Sanity check: */
950  assert(context != (SHA512_CTX*)0);
951 
952  /* If no digest buffer is passed, we don't bother doing this: */
953  if (digest != (sha2_byte*)0) {
954  SHA512_Last(context);
955 
956  /* Save the hash data for output: */
957 #if BYTE_ORDER == LITTLE_ENDIAN
958  {
959  /* Convert TO host byte order */
960  int j;
961  for (j = 0; j < 8; j++) {
962  REVERSE64(context->state[j],context->state[j]);
963  *d++ = context->state[j];
964  }
965  }
966 #else
967  MEMCPY_BCOPY(d, context->state, SHA512_DIGEST_LENGTH);
968 #endif
969  }
970 
971  /* Zero out state data */
972  MEMSET_BZERO(context, sizeof(*context));
973  return 1;
974 }
975 
976 char *SHA512_End(SHA512_CTX* context, char buffer[]) {
977  sha2_byte digest[SHA512_DIGEST_LENGTH], *d = digest;
978  int i;
979 
980  /* Sanity check: */
981  assert(context != (SHA512_CTX*)0);
982 
983  if (buffer != (char*)0) {
984  SHA512_Final(digest, context);
985  for (i = 0; i < SHA512_DIGEST_LENGTH; i++) {
986  *buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4];
987  *buffer++ = sha2_hex_digits[*d & 0x0f];
988  d++;
989  }
990  *buffer = (char)0;
991  } else {
992  MEMSET_BZERO(context, sizeof(*context));
993  }
994  MEMSET_BZERO(digest, SHA512_DIGEST_LENGTH);
995  return buffer;
996 }
997 
998 char* SHA512_Data(const sha2_byte* data, size_t len, char digest[SHA512_DIGEST_STRING_LENGTH]) {
999  SHA512_CTX context;
1000 
1001  SHA512_Init(&context);
1002  SHA512_Update(&context, data, len);
1003  return SHA512_End(&context, digest);
1004 }
1005 
1006 
1007 /*** SHA-384: *********************************************************/
1008 int SHA384_Init(SHA384_CTX* context) {
1009  if (context == (SHA384_CTX*)0) {
1010  return 0;
1011  }
1012  MEMCPY_BCOPY(context->state, sha384_initial_hash_value, SHA512_DIGEST_LENGTH);
1013  MEMSET_BZERO(context->buffer, SHA384_BLOCK_LENGTH);
1014  context->bitcount[0] = context->bitcount[1] = 0;
1015  return 1;
1016 }
1017 
1018 void SHA384_Update(SHA384_CTX* context, const sha2_byte* data, size_t len) {
1019  SHA512_Update((SHA512_CTX*)context, data, len);
1020 }
1021 
1022 int SHA384_Final(sha2_byte digest[], SHA384_CTX* context) {
1023  sha2_word64 *d = (sha2_word64*)digest;
1024 
1025  /* Sanity check: */
1026  assert(context != (SHA384_CTX*)0);
1027 
1028  /* If no digest buffer is passed, we don't bother doing this: */
1029  if (digest != (sha2_byte*)0) {
1030  SHA512_Last((SHA512_CTX*)context);
1031 
1032  /* Save the hash data for output: */
1033 #if BYTE_ORDER == LITTLE_ENDIAN
1034  {
1035  /* Convert TO host byte order */
1036  int j;
1037  for (j = 0; j < 6; j++) {
1038  REVERSE64(context->state[j],context->state[j]);
1039  *d++ = context->state[j];
1040  }
1041  }
1042 #else
1043  MEMCPY_BCOPY(d, context->state, SHA384_DIGEST_LENGTH);
1044 #endif
1045  }
1046 
1047  /* Zero out state data */
1048  MEMSET_BZERO(context, sizeof(*context));
1049  return 1;
1050 }
1051 
1052 char *SHA384_End(SHA384_CTX* context, char buffer[]) {
1053  sha2_byte digest[SHA384_DIGEST_LENGTH], *d = digest;
1054  int i;
1055 
1056  /* Sanity check: */
1057  assert(context != (SHA384_CTX*)0);
1058 
1059  if (buffer != (char*)0) {
1060  SHA384_Final(digest, context);
1061  for (i = 0; i < SHA384_DIGEST_LENGTH; i++) {
1062  *buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4];
1063  *buffer++ = sha2_hex_digits[*d & 0x0f];
1064  d++;
1065  }
1066  *buffer = (char)0;
1067  } else {
1068  MEMSET_BZERO(context, sizeof(*context));
1069  }
1070  MEMSET_BZERO(digest, SHA384_DIGEST_LENGTH);
1071  return buffer;
1072 }
1073 
1074 char* SHA384_Data(const sha2_byte* data, size_t len, char digest[SHA384_DIGEST_STRING_LENGTH]) {
1075  SHA384_CTX context;
1076 
1077  SHA384_Init(&context);
1078  SHA384_Update(&context, data, len);
1079  return SHA384_End(&context, digest);
1080 }
1081 
_SHA512_CTX
Definition: sha2.h:127
Sigma0_512
#define Sigma0_512(x)
Definition: sha2.c:220
_SHA512_CTX::state
uint64_t state[8]
Definition: sha2.h:128
SHA256_Init
int SHA256_Init(SHA256_CTX *context)
Definition: sha2.c:344
SHA256_DIGEST_STRING_LENGTH
#define SHA256_DIGEST_STRING_LENGTH
Definition: sha2.h:80
SHA256_Final
int SHA256_Final(sha2_byte digest[], SHA256_CTX *context)
Definition: sha2.c:578
SHA384_BLOCK_LENGTH
#define SHA384_BLOCK_LENGTH
Definition: sha2.h:81
BYTE_ORDER
#define BYTE_ORDER
Definition: random.c:1475
sha2_word32
uint32_t sha2_word32
Definition: sha2.c:112
SHA384_End
char * SHA384_End(SHA384_CTX *context, char buffer[])
Definition: sha2.c:1052
SHA512_Final
int SHA512_Final(sha2_byte digest[], SHA512_CTX *context)
Definition: sha2.c:946
SHA384_Init
int SHA384_Init(SHA384_CTX *context)
Definition: sha2.c:1008
SHA256_BLOCK_LENGTH
#define SHA256_BLOCK_LENGTH
Definition: sha2.h:78
SHA256_Update
void SHA256_Update(SHA256_CTX *context, const sha2_byte *data, size_t len)
Definition: sha2.c:529
_SHA512_CTX::buffer
uint8_t buffer[SHA512_BLOCK_LENGTH]
Definition: sha2.h:130
SHA512_Transform
void SHA512_Transform(SHA512_CTX *, const sha2_word64 *)
Definition: sha2.c:776
Ch
#define Ch(x, y, z)
Definition: sha2.c:210
SHA512_End
char * SHA512_End(SHA512_CTX *context, char buffer[])
Definition: sha2.c:976
sigma1_512
#define sigma1_512(x)
Definition: sha2.c:223
uint8_t
unsigned char uint8_t
Definition: sha2.h:100
SHA256_End
char * SHA256_End(SHA256_CTX *context, char buffer[])
Definition: sha2.c:643
Sigma1_256
#define Sigma1_256(x)
Definition: sha2.c:215
sigma1_256
#define sigma1_256(x)
Definition: sha2.c:217
uint64_t
unsigned long long uint64_t
Definition: sha2.h:102
SHA512_Last
void SHA512_Last(SHA512_CTX *)
Definition: sha2.c:903
MEMCPY_BCOPY
#define MEMCPY_BCOPY(d, s, l)
Definition: sha2.c:185
MEMSET_BZERO
#define MEMSET_BZERO(p, l)
Definition: sha2.c:184
_SHA512_CTX::bitcount
uint64_t bitcount[2]
Definition: sha2.h:129
REVERSE64
#define REVERSE64(w, x)
Definition: sha2.c:143
SHA384_DIGEST_LENGTH
#define SHA384_DIGEST_LENGTH
Definition: sha2.h:82
sigma0_256
#define sigma0_256(x)
Definition: sha2.c:216
T1
#define T1
Definition: md5.c:132
ULL
#define ULL(number)
Definition: sha2.c:134
ADDINC128
#define ADDINC128(w, n)
Definition: sha2.c:158
T2
#define T2
Definition: md5.c:133
SHA256_Data
char * SHA256_Data(const sha2_byte *data, size_t len, char digest[SHA256_DIGEST_STRING_LENGTH])
Definition: sha2.c:665
LITTLE_ENDIAN
#define LITTLE_ENDIAN
Definition: random.c:1478
SHA384_Update
void SHA384_Update(SHA384_CTX *context, const sha2_byte *data, size_t len)
Definition: sha2.c:1018
SHA384_Final
int SHA384_Final(sha2_byte digest[], SHA384_CTX *context)
Definition: sha2.c:1022
SHA384_Data
char * SHA384_Data(const sha2_byte *data, size_t len, char digest[SHA384_DIGEST_STRING_LENGTH])
Definition: sha2.c:1074
Sigma0_256
#define Sigma0_256(x)
Definition: sha2.c:214
uint32_t
unsigned int uint32_t
Definition: sha2.h:101
len
register unsigned int len
Definition: zonetab.h:51
sha2_word64
uint64_t sha2_word64
Definition: sha2.c:113
SHA256_DIGEST_LENGTH
#define SHA256_DIGEST_LENGTH
Definition: sha2.h:79
SHA512_SHORT_BLOCK_LENGTH
#define SHA512_SHORT_BLOCK_LENGTH
Definition: sha2.c:128
sigma0_512
#define sigma0_512(x)
Definition: sha2.c:222
f
#define f
SHA512_Update
void SHA512_Update(SHA512_CTX *context, const sha2_byte *data, size_t len)
Definition: sha2.c:854
_SHA256_CTX::state
uint32_t state[8]
Definition: sha2.h:123
sha2_byte
uint8_t sha2_byte
Definition: sha2.c:111
Maj
#define Maj(x, y, z)
Definition: sha2.c:211
assert
#define assert
Definition: ruby_assert.h:37
_SHA256_CTX
Definition: sha2.h:122
SHA384_DIGEST_STRING_LENGTH
#define SHA384_DIGEST_STRING_LENGTH
Definition: sha2.h:83
SHA512_Init
int SHA512_Init(SHA512_CTX *context)
Definition: sha2.c:675
Sigma1_512
#define Sigma1_512(x)
Definition: sha2.c:221
SHA512_DIGEST_LENGTH
#define SHA512_DIGEST_LENGTH
Definition: sha2.h:85
SHA512_BLOCK_LENGTH
#define SHA512_BLOCK_LENGTH
Definition: sha2.h:84
SHA256_SHORT_BLOCK_LENGTH
#define SHA256_SHORT_BLOCK_LENGTH
Definition: sha2.c:126
SHA256_Transform
void SHA256_Transform(SHA256_CTX *, const sha2_word32 *)
Definition: sha2.c:449
_SHA256_CTX::bitcount
uint64_t bitcount
Definition: sha2.h:124
_SHA256_CTX::buffer
uint8_t buffer[SHA256_BLOCK_LENGTH]
Definition: sha2.h:125
SHA512_Data
char * SHA512_Data(const sha2_byte *data, size_t len, char digest[SHA512_DIGEST_STRING_LENGTH])
Definition: sha2.c:998
REVERSE32
#define REVERSE32(w, x)
Definition: sha2.c:138
SHA512_DIGEST_STRING_LENGTH
#define SHA512_DIGEST_STRING_LENGTH
Definition: sha2.h:86
Generated by   doxygen 1.8.13