sha2.c - vx32 - Local 9vx git repository for patches.
(HTM) git clone git://r-36.net/vx32
(DIR) Log
(DIR) Files
(DIR) Refs
---
sha2.c (18660B)
---
1 /*
2 * FILE: sha2.c
3 * AUTHOR: Aaron D. Gifford <me@aarongifford.com>
4 *
5 * Copyright (c) 2000-2001, Aaron D. Gifford
6 * All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of the copyright holder nor the names of contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
19 *
20 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTOR(S) ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTOR(S) BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30 * SUCH DAMAGE.
31 */
32
33 #include <string.h> /* memcpy()/memset() or bcopy()/bzero() */
34 #include <assert.h> /* assert() */
35
36 #include "libvx32/words.h" // XXX
37 #ifndef BYTE_ORDER
38 #define BYTE_ORDER LITTLE_ENDIAN // XXX
39 #endif
40
41 #include "sha2.h"
42
43
44 /*
45 * ASSERT NOTE:
46 * Some sanity checking code is included using assert(). On my FreeBSD
47 * system, this additional code can be removed by compiling with NDEBUG
48 * defined. Check your own systems manpage on assert() to see how to
49 * compile WITHOUT the sanity checking code on your system.
50 *
51 * UNROLLED TRANSFORM LOOP NOTE:
52 * You can define SHA2_UNROLL_TRANSFORM to use the unrolled transform
53 * loop version for the hash transform rounds (defined using macros
54 * later in this file). Either define on the command line, for example:
55 *
56 * cc -DSHA2_UNROLL_TRANSFORM -o sha2 sha2.c sha2prog.c
57 *
58 * or define below:
59 *
60 * #define SHA2_UNROLL_TRANSFORM
61 *
62 */
63
64
65 /*** SHA-256/384/512 Machine Architecture Definitions *****************/
66 /*
67 * BYTE_ORDER NOTE:
68 *
69 * Please make sure that your system defines BYTE_ORDER. If your
70 * architecture is little-endian, make sure it also defines
71 * LITTLE_ENDIAN and that the two (BYTE_ORDER and LITTLE_ENDIAN) are
72 * equivilent.
73 *
74 * If your system does not define the above, then you can do so by
75 * hand like this:
76 *
77 * #define LITTLE_ENDIAN 1234
78 * #define BIG_ENDIAN 4321
79 *
80 * And for little-endian machines, add:
81 *
82 * #define BYTE_ORDER LITTLE_ENDIAN
83 *
84 * Or for big-endian machines:
85 *
86 * #define BYTE_ORDER BIG_ENDIAN
87 *
88 * The FreeBSD machine this was written on defines BYTE_ORDER
89 * appropriately by including <sys/types.h> (which in turn includes
90 * <machine/endian.h> where the appropriate definitions are actually
91 * made).
92 */
93 #if !defined(BYTE_ORDER) || (BYTE_ORDER != LITTLE_ENDIAN && BYTE_ORDER != BIG_ENDIAN)
94 #error Define BYTE_ORDER to be equal to either LITTLE_ENDIAN or BIG_ENDIAN
95 #endif
96
97 /*
98 * Define the followingsha2_* types to types of the correct length on
99 * the native archtecture. Most BSD systems and Linux define u_intXX_t
100 * types. Machines with very recent ANSI C headers, can use the
101 * uintXX_t definintions from inttypes.h by defining SHA2_USE_INTTYPES_H
102 * during compile or in the sha.h header file.
103 *
104 * Machines that support neither u_intXX_t nor inttypes.h's uintXX_t
105 * will need to define these three typedefs below (and the appropriate
106 * ones in sha.h too) by hand according to their system architecture.
107 *
108 * Thank you, Jun-ichiro itojun Hagino, for suggesting using u_intXX_t
109 * types and pointing out recent ANSI C support for uintXX_t in inttypes.h.
110 */
111
112 typedef uint8_t sha2_byte; /* Exactly 1 byte */
113 typedef uint32_t sha2_word32; /* Exactly 4 bytes */
114 typedef uint64_t sha2_word64; /* Exactly 8 bytes */
115
116
117 /*** SHA-256/384/512 Various Length Definitions ***********************/
118 /* NOTE: Most of these are in sha2.h */
119 #define SHA256_SHORT_BLOCK_LENGTH (SHA256_BLOCK_LENGTH - 8)
120 #define SHA384_SHORT_BLOCK_LENGTH (SHA384_BLOCK_LENGTH - 16)
121 #define SHA512_SHORT_BLOCK_LENGTH (SHA512_BLOCK_LENGTH - 16)
122
123
124 /*
125 * Macro for incrementally adding the unsigned 64-bit integer n to the
126 * unsigned 128-bit integer (represented using a two-element array of
127 * 64-bit words):
128 */
129 #define ADDINC128(w,n) { \
130 (w)[0] += (sha2_word64)(n); \
131 if ((w)[0] < (n)) { \
132 (w)[1]++; \
133 } \
134 }
135
136 /*
137 * Macros for copying blocks of memory and for zeroing out ranges
138 * of memory. Using these macros makes it easy to switch from
139 * using memset()/memcpy() and using bzero()/bcopy().
140 *
141 * Please define either SHA2_USE_MEMSET_MEMCPY or define
142 * SHA2_USE_BZERO_BCOPY depending on which function set you
143 * choose to use:
144 */
145 #if !defined(SHA2_USE_MEMSET_MEMCPY) && !defined(SHA2_USE_BZERO_BCOPY)
146 /* Default to memset()/memcpy() if no option is specified */
147 #define SHA2_USE_MEMSET_MEMCPY 1
148 #endif
149 #if defined(SHA2_USE_MEMSET_MEMCPY) && defined(SHA2_USE_BZERO_BCOPY)
150 /* Abort with an error if BOTH options are defined */
151 #error Define either SHA2_USE_MEMSET_MEMCPY or SHA2_USE_BZERO_BCOPY, not both!
152 #endif
153
154 #ifdef SHA2_USE_MEMSET_MEMCPY
155 #define MEMSET_BZERO(p,l) memset((p), 0, (l))
156 #define MEMCPY_BCOPY(d,s,l) memcpy((d), (s), (l))
157 #endif
158 #ifdef SHA2_USE_BZERO_BCOPY
159 #define MEMSET_BZERO(p,l) bzero((p), (l))
160 #define MEMCPY_BCOPY(d,s,l) bcopy((s), (d), (l))
161 #endif
162
163
164 /*** THE SIX LOGICAL FUNCTIONS ****************************************/
165 /*
166 * Bit shifting and rotation (used by the six SHA-XYZ logical functions:
167 *
168 * NOTE: The naming of R and S appears backwards here (R is a SHIFT and
169 * S is a ROTATION) because the SHA-256/384/512 description document
170 * (see http://csrc.nist.gov/cryptval/shs/sha256-384-512.pdf) uses this
171 * same "backwards" definition.
172 */
173 /* Shift-right (used in SHA-256, SHA-384, and SHA-512): */
174 #define R(b,x) ((x) >> (b))
175 /* 32-bit Rotate-right (used in SHA-256): */
176 #define S32(b,x) (((x) >> (b)) | ((x) << (32 - (b))))
177 /* 64-bit Rotate-right (used in SHA-384 and SHA-512): */
178 #define S64(b,x) (((x) >> (b)) | ((x) << (64 - (b))))
179
180 /* Two of six logical functions used in SHA-256, SHA-384, and SHA-512: */
181 #define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z)))
182 #define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
183
184 /* Four of six logical functions used in SHA-256: */
185 #define Sigma0_256(x) (S32(2, (x)) ^ S32(13, (x)) ^ S32(22, (x)))
186 #define Sigma1_256(x) (S32(6, (x)) ^ S32(11, (x)) ^ S32(25, (x)))
187 #define sigma0_256(x) (S32(7, (x)) ^ S32(18, (x)) ^ R(3 , (x)))
188 #define sigma1_256(x) (S32(17, (x)) ^ S32(19, (x)) ^ R(10, (x)))
189
190 /* Four of six logical functions used in SHA-384 and SHA-512: */
191 #define Sigma0_512(x) (S64(28, (x)) ^ S64(34, (x)) ^ S64(39, (x)))
192 #define Sigma1_512(x) (S64(14, (x)) ^ S64(18, (x)) ^ S64(41, (x)))
193 #define sigma0_512(x) (S64( 1, (x)) ^ S64( 8, (x)) ^ R( 7, (x)))
194 #define sigma1_512(x) (S64(19, (x)) ^ S64(61, (x)) ^ R( 6, (x)))
195
196
197 /*** INTERNAL FUNCTION PROTOTYPES *************************************/
198 /* NOTE: These should not be accessed directly from outside this
199 * library -- they are intended for private internal visibility/use
200 * only.
201 */
202 void SHA512_Last(SHA512_CTX*);
203 void SHA512_Transform(SHA512_CTX*, const sha2_word64*);
204
205
206 /*** SHA-XYZ INITIAL HASH VALUES AND CONSTANTS ************************/
207
208 /* Hash constant words K for SHA-384 and SHA-512: */
209 const static sha2_word64 K512[80] = {
210 0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL,
211 0xb5c0fbcfec4d3b2fULL, 0xe9b5dba58189dbbcULL,
212 0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL,
213 0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL,
214 0xd807aa98a3030242ULL, 0x12835b0145706fbeULL,
215 0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL,
216 0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL,
217 0x9bdc06a725c71235ULL, 0xc19bf174cf692694ULL,
218 0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL,
219 0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL,
220 0x2de92c6f592b0275ULL, 0x4a7484aa6ea6e483ULL,
221 0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL,
222 0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL,
223 0xb00327c898fb213fULL, 0xbf597fc7beef0ee4ULL,
224 0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL,
225 0x06ca6351e003826fULL, 0x142929670a0e6e70ULL,
226 0x27b70a8546d22ffcULL, 0x2e1b21385c26c926ULL,
227 0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL,
228 0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL,
229 0x81c2c92e47edaee6ULL, 0x92722c851482353bULL,
230 0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL,
231 0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL,
232 0xd192e819d6ef5218ULL, 0xd69906245565a910ULL,
233 0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL,
234 0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL,
235 0x2748774cdf8eeb99ULL, 0x34b0bcb5e19b48a8ULL,
236 0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL,
237 0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL,
238 0x748f82ee5defb2fcULL, 0x78a5636f43172f60ULL,
239 0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL,
240 0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL,
241 0xbef9a3f7b2c67915ULL, 0xc67178f2e372532bULL,
242 0xca273eceea26619cULL, 0xd186b8c721c0c207ULL,
243 0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL,
244 0x06f067aa72176fbaULL, 0x0a637dc5a2c898a6ULL,
245 0x113f9804bef90daeULL, 0x1b710b35131c471bULL,
246 0x28db77f523047d84ULL, 0x32caab7b40c72493ULL,
247 0x3c9ebe0a15c9bebcULL, 0x431d67c49c100d4cULL,
248 0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL,
249 0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL
250 };
251
252 /* Initial hash value H for SHA-384 */
253 const static sha2_word64 sha384_initial_hash_value[8] = {
254 0xcbbb9d5dc1059ed8ULL,
255 0x629a292a367cd507ULL,
256 0x9159015a3070dd17ULL,
257 0x152fecd8f70e5939ULL,
258 0x67332667ffc00b31ULL,
259 0x8eb44a8768581511ULL,
260 0xdb0c2e0d64f98fa7ULL,
261 0x47b5481dbefa4fa4ULL
262 };
263
264 /* Initial hash value H for SHA-512 */
265 const static sha2_word64 sha512_initial_hash_value[8] = {
266 0x6a09e667f3bcc908ULL,
267 0xbb67ae8584caa73bULL,
268 0x3c6ef372fe94f82bULL,
269 0xa54ff53a5f1d36f1ULL,
270 0x510e527fade682d1ULL,
271 0x9b05688c2b3e6c1fULL,
272 0x1f83d9abfb41bd6bULL,
273 0x5be0cd19137e2179ULL
274 };
275
276
277 /*** SHA-512: *********************************************************/
278 void SHA512_Init(SHA512_CTX* context) {
279 if (context == (SHA512_CTX*)0) {
280 return;
281 }
282 MEMCPY_BCOPY(context->state, sha512_initial_hash_value, SHA512_DIGEST_LENGTH);
283 MEMSET_BZERO(context->buffer, SHA512_BLOCK_LENGTH);
284 context->bitcount[0] = context->bitcount[1] = 0;
285 }
286
287 #ifdef SHA2_UNROLL_TRANSFORM
288
289 /* Unrolled SHA-512 round macros: */
290
291 #define ROUND512_0_TO_15(a,b,c,d,e,f,g,h) \
292 W512[j] = btoh64(*data++); \
293 T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + \
294 K512[j] + W512[j]; \
295 (d) += T1, \
296 (h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)), \
297 j++
298
299 #define ROUND512(a,b,c,d,e,f,g,h) \
300 s0 = W512[(j+1)&0x0f]; \
301 s0 = sigma0_512(s0); \
302 s1 = W512[(j+14)&0x0f]; \
303 s1 = sigma1_512(s1); \
304 T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + K512[j] + \
305 (W512[j&0x0f] += s1 + W512[(j+9)&0x0f] + s0); \
306 (d) += T1; \
307 (h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)); \
308 j++
309
310 void SHA512_Transform(SHA512_CTX* context, const sha2_word64* data) {
311 sha2_word64 a, b, c, d, e, f, g, h, s0, s1;
312 sha2_word64 T1, *W512 = (sha2_word64*)context->buffer;
313 int j;
314
315 /* Initialize registers with the prev. intermediate value */
316 a = context->state[0];
317 b = context->state[1];
318 c = context->state[2];
319 d = context->state[3];
320 e = context->state[4];
321 f = context->state[5];
322 g = context->state[6];
323 h = context->state[7];
324
325 j = 0;
326 do {
327 ROUND512_0_TO_15(a,b,c,d,e,f,g,h);
328 ROUND512_0_TO_15(h,a,b,c,d,e,f,g);
329 ROUND512_0_TO_15(g,h,a,b,c,d,e,f);
330 ROUND512_0_TO_15(f,g,h,a,b,c,d,e);
331 ROUND512_0_TO_15(e,f,g,h,a,b,c,d);
332 ROUND512_0_TO_15(d,e,f,g,h,a,b,c);
333 ROUND512_0_TO_15(c,d,e,f,g,h,a,b);
334 ROUND512_0_TO_15(b,c,d,e,f,g,h,a);
335 } while (j < 16);
336
337 /* Now for the remaining rounds up to 79: */
338 do {
339 ROUND512(a,b,c,d,e,f,g,h);
340 ROUND512(h,a,b,c,d,e,f,g);
341 ROUND512(g,h,a,b,c,d,e,f);
342 ROUND512(f,g,h,a,b,c,d,e);
343 ROUND512(e,f,g,h,a,b,c,d);
344 ROUND512(d,e,f,g,h,a,b,c);
345 ROUND512(c,d,e,f,g,h,a,b);
346 ROUND512(b,c,d,e,f,g,h,a);
347 } while (j < 80);
348
349 /* Compute the current intermediate hash value */
350 context->state[0] += a;
351 context->state[1] += b;
352 context->state[2] += c;
353 context->state[3] += d;
354 context->state[4] += e;
355 context->state[5] += f;
356 context->state[6] += g;
357 context->state[7] += h;
358
359 /* Clean up */
360 a = b = c = d = e = f = g = h = T1 = 0;
361 }
362
363 #else /* SHA2_UNROLL_TRANSFORM */
364
365 void SHA512_Transform(SHA512_CTX* context, const sha2_word64* data) {
366 sha2_word64 a, b, c, d, e, f, g, h, s0, s1;
367 sha2_word64 T1, T2, *W512 = (sha2_word64*)context->buffer;
368 int j;
369
370 /* Initialize registers with the prev. intermediate value */
371 a = context->state[0];
372 b = context->state[1];
373 c = context->state[2];
374 d = context->state[3];
375 e = context->state[4];
376 f = context->state[5];
377 g = context->state[6];
378 h = context->state[7];
379
380 j = 0;
381 do {
382 /* Convert TO host byte order */
383 W512[j] = btoh64(*data++);
384
385 /* Apply the SHA-512 compression function to update a..h */
386 T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + W512[j];
387 T2 = Sigma0_512(a) + Maj(a, b, c);
388 h = g;
389 g = f;
390 f = e;
391 e = d + T1;
392 d = c;
393 c = b;
394 b = a;
395 a = T1 + T2;
396
397 j++;
398 } while (j < 16);
399
400 do {
401 /* Part of the message block expansion: */
402 s0 = W512[(j+1)&0x0f];
403 s0 = sigma0_512(s0);
404 s1 = W512[(j+14)&0x0f];
405 s1 = sigma1_512(s1);
406
407 /* Apply the SHA-512 compression function to update a..h */
408 T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] +
409 (W512[j&0x0f] += s1 + W512[(j+9)&0x0f] + s0);
410 T2 = Sigma0_512(a) + Maj(a, b, c);
411 h = g;
412 g = f;
413 f = e;
414 e = d + T1;
415 d = c;
416 c = b;
417 b = a;
418 a = T1 + T2;
419
420 j++;
421 } while (j < 80);
422
423 /* Compute the current intermediate hash value */
424 context->state[0] += a;
425 context->state[1] += b;
426 context->state[2] += c;
427 context->state[3] += d;
428 context->state[4] += e;
429 context->state[5] += f;
430 context->state[6] += g;
431 context->state[7] += h;
432
433 /* Clean up */
434 a = b = c = d = e = f = g = h = T1 = T2 = 0;
435 }
436
437 #endif /* SHA2_UNROLL_TRANSFORM */
438
439 void SHA512_Update(SHA512_CTX* context, const sha2_byte *data, size_t len) {
440 unsigned int freespace, usedspace;
441
442 if (len == 0) {
443 /* Calling with no data is valid - we do nothing */
444 return;
445 }
446
447 /* Sanity check: */
448 assert(context != (SHA512_CTX*)0 && data != (sha2_byte*)0);
449
450 usedspace = (context->bitcount[0] >> 3) % SHA512_BLOCK_LENGTH;
451 if (usedspace > 0) {
452 /* Calculate how much free space is available in the buffer */
453 freespace = SHA512_BLOCK_LENGTH - usedspace;
454
455 if (len >= freespace) {
456 /* Fill the buffer completely and process it */
457 MEMCPY_BCOPY(&context->buffer[usedspace], data, freespace);
458 ADDINC128(context->bitcount, freespace << 3);
459 len -= freespace;
460 data += freespace;
461 SHA512_Transform(context, (sha2_word64*)context->buffer);
462 } else {
463 /* The buffer is not yet full */
464 MEMCPY_BCOPY(&context->buffer[usedspace], data, len);
465 ADDINC128(context->bitcount, len << 3);
466 /* Clean up: */
467 usedspace = freespace = 0;
468 return;
469 }
470 }
471 while (len >= SHA512_BLOCK_LENGTH) {
472 /* Process as many complete blocks as we can */
473 SHA512_Transform(context, (sha2_word64*)data);
474 ADDINC128(context->bitcount, SHA512_BLOCK_LENGTH << 3);
475 len -= SHA512_BLOCK_LENGTH;
476 data += SHA512_BLOCK_LENGTH;
477 }
478 if (len > 0) {
479 /* There's left-overs, so save 'em */
480 MEMCPY_BCOPY(context->buffer, data, len);
481 ADDINC128(context->bitcount, len << 3);
482 }
483 /* Clean up: */
484 usedspace = freespace = 0;
485 }
486
487 void SHA512_Last(SHA512_CTX* context) {
488 unsigned int usedspace;
489
490 usedspace = (context->bitcount[0] >> 3) % SHA512_BLOCK_LENGTH;
491
492 /* Convert FROM host byte order */
493 context->bitcount[0] = htob64(context->bitcount[0]);
494 context->bitcount[1] = htob64(context->bitcount[1]);
495
496 /* Begin padding with a 1 bit: */
497 context->buffer[usedspace++] = 0x80;
498
499 if (usedspace <= SHA512_SHORT_BLOCK_LENGTH) {
500
501 /* Set-up for the last transform: */
502 MEMSET_BZERO(&context->buffer[usedspace],
503 SHA512_SHORT_BLOCK_LENGTH - usedspace);
504 } else {
505 MEMSET_BZERO(&context->buffer[usedspace],
506 SHA512_BLOCK_LENGTH - usedspace);
507
508 /* Do second-to-last transform: */
509 SHA512_Transform(context, (sha2_word64*)context->buffer);
510
511 /* And set-up for the last transform: */
512 MEMSET_BZERO(context->buffer, SHA512_SHORT_BLOCK_LENGTH);
513 }
514
515 /* Store the length of input data (in bits): */
516 *(sha2_word64*)&context->buffer[SHA512_SHORT_BLOCK_LENGTH] =
517 context->bitcount[1];
518 *(sha2_word64*)&context->buffer[SHA512_SHORT_BLOCK_LENGTH+8] =
519 context->bitcount[0];
520
521 /* Final transform: */
522 SHA512_Transform(context, (sha2_word64*)context->buffer);
523 }
524
525 void SHA512_Final(sha2_byte digest[], SHA512_CTX* context) {
526 sha2_word64 *d = (sha2_word64*)digest;
527
528 /* Sanity check: */
529 assert(context != (SHA512_CTX*)0);
530
531 /* If no digest buffer is passed, we don't bother doing this: */
532 if (digest != (sha2_byte*)0) {
533 SHA512_Last(context);
534
535 /* Save the hash data for output: */
536 /* Convert FROM host byte order */
537 for (int j = 0; j < 8; j++) {
538 *d++ = htob64(context->state[j]);
539 }
540 }
541
542 /* Zero out state data */
543 MEMSET_BZERO(context, sizeof(context));
544 }
545
546
547 /*** SHA-384: *********************************************************/
548 void SHA384_Init(SHA384_CTX* context) {
549 if (context == (SHA384_CTX*)0) {
550 return;
551 }
552 MEMCPY_BCOPY(context->state, sha384_initial_hash_value, SHA512_DIGEST_LENGTH);
553 MEMSET_BZERO(context->buffer, SHA384_BLOCK_LENGTH);
554 context->bitcount[0] = context->bitcount[1] = 0;
555 }
556
557 void SHA384_Update(SHA384_CTX* context, const sha2_byte* data, size_t len) {
558 SHA512_Update((SHA512_CTX*)context, data, len);
559 }
560
561 void SHA384_Final(sha2_byte digest[], SHA384_CTX* context) {
562 sha2_word64 *d = (sha2_word64*)digest;
563
564 /* Sanity check: */
565 assert(context != (SHA384_CTX*)0);
566
567 /* If no digest buffer is passed, we don't bother doing this: */
568 if (digest != (sha2_byte*)0) {
569 SHA512_Last((SHA512_CTX*)context);
570
571 /* Save the hash data for output */
572 for (int j = 0; j < 6; j++) {
573 *d++ = htob64(context->state[j]);
574 }
575 }
576
577 /* Zero out state data */
578 MEMSET_BZERO(context, sizeof(context));
579 }
580
581 void SHA384(const sha2_byte* data, size_t len,
582 char digest[SHA384_DIGEST_LENGTH]) {
583 SHA384_CTX context;
584
585 SHA384_Init(&context);
586 SHA384_Update(&context, data, len);
587 SHA384_Final(digest, &context);
588 }
589