2 * Copyright (C) 2005-2007, 2009, 2011, 2012 Internet Systems Consortium, Inc. ("ISC")
4 * Permission to use, copy, modify, and/or distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
8 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
9 * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
10 * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
11 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
12 * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
13 * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
14 * PERFORMANCE OF THIS SOFTWARE.
19 /* $FreeBSD: 258945 2013-12-04 21:33:17Z roberto $ */
20 /* $KAME: sha2.c,v 1.8 2001/11/08 01:07:52 itojun Exp $ */
27 * Written by Aaron D. Gifford <me@aarongifford.com>
29 * Copyright 2000 Aaron D. Gifford. All rights reserved.
31 * Redistribution and use in source and binary forms, with or without
32 * modification, are permitted provided that the following conditions
34 * 1. Redistributions of source code must retain the above copyright
35 * notice, this list of conditions and the following disclaimer.
36 * 2. Redistributions in binary form must reproduce the above copyright
37 * notice, this list of conditions and the following disclaimer in the
38 * documentation and/or other materials provided with the distribution.
39 * 3. Neither the name of the copyright holder nor the names of contributors
40 * may be used to endorse or promote products derived from this software
41 * without specific prior written permission.
43 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) AND CONTRIBUTOR(S) ``AS IS'' AND
44 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
45 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
46 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR(S) OR CONTRIBUTOR(S) BE LIABLE
47 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
48 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
49 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
50 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
51 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
52 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
60 #include <isc/assertions.h>
61 #include <isc/platform.h>
63 #include <isc/string.h>
66 #ifdef ISC_PLATFORM_OPENSSLHASH
69 isc_sha224_init(isc_sha224_t *context) {
70 if (context == (isc_sha224_t *)0) {
73 EVP_DigestInit(context, EVP_sha224());
77 isc_sha224_invalidate(isc_sha224_t *context) {
78 EVP_MD_CTX_cleanup(context);
82 isc_sha224_update(isc_sha224_t *context, const isc_uint8_t* data, size_t len) {
84 /* Calling with no data is valid - we do nothing */
89 REQUIRE(context != (isc_sha224_t *)0 && data != (isc_uint8_t*)0);
91 EVP_DigestUpdate(context, (const void *) data, len);
95 isc_sha224_final(isc_uint8_t digest[], isc_sha224_t *context) {
97 REQUIRE(context != (isc_sha224_t *)0);
99 /* If no digest buffer is passed, we don't bother doing this: */
100 if (digest != (isc_uint8_t*)0) {
101 EVP_DigestFinal(context, digest, NULL);
103 EVP_MD_CTX_cleanup(context);
108 isc_sha256_init(isc_sha256_t *context) {
109 if (context == (isc_sha256_t *)0) {
112 EVP_DigestInit(context, EVP_sha256());
116 isc_sha256_invalidate(isc_sha256_t *context) {
117 EVP_MD_CTX_cleanup(context);
121 isc_sha256_update(isc_sha256_t *context, const isc_uint8_t *data, size_t len) {
123 /* Calling with no data is valid - we do nothing */
128 REQUIRE(context != (isc_sha256_t *)0 && data != (isc_uint8_t*)0);
130 EVP_DigestUpdate(context, (const void *) data, len);
134 isc_sha256_final(isc_uint8_t digest[], isc_sha256_t *context) {
136 REQUIRE(context != (isc_sha256_t *)0);
138 /* If no digest buffer is passed, we don't bother doing this: */
139 if (digest != (isc_uint8_t*)0) {
140 EVP_DigestFinal(context, digest, NULL);
142 EVP_MD_CTX_cleanup(context);
147 isc_sha512_init(isc_sha512_t *context) {
148 if (context == (isc_sha512_t *)0) {
151 EVP_DigestInit(context, EVP_sha512());
155 isc_sha512_invalidate(isc_sha512_t *context) {
156 EVP_MD_CTX_cleanup(context);
159 void isc_sha512_update(isc_sha512_t *context, const isc_uint8_t *data, size_t len) {
161 /* Calling with no data is valid - we do nothing */
166 REQUIRE(context != (isc_sha512_t *)0 && data != (isc_uint8_t*)0);
168 EVP_DigestUpdate(context, (const void *) data, len);
171 void isc_sha512_final(isc_uint8_t digest[], isc_sha512_t *context) {
173 REQUIRE(context != (isc_sha512_t *)0);
175 /* If no digest buffer is passed, we don't bother doing this: */
176 if (digest != (isc_uint8_t*)0) {
177 EVP_DigestFinal(context, digest, NULL);
179 EVP_MD_CTX_cleanup(context);
184 isc_sha384_init(isc_sha384_t *context) {
185 if (context == (isc_sha384_t *)0) {
188 EVP_DigestInit(context, EVP_sha384());
192 isc_sha384_invalidate(isc_sha384_t *context) {
193 EVP_MD_CTX_cleanup(context);
197 isc_sha384_update(isc_sha384_t *context, const isc_uint8_t* data, size_t len) {
199 /* Calling with no data is valid - we do nothing */
204 REQUIRE(context != (isc_sha512_t *)0 && data != (isc_uint8_t*)0);
206 EVP_DigestUpdate(context, (const void *) data, len);
210 isc_sha384_final(isc_uint8_t digest[], isc_sha384_t *context) {
212 REQUIRE(context != (isc_sha384_t *)0);
214 /* If no digest buffer is passed, we don't bother doing this: */
215 if (digest != (isc_uint8_t*)0) {
216 EVP_DigestFinal(context, digest, NULL);
218 EVP_MD_CTX_cleanup(context);
225 * UNROLLED TRANSFORM LOOP NOTE:
226 * You can define SHA2_UNROLL_TRANSFORM to use the unrolled transform
227 * loop version for the hash transform rounds (defined using macros
228 * later in this file). Either define on the command line, for example:
230 * cc -DISC_SHA2_UNROLL_TRANSFORM -o sha2 sha2.c sha2prog.c
234 * \#define ISC_SHA2_UNROLL_TRANSFORM
238 /*** SHA-256/384/512 Machine Architecture Definitions *****************/
242 * Please make sure that your system defines BYTE_ORDER. If your
243 * architecture is little-endian, make sure it also defines
244 * LITTLE_ENDIAN and that the two (BYTE_ORDER and LITTLE_ENDIAN) are
247 * If your system does not define the above, then you can do so by
250 * \#define LITTLE_ENDIAN 1234
251 * \#define BIG_ENDIAN 4321
253 * And for little-endian machines, add:
255 * \#define BYTE_ORDER LITTLE_ENDIAN
257 * Or for big-endian machines:
259 * \#define BYTE_ORDER BIG_ENDIAN
261 * The FreeBSD machine this was written on defines BYTE_ORDER
262 * appropriately by including <sys/types.h> (which in turn includes
263 * <machine/endian.h> where the appropriate definitions are actually
266 #if !defined(BYTE_ORDER) || (BYTE_ORDER != LITTLE_ENDIAN && BYTE_ORDER != BIG_ENDIAN)
269 #define BIG_ENDIAN 4321
271 #ifndef LITTLE_ENDIAN
272 #define LITTLE_ENDIAN 1234
274 #ifdef WORDS_BIGENDIAN
275 #define BYTE_ORDER BIG_ENDIAN
277 #define BYTE_ORDER LITTLE_ENDIAN
280 #error Define BYTE_ORDER to be equal to either LITTLE_ENDIAN or BIG_ENDIAN
284 /*** SHA-256/384/512 Various Length Definitions ***********************/
285 /* NOTE: Most of these are in sha2.h */
286 #define ISC_SHA256_SHORT_BLOCK_LENGTH (ISC_SHA256_BLOCK_LENGTH - 8)
287 #define ISC_SHA384_SHORT_BLOCK_LENGTH (ISC_SHA384_BLOCK_LENGTH - 16)
288 #define ISC_SHA512_SHORT_BLOCK_LENGTH (ISC_SHA512_BLOCK_LENGTH - 16)
291 /*** ENDIAN REVERSAL MACROS *******************************************/
292 #if BYTE_ORDER == LITTLE_ENDIAN
293 #define REVERSE32(w,x) { \
294 isc_uint32_t tmp = (w); \
295 tmp = (tmp >> 16) | (tmp << 16); \
296 (x) = ((tmp & 0xff00ff00UL) >> 8) | ((tmp & 0x00ff00ffUL) << 8); \
299 #define REVERSE64(w,x) { \
300 isc_uint64_t tmp = (w); \
301 tmp = (tmp >> 32) | (tmp << 32); \
302 tmp = ((tmp & 0xff00ff00ff00ff00UL) >> 8) | \
303 ((tmp & 0x00ff00ff00ff00ffUL) << 8); \
304 (x) = ((tmp & 0xffff0000ffff0000UL) >> 16) | \
305 ((tmp & 0x0000ffff0000ffffUL) << 16); \
308 #define REVERSE64(w,x) { \
309 isc_uint64_t tmp = (w); \
310 tmp = (tmp >> 32) | (tmp << 32); \
311 tmp = ((tmp & 0xff00ff00ff00ff00ULL) >> 8) | \
312 ((tmp & 0x00ff00ff00ff00ffULL) << 8); \
313 (x) = ((tmp & 0xffff0000ffff0000ULL) >> 16) | \
314 ((tmp & 0x0000ffff0000ffffULL) << 16); \
317 #endif /* BYTE_ORDER == LITTLE_ENDIAN */
320 * Macro for incrementally adding the unsigned 64-bit integer n to the
321 * unsigned 128-bit integer (represented using a two-element array of
324 #define ADDINC128(w,n) { \
325 (w)[0] += (isc_uint64_t)(n); \
326 if ((w)[0] < (n)) { \
331 /*** THE SIX LOGICAL FUNCTIONS ****************************************/
333 * Bit shifting and rotation (used by the six SHA-XYZ logical functions:
335 * NOTE: The naming of R and S appears backwards here (R is a SHIFT and
336 * S is a ROTATION) because the SHA-256/384/512 description document
337 * (see http://csrc.nist.gov/cryptval/shs/sha256-384-512.pdf) uses this
338 * same "backwards" definition.
340 /* Shift-right (used in SHA-256, SHA-384, and SHA-512): */
341 #define R(b,x) ((x) >> (b))
342 /* 32-bit Rotate-right (used in SHA-256): */
343 #define S32(b,x) (((x) >> (b)) | ((x) << (32 - (b))))
344 /* 64-bit Rotate-right (used in SHA-384 and SHA-512): */
345 #define S64(b,x) (((x) >> (b)) | ((x) << (64 - (b))))
347 /* Two of six logical functions used in SHA-256, SHA-384, and SHA-512: */
348 #define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z)))
349 #define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
351 /* Four of six logical functions used in SHA-256: */
352 #define Sigma0_256(x) (S32(2, (x)) ^ S32(13, (x)) ^ S32(22, (x)))
353 #define Sigma1_256(x) (S32(6, (x)) ^ S32(11, (x)) ^ S32(25, (x)))
354 #define sigma0_256(x) (S32(7, (x)) ^ S32(18, (x)) ^ R(3 , (x)))
355 #define sigma1_256(x) (S32(17, (x)) ^ S32(19, (x)) ^ R(10, (x)))
357 /* Four of six logical functions used in SHA-384 and SHA-512: */
358 #define Sigma0_512(x) (S64(28, (x)) ^ S64(34, (x)) ^ S64(39, (x)))
359 #define Sigma1_512(x) (S64(14, (x)) ^ S64(18, (x)) ^ S64(41, (x)))
360 #define sigma0_512(x) (S64( 1, (x)) ^ S64( 8, (x)) ^ R( 7, (x)))
361 #define sigma1_512(x) (S64(19, (x)) ^ S64(61, (x)) ^ R( 6, (x)))
363 /*** INTERNAL FUNCTION PROTOTYPES *************************************/
364 /* NOTE: These should not be accessed directly from outside this
365 * library -- they are intended for private internal visibility/use
368 void isc_sha512_last(isc_sha512_t *);
369 void isc_sha256_transform(isc_sha256_t *, const isc_uint32_t*);
370 void isc_sha512_transform(isc_sha512_t *, const isc_uint64_t*);
373 /*** SHA-XYZ INITIAL HASH VALUES AND CONSTANTS ************************/
374 /* Hash constant words K for SHA-224 and SHA-256: */
375 static const isc_uint32_t K256[64] = {
376 0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL,
377 0x3956c25bUL, 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL,
378 0xd807aa98UL, 0x12835b01UL, 0x243185beUL, 0x550c7dc3UL,
379 0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL, 0xc19bf174UL,
380 0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL,
381 0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL,
382 0x983e5152UL, 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL,
383 0xc6e00bf3UL, 0xd5a79147UL, 0x06ca6351UL, 0x14292967UL,
384 0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL, 0x53380d13UL,
385 0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL,
386 0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL,
387 0xd192e819UL, 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL,
388 0x19a4c116UL, 0x1e376c08UL, 0x2748774cUL, 0x34b0bcb5UL,
389 0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL, 0x682e6ff3UL,
390 0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL,
391 0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL
394 /* Initial hash value H for SHA-224: */
395 static const isc_uint32_t sha224_initial_hash_value[8] = {
406 /* Initial hash value H for SHA-256: */
407 static const isc_uint32_t sha256_initial_hash_value[8] = {
419 /* Hash constant words K for SHA-384 and SHA-512: */
420 static const isc_uint64_t K512[80] = {
421 0x428a2f98d728ae22UL, 0x7137449123ef65cdUL,
422 0xb5c0fbcfec4d3b2fUL, 0xe9b5dba58189dbbcUL,
423 0x3956c25bf348b538UL, 0x59f111f1b605d019UL,
424 0x923f82a4af194f9bUL, 0xab1c5ed5da6d8118UL,
425 0xd807aa98a3030242UL, 0x12835b0145706fbeUL,
426 0x243185be4ee4b28cUL, 0x550c7dc3d5ffb4e2UL,
427 0x72be5d74f27b896fUL, 0x80deb1fe3b1696b1UL,
428 0x9bdc06a725c71235UL, 0xc19bf174cf692694UL,
429 0xe49b69c19ef14ad2UL, 0xefbe4786384f25e3UL,
430 0x0fc19dc68b8cd5b5UL, 0x240ca1cc77ac9c65UL,
431 0x2de92c6f592b0275UL, 0x4a7484aa6ea6e483UL,
432 0x5cb0a9dcbd41fbd4UL, 0x76f988da831153b5UL,
433 0x983e5152ee66dfabUL, 0xa831c66d2db43210UL,
434 0xb00327c898fb213fUL, 0xbf597fc7beef0ee4UL,
435 0xc6e00bf33da88fc2UL, 0xd5a79147930aa725UL,
436 0x06ca6351e003826fUL, 0x142929670a0e6e70UL,
437 0x27b70a8546d22ffcUL, 0x2e1b21385c26c926UL,
438 0x4d2c6dfc5ac42aedUL, 0x53380d139d95b3dfUL,
439 0x650a73548baf63deUL, 0x766a0abb3c77b2a8UL,
440 0x81c2c92e47edaee6UL, 0x92722c851482353bUL,
441 0xa2bfe8a14cf10364UL, 0xa81a664bbc423001UL,
442 0xc24b8b70d0f89791UL, 0xc76c51a30654be30UL,
443 0xd192e819d6ef5218UL, 0xd69906245565a910UL,
444 0xf40e35855771202aUL, 0x106aa07032bbd1b8UL,
445 0x19a4c116b8d2d0c8UL, 0x1e376c085141ab53UL,
446 0x2748774cdf8eeb99UL, 0x34b0bcb5e19b48a8UL,
447 0x391c0cb3c5c95a63UL, 0x4ed8aa4ae3418acbUL,
448 0x5b9cca4f7763e373UL, 0x682e6ff3d6b2b8a3UL,
449 0x748f82ee5defb2fcUL, 0x78a5636f43172f60UL,
450 0x84c87814a1f0ab72UL, 0x8cc702081a6439ecUL,
451 0x90befffa23631e28UL, 0xa4506cebde82bde9UL,
452 0xbef9a3f7b2c67915UL, 0xc67178f2e372532bUL,
453 0xca273eceea26619cUL, 0xd186b8c721c0c207UL,
454 0xeada7dd6cde0eb1eUL, 0xf57d4f7fee6ed178UL,
455 0x06f067aa72176fbaUL, 0x0a637dc5a2c898a6UL,
456 0x113f9804bef90daeUL, 0x1b710b35131c471bUL,
457 0x28db77f523047d84UL, 0x32caab7b40c72493UL,
458 0x3c9ebe0a15c9bebcUL, 0x431d67c49c100d4cUL,
459 0x4cc5d4becb3e42b6UL, 0x597f299cfc657e2aUL,
460 0x5fcb6fab3ad6faecUL, 0x6c44198c4a475817UL
463 /* Initial hash value H for SHA-384: */
464 static const isc_uint64_t sha384_initial_hash_value[8] = {
465 0xcbbb9d5dc1059ed8UL,
466 0x629a292a367cd507UL,
467 0x9159015a3070dd17UL,
468 0x152fecd8f70e5939UL,
469 0x67332667ffc00b31UL,
470 0x8eb44a8768581511UL,
471 0xdb0c2e0d64f98fa7UL,
475 /* Initial hash value H for SHA-512: */
476 static const isc_uint64_t sha512_initial_hash_value[8] = {
478 0xbb67ae8584caa73bUL,
479 0x3c6ef372fe94f82bUL,
480 0xa54ff53a5f1d36f1UL,
481 0x510e527fade682d1UL,
482 0x9b05688c2b3e6c1fUL,
483 0x1f83d9abfb41bd6bUL,
487 /* Hash constant words K for SHA-384 and SHA-512: */
488 static const isc_uint64_t K512[80] = {
489 0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL,
490 0xb5c0fbcfec4d3b2fULL, 0xe9b5dba58189dbbcULL,
491 0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL,
492 0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL,
493 0xd807aa98a3030242ULL, 0x12835b0145706fbeULL,
494 0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL,
495 0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL,
496 0x9bdc06a725c71235ULL, 0xc19bf174cf692694ULL,
497 0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL,
498 0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL,
499 0x2de92c6f592b0275ULL, 0x4a7484aa6ea6e483ULL,
500 0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL,
501 0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL,
502 0xb00327c898fb213fULL, 0xbf597fc7beef0ee4ULL,
503 0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL,
504 0x06ca6351e003826fULL, 0x142929670a0e6e70ULL,
505 0x27b70a8546d22ffcULL, 0x2e1b21385c26c926ULL,
506 0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL,
507 0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL,
508 0x81c2c92e47edaee6ULL, 0x92722c851482353bULL,
509 0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL,
510 0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL,
511 0xd192e819d6ef5218ULL, 0xd69906245565a910ULL,
512 0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL,
513 0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL,
514 0x2748774cdf8eeb99ULL, 0x34b0bcb5e19b48a8ULL,
515 0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL,
516 0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL,
517 0x748f82ee5defb2fcULL, 0x78a5636f43172f60ULL,
518 0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL,
519 0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL,
520 0xbef9a3f7b2c67915ULL, 0xc67178f2e372532bULL,
521 0xca273eceea26619cULL, 0xd186b8c721c0c207ULL,
522 0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL,
523 0x06f067aa72176fbaULL, 0x0a637dc5a2c898a6ULL,
524 0x113f9804bef90daeULL, 0x1b710b35131c471bULL,
525 0x28db77f523047d84ULL, 0x32caab7b40c72493ULL,
526 0x3c9ebe0a15c9bebcULL, 0x431d67c49c100d4cULL,
527 0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL,
528 0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL
531 /* Initial hash value H for SHA-384: */
532 static const isc_uint64_t sha384_initial_hash_value[8] = {
533 0xcbbb9d5dc1059ed8ULL,
534 0x629a292a367cd507ULL,
535 0x9159015a3070dd17ULL,
536 0x152fecd8f70e5939ULL,
537 0x67332667ffc00b31ULL,
538 0x8eb44a8768581511ULL,
539 0xdb0c2e0d64f98fa7ULL,
540 0x47b5481dbefa4fa4ULL
543 /* Initial hash value H for SHA-512: */
544 static const isc_uint64_t sha512_initial_hash_value[8] = {
545 0x6a09e667f3bcc908ULL,
546 0xbb67ae8584caa73bULL,
547 0x3c6ef372fe94f82bULL,
548 0xa54ff53a5f1d36f1ULL,
549 0x510e527fade682d1ULL,
550 0x9b05688c2b3e6c1fULL,
551 0x1f83d9abfb41bd6bULL,
552 0x5be0cd19137e2179ULL
557 /*** SHA-224: *********************************************************/
559 isc_sha224_init(isc_sha224_t *context) {
560 if (context == (isc_sha256_t *)0) {
563 memcpy(context->state, sha224_initial_hash_value,
564 ISC_SHA256_DIGESTLENGTH);
565 memset(context->buffer, 0, ISC_SHA256_BLOCK_LENGTH);
566 context->bitcount = 0;
570 isc_sha224_invalidate(isc_sha224_t *context) {
571 memset(context, 0, sizeof(isc_sha224_t));
575 isc_sha224_update(isc_sha224_t *context, const isc_uint8_t* data, size_t len) {
576 isc_sha256_update((isc_sha256_t *)context, data, len);
580 isc_sha224_final(isc_uint8_t digest[], isc_sha224_t *context) {
581 isc_uint8_t sha256_digest[ISC_SHA256_DIGESTLENGTH];
582 isc_sha256_final(sha256_digest, (isc_sha256_t *)context);
583 memcpy(digest, sha256_digest, ISC_SHA224_DIGESTLENGTH);
584 memset(sha256_digest, 0, ISC_SHA256_DIGESTLENGTH);
587 /*** SHA-256: *********************************************************/
589 isc_sha256_init(isc_sha256_t *context) {
590 if (context == (isc_sha256_t *)0) {
593 memcpy(context->state, sha256_initial_hash_value,
594 ISC_SHA256_DIGESTLENGTH);
595 memset(context->buffer, 0, ISC_SHA256_BLOCK_LENGTH);
596 context->bitcount = 0;
600 isc_sha256_invalidate(isc_sha256_t *context) {
601 memset(context, 0, sizeof(isc_sha256_t));
604 #ifdef ISC_SHA2_UNROLL_TRANSFORM
606 /* Unrolled SHA-256 round macros: */
608 #if BYTE_ORDER == LITTLE_ENDIAN
610 #define ROUND256_0_TO_15(a,b,c,d,e,f,g,h) \
611 REVERSE32(*data++, W256[j]); \
612 T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + \
615 (h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \
619 #else /* BYTE_ORDER == LITTLE_ENDIAN */
621 #define ROUND256_0_TO_15(a,b,c,d,e,f,g,h) \
622 T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + \
623 K256[j] + (W256[j] = *data++); \
625 (h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \
628 #endif /* BYTE_ORDER == LITTLE_ENDIAN */
630 #define ROUND256(a,b,c,d,e,f,g,h) \
631 s0 = W256[(j+1)&0x0f]; \
632 s0 = sigma0_256(s0); \
633 s1 = W256[(j+14)&0x0f]; \
634 s1 = sigma1_256(s1); \
635 T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + K256[j] + \
636 (W256[j&0x0f] += s1 + W256[(j+9)&0x0f] + s0); \
638 (h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \
641 void isc_sha256_transform(isc_sha256_t *context, const isc_uint32_t* data) {
642 isc_uint32_t a, b, c, d, e, f, g, h, s0, s1;
643 isc_uint32_t T1, *W256;
646 W256 = (isc_uint32_t*)context->buffer;
648 /* Initialize registers with the prev. intermediate value */
649 a = context->state[0];
650 b = context->state[1];
651 c = context->state[2];
652 d = context->state[3];
653 e = context->state[4];
654 f = context->state[5];
655 g = context->state[6];
656 h = context->state[7];
660 /* Rounds 0 to 15 (unrolled): */
661 ROUND256_0_TO_15(a,b,c,d,e,f,g,h);
662 ROUND256_0_TO_15(h,a,b,c,d,e,f,g);
663 ROUND256_0_TO_15(g,h,a,b,c,d,e,f);
664 ROUND256_0_TO_15(f,g,h,a,b,c,d,e);
665 ROUND256_0_TO_15(e,f,g,h,a,b,c,d);
666 ROUND256_0_TO_15(d,e,f,g,h,a,b,c);
667 ROUND256_0_TO_15(c,d,e,f,g,h,a,b);
668 ROUND256_0_TO_15(b,c,d,e,f,g,h,a);
671 /* Now for the remaining rounds to 64: */
673 ROUND256(a,b,c,d,e,f,g,h);
674 ROUND256(h,a,b,c,d,e,f,g);
675 ROUND256(g,h,a,b,c,d,e,f);
676 ROUND256(f,g,h,a,b,c,d,e);
677 ROUND256(e,f,g,h,a,b,c,d);
678 ROUND256(d,e,f,g,h,a,b,c);
679 ROUND256(c,d,e,f,g,h,a,b);
680 ROUND256(b,c,d,e,f,g,h,a);
683 /* Compute the current intermediate hash value */
684 context->state[0] += a;
685 context->state[1] += b;
686 context->state[2] += c;
687 context->state[3] += d;
688 context->state[4] += e;
689 context->state[5] += f;
690 context->state[6] += g;
691 context->state[7] += h;
694 a = b = c = d = e = f = g = h = T1 = 0;
695 /* Avoid compiler warnings */
696 POST(a); POST(b); POST(c); POST(d); POST(e); POST(f);
697 POST(g); POST(h); POST(T1);
700 #else /* ISC_SHA2_UNROLL_TRANSFORM */
703 isc_sha256_transform(isc_sha256_t *context, const isc_uint32_t* data) {
704 isc_uint32_t a, b, c, d, e, f, g, h, s0, s1;
705 isc_uint32_t T1, T2, *W256;
708 W256 = (isc_uint32_t*)context->buffer;
710 /* Initialize registers with the prev. intermediate value */
711 a = context->state[0];
712 b = context->state[1];
713 c = context->state[2];
714 d = context->state[3];
715 e = context->state[4];
716 f = context->state[5];
717 g = context->state[6];
718 h = context->state[7];
722 #if BYTE_ORDER == LITTLE_ENDIAN
723 /* Copy data while converting to host byte order */
724 REVERSE32(*data++,W256[j]);
725 /* Apply the SHA-256 compression function to update a..h */
726 T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + W256[j];
727 #else /* BYTE_ORDER == LITTLE_ENDIAN */
728 /* Apply the SHA-256 compression function to update a..h with copy */
729 T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + (W256[j] = *data++);
730 #endif /* BYTE_ORDER == LITTLE_ENDIAN */
731 T2 = Sigma0_256(a) + Maj(a, b, c);
745 /* Part of the message block expansion: */
746 s0 = W256[(j+1)&0x0f];
748 s1 = W256[(j+14)&0x0f];
751 /* Apply the SHA-256 compression function to update a..h */
752 T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] +
753 (W256[j&0x0f] += s1 + W256[(j+9)&0x0f] + s0);
754 T2 = Sigma0_256(a) + Maj(a, b, c);
767 /* Compute the current intermediate hash value */
768 context->state[0] += a;
769 context->state[1] += b;
770 context->state[2] += c;
771 context->state[3] += d;
772 context->state[4] += e;
773 context->state[5] += f;
774 context->state[6] += g;
775 context->state[7] += h;
778 a = b = c = d = e = f = g = h = T1 = T2 = 0;
779 /* Avoid compiler warnings */
780 POST(a); POST(b); POST(c); POST(d); POST(e); POST(f);
781 POST(g); POST(h); POST(T1); POST(T2);
784 #endif /* ISC_SHA2_UNROLL_TRANSFORM */
787 isc_sha256_update(isc_sha256_t *context, const isc_uint8_t *data, size_t len) {
788 unsigned int freespace, usedspace;
791 /* Calling with no data is valid - we do nothing */
796 REQUIRE(context != (isc_sha256_t *)0 && data != (isc_uint8_t*)0);
798 usedspace = (unsigned int)((context->bitcount >> 3) %
799 ISC_SHA256_BLOCK_LENGTH);
801 /* Calculate how much free space is available in the buffer */
802 freespace = ISC_SHA256_BLOCK_LENGTH - usedspace;
804 if (len >= freespace) {
805 /* Fill the buffer completely and process it */
806 memcpy(&context->buffer[usedspace], data, freespace);
807 context->bitcount += freespace << 3;
810 isc_sha256_transform(context,
811 (isc_uint32_t*)context->buffer);
813 /* The buffer is not yet full */
814 memcpy(&context->buffer[usedspace], data, len);
815 context->bitcount += len << 3;
817 usedspace = freespace = 0;
818 /* Avoid compiler warnings: */
819 POST(usedspace); POST(freespace);
823 while (len >= ISC_SHA256_BLOCK_LENGTH) {
824 /* Process as many complete blocks as we can */
825 memcpy(context->buffer, data, ISC_SHA256_BLOCK_LENGTH);
826 isc_sha256_transform(context, (isc_uint32_t*)context->buffer);
827 context->bitcount += ISC_SHA256_BLOCK_LENGTH << 3;
828 len -= ISC_SHA256_BLOCK_LENGTH;
829 data += ISC_SHA256_BLOCK_LENGTH;
832 /* There's left-overs, so save 'em */
833 memcpy(context->buffer, data, len);
834 context->bitcount += len << 3;
837 usedspace = freespace = 0;
838 /* Avoid compiler warnings: */
839 POST(usedspace); POST(freespace);
843 isc_sha256_final(isc_uint8_t digest[], isc_sha256_t *context) {
844 isc_uint32_t *d = (isc_uint32_t*)digest;
845 unsigned int usedspace;
848 REQUIRE(context != (isc_sha256_t *)0);
850 /* If no digest buffer is passed, we don't bother doing this: */
851 if (digest != (isc_uint8_t*)0) {
852 usedspace = (unsigned int)((context->bitcount >> 3) %
853 ISC_SHA256_BLOCK_LENGTH);
854 #if BYTE_ORDER == LITTLE_ENDIAN
855 /* Convert FROM host byte order */
856 REVERSE64(context->bitcount,context->bitcount);
859 /* Begin padding with a 1 bit: */
860 context->buffer[usedspace++] = 0x80;
862 if (usedspace <= ISC_SHA256_SHORT_BLOCK_LENGTH) {
863 /* Set-up for the last transform: */
864 memset(&context->buffer[usedspace], 0,
865 ISC_SHA256_SHORT_BLOCK_LENGTH - usedspace);
867 if (usedspace < ISC_SHA256_BLOCK_LENGTH) {
868 memset(&context->buffer[usedspace], 0,
869 ISC_SHA256_BLOCK_LENGTH -
872 /* Do second-to-last transform: */
873 isc_sha256_transform(context,
874 (isc_uint32_t*)context->buffer);
876 /* And set-up for the last transform: */
877 memset(context->buffer, 0,
878 ISC_SHA256_SHORT_BLOCK_LENGTH);
881 /* Set-up for the last transform: */
882 memset(context->buffer, 0, ISC_SHA256_SHORT_BLOCK_LENGTH);
884 /* Begin padding with a 1 bit: */
885 *context->buffer = 0x80;
887 /* Set the bit count: */
888 *(isc_uint64_t*)&context->buffer[ISC_SHA256_SHORT_BLOCK_LENGTH] = context->bitcount;
890 /* Final transform: */
891 isc_sha256_transform(context, (isc_uint32_t*)context->buffer);
893 #if BYTE_ORDER == LITTLE_ENDIAN
895 /* Convert TO host byte order */
897 for (j = 0; j < 8; j++) {
898 REVERSE32(context->state[j],context->state[j]);
899 *d++ = context->state[j];
903 memcpy(d, context->state, ISC_SHA256_DIGESTLENGTH);
907 /* Clean up state data: */
908 memset(context, 0, sizeof(*context));
913 /*** SHA-512: *********************************************************/
915 isc_sha512_init(isc_sha512_t *context) {
916 if (context == (isc_sha512_t *)0) {
919 memcpy(context->state, sha512_initial_hash_value,
920 ISC_SHA512_DIGESTLENGTH);
921 memset(context->buffer, 0, ISC_SHA512_BLOCK_LENGTH);
922 context->bitcount[0] = context->bitcount[1] = 0;
926 isc_sha512_invalidate(isc_sha512_t *context) {
927 memset(context, 0, sizeof(isc_sha512_t));
930 #ifdef ISC_SHA2_UNROLL_TRANSFORM
932 /* Unrolled SHA-512 round macros: */
933 #if BYTE_ORDER == LITTLE_ENDIAN
935 #define ROUND512_0_TO_15(a,b,c,d,e,f,g,h) \
936 REVERSE64(*data++, W512[j]); \
937 T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + \
940 (h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)), \
944 #else /* BYTE_ORDER == LITTLE_ENDIAN */
946 #define ROUND512_0_TO_15(a,b,c,d,e,f,g,h) \
947 T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + \
948 K512[j] + (W512[j] = *data++); \
950 (h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)); \
953 #endif /* BYTE_ORDER == LITTLE_ENDIAN */
955 #define ROUND512(a,b,c,d,e,f,g,h) \
956 s0 = W512[(j+1)&0x0f]; \
957 s0 = sigma0_512(s0); \
958 s1 = W512[(j+14)&0x0f]; \
959 s1 = sigma1_512(s1); \
960 T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + K512[j] + \
961 (W512[j&0x0f] += s1 + W512[(j+9)&0x0f] + s0); \
963 (h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)); \
966 void isc_sha512_transform(isc_sha512_t *context, const isc_uint64_t* data) {
967 isc_uint64_t a, b, c, d, e, f, g, h, s0, s1;
968 isc_uint64_t T1, *W512 = (isc_uint64_t*)context->buffer;
971 /* Initialize registers with the prev. intermediate value */
972 a = context->state[0];
973 b = context->state[1];
974 c = context->state[2];
975 d = context->state[3];
976 e = context->state[4];
977 f = context->state[5];
978 g = context->state[6];
979 h = context->state[7];
983 ROUND512_0_TO_15(a,b,c,d,e,f,g,h);
984 ROUND512_0_TO_15(h,a,b,c,d,e,f,g);
985 ROUND512_0_TO_15(g,h,a,b,c,d,e,f);
986 ROUND512_0_TO_15(f,g,h,a,b,c,d,e);
987 ROUND512_0_TO_15(e,f,g,h,a,b,c,d);
988 ROUND512_0_TO_15(d,e,f,g,h,a,b,c);
989 ROUND512_0_TO_15(c,d,e,f,g,h,a,b);
990 ROUND512_0_TO_15(b,c,d,e,f,g,h,a);
993 /* Now for the remaining rounds up to 79: */
995 ROUND512(a,b,c,d,e,f,g,h);
996 ROUND512(h,a,b,c,d,e,f,g);
997 ROUND512(g,h,a,b,c,d,e,f);
998 ROUND512(f,g,h,a,b,c,d,e);
999 ROUND512(e,f,g,h,a,b,c,d);
1000 ROUND512(d,e,f,g,h,a,b,c);
1001 ROUND512(c,d,e,f,g,h,a,b);
1002 ROUND512(b,c,d,e,f,g,h,a);
1005 /* Compute the current intermediate hash value */
1006 context->state[0] += a;
1007 context->state[1] += b;
1008 context->state[2] += c;
1009 context->state[3] += d;
1010 context->state[4] += e;
1011 context->state[5] += f;
1012 context->state[6] += g;
1013 context->state[7] += h;
1016 a = b = c = d = e = f = g = h = T1 = 0;
1017 /* Avoid compiler warnings */
1018 POST(a); POST(b); POST(c); POST(d); POST(e); POST(f);
1019 POST(g); POST(h); POST(T1);
1022 #else /* ISC_SHA2_UNROLL_TRANSFORM */
1025 isc_sha512_transform(isc_sha512_t *context, const isc_uint64_t* data) {
1026 isc_uint64_t a, b, c, d, e, f, g, h, s0, s1;
1027 isc_uint64_t T1, T2, *W512 = (isc_uint64_t*)context->buffer;
1030 /* Initialize registers with the prev. intermediate value */
1031 a = context->state[0];
1032 b = context->state[1];
1033 c = context->state[2];
1034 d = context->state[3];
1035 e = context->state[4];
1036 f = context->state[5];
1037 g = context->state[6];
1038 h = context->state[7];
1042 #if BYTE_ORDER == LITTLE_ENDIAN
1043 /* Convert TO host byte order */
1044 REVERSE64(*data++, W512[j]);
1045 /* Apply the SHA-512 compression function to update a..h */
1046 T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + W512[j];
1047 #else /* BYTE_ORDER == LITTLE_ENDIAN */
1048 /* Apply the SHA-512 compression function to update a..h with copy */
1049 T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + (W512[j] = *data++);
1050 #endif /* BYTE_ORDER == LITTLE_ENDIAN */
1051 T2 = Sigma0_512(a) + Maj(a, b, c);
1065 /* Part of the message block expansion: */
1066 s0 = W512[(j+1)&0x0f];
1067 s0 = sigma0_512(s0);
1068 s1 = W512[(j+14)&0x0f];
1069 s1 = sigma1_512(s1);
1071 /* Apply the SHA-512 compression function to update a..h */
1072 T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] +
1073 (W512[j&0x0f] += s1 + W512[(j+9)&0x0f] + s0);
1074 T2 = Sigma0_512(a) + Maj(a, b, c);
1087 /* Compute the current intermediate hash value */
1088 context->state[0] += a;
1089 context->state[1] += b;
1090 context->state[2] += c;
1091 context->state[3] += d;
1092 context->state[4] += e;
1093 context->state[5] += f;
1094 context->state[6] += g;
1095 context->state[7] += h;
1098 a = b = c = d = e = f = g = h = T1 = T2 = 0;
1099 /* Avoid compiler warnings */
1100 POST(a); POST(b); POST(c); POST(d); POST(e); POST(f);
1101 POST(g); POST(h); POST(T1); POST(T2);
1104 #endif /* ISC_SHA2_UNROLL_TRANSFORM */
1106 void isc_sha512_update(isc_sha512_t *context, const isc_uint8_t *data, size_t len) {
1107 unsigned int freespace, usedspace;
1110 /* Calling with no data is valid - we do nothing */
1115 REQUIRE(context != (isc_sha512_t *)0 && data != (isc_uint8_t*)0);
1117 usedspace = (unsigned int)((context->bitcount[0] >> 3) %
1118 ISC_SHA512_BLOCK_LENGTH);
1119 if (usedspace > 0) {
1120 /* Calculate how much free space is available in the buffer */
1121 freespace = ISC_SHA512_BLOCK_LENGTH - usedspace;
1123 if (len >= freespace) {
1124 /* Fill the buffer completely and process it */
1125 memcpy(&context->buffer[usedspace], data, freespace);
1126 ADDINC128(context->bitcount, freespace << 3);
1129 isc_sha512_transform(context,
1130 (isc_uint64_t*)context->buffer);
1132 /* The buffer is not yet full */
1133 memcpy(&context->buffer[usedspace], data, len);
1134 ADDINC128(context->bitcount, len << 3);
1136 usedspace = freespace = 0;
1137 /* Avoid compiler warnings: */
1138 POST(usedspace); POST(freespace);
1142 while (len >= ISC_SHA512_BLOCK_LENGTH) {
1143 /* Process as many complete blocks as we can */
1144 memcpy(context->buffer, data, ISC_SHA512_BLOCK_LENGTH);
1145 isc_sha512_transform(context, (isc_uint64_t*)context->buffer);
1146 ADDINC128(context->bitcount, ISC_SHA512_BLOCK_LENGTH << 3);
1147 len -= ISC_SHA512_BLOCK_LENGTH;
1148 data += ISC_SHA512_BLOCK_LENGTH;
1151 /* There's left-overs, so save 'em */
1152 memcpy(context->buffer, data, len);
1153 ADDINC128(context->bitcount, len << 3);
1156 usedspace = freespace = 0;
1157 /* Avoid compiler warnings: */
1158 POST(usedspace); POST(freespace);
1161 void isc_sha512_last(isc_sha512_t *context) {
1162 unsigned int usedspace;
1164 usedspace = (unsigned int)((context->bitcount[0] >> 3) %
1165 ISC_SHA512_BLOCK_LENGTH);
1166 #if BYTE_ORDER == LITTLE_ENDIAN
1167 /* Convert FROM host byte order */
1168 REVERSE64(context->bitcount[0],context->bitcount[0]);
1169 REVERSE64(context->bitcount[1],context->bitcount[1]);
1171 if (usedspace > 0) {
1172 /* Begin padding with a 1 bit: */
1173 context->buffer[usedspace++] = 0x80;
1175 if (usedspace <= ISC_SHA512_SHORT_BLOCK_LENGTH) {
1176 /* Set-up for the last transform: */
1177 memset(&context->buffer[usedspace], 0,
1178 ISC_SHA512_SHORT_BLOCK_LENGTH - usedspace);
1180 if (usedspace < ISC_SHA512_BLOCK_LENGTH) {
1181 memset(&context->buffer[usedspace], 0,
1182 ISC_SHA512_BLOCK_LENGTH - usedspace);
1184 /* Do second-to-last transform: */
1185 isc_sha512_transform(context,
1186 (isc_uint64_t*)context->buffer);
1188 /* And set-up for the last transform: */
1189 memset(context->buffer, 0, ISC_SHA512_BLOCK_LENGTH - 2);
1192 /* Prepare for final transform: */
1193 memset(context->buffer, 0, ISC_SHA512_SHORT_BLOCK_LENGTH);
1195 /* Begin padding with a 1 bit: */
1196 *context->buffer = 0x80;
1198 /* Store the length of input data (in bits): */
1199 *(isc_uint64_t*)&context->buffer[ISC_SHA512_SHORT_BLOCK_LENGTH] = context->bitcount[1];
1200 *(isc_uint64_t*)&context->buffer[ISC_SHA512_SHORT_BLOCK_LENGTH+8] = context->bitcount[0];
1202 /* Final transform: */
1203 isc_sha512_transform(context, (isc_uint64_t*)context->buffer);
1206 void isc_sha512_final(isc_uint8_t digest[], isc_sha512_t *context) {
1207 isc_uint64_t *d = (isc_uint64_t*)digest;
1210 REQUIRE(context != (isc_sha512_t *)0);
1212 /* If no digest buffer is passed, we don't bother doing this: */
1213 if (digest != (isc_uint8_t*)0) {
1214 isc_sha512_last(context);
1216 /* Save the hash data for output: */
1217 #if BYTE_ORDER == LITTLE_ENDIAN
1219 /* Convert TO host byte order */
1221 for (j = 0; j < 8; j++) {
1222 REVERSE64(context->state[j],context->state[j]);
1223 *d++ = context->state[j];
1227 memcpy(d, context->state, ISC_SHA512_DIGESTLENGTH);
1231 /* Zero out state data */
1232 memset(context, 0, sizeof(*context));
1236 /*** SHA-384: *********************************************************/
1238 isc_sha384_init(isc_sha384_t *context) {
1239 if (context == (isc_sha384_t *)0) {
1242 memcpy(context->state, sha384_initial_hash_value,
1243 ISC_SHA512_DIGESTLENGTH);
1244 memset(context->buffer, 0, ISC_SHA384_BLOCK_LENGTH);
1245 context->bitcount[0] = context->bitcount[1] = 0;
1249 isc_sha384_invalidate(isc_sha384_t *context) {
1250 memset(context, 0, sizeof(isc_sha384_t));
1254 isc_sha384_update(isc_sha384_t *context, const isc_uint8_t* data, size_t len) {
1255 isc_sha512_update((isc_sha512_t *)context, data, len);
1259 isc_sha384_final(isc_uint8_t digest[], isc_sha384_t *context) {
1260 isc_uint64_t *d = (isc_uint64_t*)digest;
1263 REQUIRE(context != (isc_sha384_t *)0);
1265 /* If no digest buffer is passed, we don't bother doing this: */
1266 if (digest != (isc_uint8_t*)0) {
1267 isc_sha512_last((isc_sha512_t *)context);
1269 /* Save the hash data for output: */
1270 #if BYTE_ORDER == LITTLE_ENDIAN
1272 /* Convert TO host byte order */
1274 for (j = 0; j < 6; j++) {
1275 REVERSE64(context->state[j],context->state[j]);
1276 *d++ = context->state[j];
1280 memcpy(d, context->state, ISC_SHA384_DIGESTLENGTH);
1284 /* Zero out state data */
1285 memset(context, 0, sizeof(*context));
1287 #endif /* !ISC_PLATFORM_OPENSSLHASH */
1290 * Constant used by SHA256/384/512_End() functions for converting the
1291 * digest to a readable hexadecimal character string:
1293 static const char *sha2_hex_digits = "0123456789abcdef";
1296 isc_sha224_end(isc_sha224_t *context, char buffer[]) {
1297 isc_uint8_t digest[ISC_SHA224_DIGESTLENGTH], *d = digest;
1301 REQUIRE(context != (isc_sha224_t *)0);
1303 if (buffer != (char*)0) {
1304 isc_sha224_final(digest, context);
1306 for (i = 0; i < ISC_SHA224_DIGESTLENGTH; i++) {
1307 *buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4];
1308 *buffer++ = sha2_hex_digits[*d & 0x0f];
1313 #ifdef ISC_PLATFORM_OPENSSLHASH
1314 EVP_MD_CTX_cleanup(context);
1316 memset(context, 0, sizeof(*context));
1319 memset(digest, 0, ISC_SHA224_DIGESTLENGTH);
1324 isc_sha224_data(const isc_uint8_t *data, size_t len,
1325 char digest[ISC_SHA224_DIGESTSTRINGLENGTH])
1327 isc_sha224_t context;
1329 isc_sha224_init(&context);
1330 isc_sha224_update(&context, data, len);
1331 return (isc_sha224_end(&context, digest));
1335 isc_sha256_end(isc_sha256_t *context, char buffer[]) {
1336 isc_uint8_t digest[ISC_SHA256_DIGESTLENGTH], *d = digest;
1340 REQUIRE(context != (isc_sha256_t *)0);
1342 if (buffer != (char*)0) {
1343 isc_sha256_final(digest, context);
1345 for (i = 0; i < ISC_SHA256_DIGESTLENGTH; i++) {
1346 *buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4];
1347 *buffer++ = sha2_hex_digits[*d & 0x0f];
1352 #ifdef ISC_PLATFORM_OPENSSLHASH
1353 EVP_MD_CTX_cleanup(context);
1355 memset(context, 0, sizeof(*context));
1358 memset(digest, 0, ISC_SHA256_DIGESTLENGTH);
1363 isc_sha256_data(const isc_uint8_t* data, size_t len,
1364 char digest[ISC_SHA256_DIGESTSTRINGLENGTH])
1366 isc_sha256_t context;
1368 isc_sha256_init(&context);
1369 isc_sha256_update(&context, data, len);
1370 return (isc_sha256_end(&context, digest));
1374 isc_sha512_end(isc_sha512_t *context, char buffer[]) {
1375 isc_uint8_t digest[ISC_SHA512_DIGESTLENGTH], *d = digest;
1379 REQUIRE(context != (isc_sha512_t *)0);
1381 if (buffer != (char*)0) {
1382 isc_sha512_final(digest, context);
1384 for (i = 0; i < ISC_SHA512_DIGESTLENGTH; i++) {
1385 *buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4];
1386 *buffer++ = sha2_hex_digits[*d & 0x0f];
1391 #ifdef ISC_PLATFORM_OPENSSLHASH
1392 EVP_MD_CTX_cleanup(context);
1394 memset(context, 0, sizeof(*context));
1397 memset(digest, 0, ISC_SHA512_DIGESTLENGTH);
1402 isc_sha512_data(const isc_uint8_t *data, size_t len,
1403 char digest[ISC_SHA512_DIGESTSTRINGLENGTH])
1405 isc_sha512_t context;
1407 isc_sha512_init(&context);
1408 isc_sha512_update(&context, data, len);
1409 return (isc_sha512_end(&context, digest));
1413 isc_sha384_end(isc_sha384_t *context, char buffer[]) {
1414 isc_uint8_t digest[ISC_SHA384_DIGESTLENGTH], *d = digest;
1418 REQUIRE(context != (isc_sha384_t *)0);
1420 if (buffer != (char*)0) {
1421 isc_sha384_final(digest, context);
1423 for (i = 0; i < ISC_SHA384_DIGESTLENGTH; i++) {
1424 *buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4];
1425 *buffer++ = sha2_hex_digits[*d & 0x0f];
1430 #ifdef ISC_PLATFORM_OPENSSLHASH
1431 EVP_MD_CTX_cleanup(context);
1433 memset(context, 0, sizeof(*context));
1436 memset(digest, 0, ISC_SHA384_DIGESTLENGTH);
1441 isc_sha384_data(const isc_uint8_t *data, size_t len,
1442 char digest[ISC_SHA384_DIGESTSTRINGLENGTH])
1444 isc_sha384_t context;
1446 isc_sha384_init(&context);
1447 isc_sha384_update(&context, data, len);
1448 return (isc_sha384_end(&context, digest));