Context Navigation

← Previous Revision
Latest Revision
Next Revision →
Normal
Revision Log

source: trunk/minix/drivers/random/sha2.c@ 19

Last change on this file since 19 was 9, checked in by Mattia Monga, 14 years ago
Minix 3.1.2a
File size: 31.8 KB

Rev	Line
[9]	1	/* $FreeBSD: src/sys/crypto/sha2/sha2.c,v 1.2.2.2 2002/03/05 08:36:47 ume Exp $ */
	2	/* $KAME: sha2.c,v 1.8 2001/11/08 01:07:52 itojun Exp $ */
	3
	4	/*
	5	* sha2.c
	6	*
	7	* Version 1.0.0beta1
	8	*
	9	* Written by Aaron D. Gifford <me@aarongifford.com>
	10	*
	11	* Copyright 2000 Aaron D. Gifford. All rights reserved.
	12	*
	13	* Redistribution and use in source and binary forms, with or without
	14	* modification, are permitted provided that the following conditions
	15	* are met:
	16	* 1. Redistributions of source code must retain the above copyright
	17	* notice, this list of conditions and the following disclaimer.
	18	* 2. Redistributions in binary form must reproduce the above copyright
	19	* notice, this list of conditions and the following disclaimer in the
	20	* documentation and/or other materials provided with the distribution.
	21	* 3. Neither the name of the copyright holder nor the names of contributors
	22	* may be used to endorse or promote products derived from this software
	23	* without specific prior written permission.
	24	*
	25	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) AND CONTRIBUTOR(S) ``AS IS'' AND
	26	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	27	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
	28	* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR(S) OR CONTRIBUTOR(S) BE LIABLE
	29	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
	30	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
	31	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	32	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
	33	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
	34	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
	35	* SUCH DAMAGE.
	36	*
	37	*/
	38
	39	#include <sys/types.h>
	40	/* #include <sys/time.h> */
	41	/* #include <sys/systm.h> */
	42	/* #include <machine/endian.h> */
	43	#include "sha2.h"
	44
	45	/*
	46	* ASSERT NOTE:
	47	* Some sanity checking code is included using assert(). On my FreeBSD
	48	* system, this additional code can be removed by compiling with NDEBUG
	49	* defined. Check your own systems manpage on assert() to see how to
	50	* compile WITHOUT the sanity checking code on your system.
	51	*
	52	* UNROLLED TRANSFORM LOOP NOTE:
	53	* You can define SHA2_UNROLL_TRANSFORM to use the unrolled transform
	54	* loop version for the hash transform rounds (defined using macros
	55	* later in this file). Either define on the command line, for example:
	56	*
	57	* cc -DSHA2_UNROLL_TRANSFORM -o sha2 sha2.c sha2prog.c
	58	*
	59	* or define below:
	60	*
	61	* #define SHA2_UNROLL_TRANSFORM
	62	*
	63	*/
	64
	65	#if defined(__bsdi__) \|\| defined(__FreeBSD__)
	66	#define assert(x)
	67	#endif
	68
	69	/* SHA-256/384/512 Machine Architecture Definitions ***************/
	70	/*
	71	* SHA2_BYTE_ORDER NOTE:
	72	*
	73	* Please make sure that your system defines SHA2_BYTE_ORDER. If your
	74	* architecture is little-endian, make sure it also defines
	75	* SHA2_LITTLE_ENDIAN and that the two (SHA2_BYTE_ORDER and SHA2_LITTLE_ENDIAN) are
	76	* equivilent.
	77	*
	78	* If your system does not define the above, then you can do so by
	79	* hand like this:
	80	*
	81	* #define SHA2_LITTLE_ENDIAN 1234
	82	* #define SHA2_BIG_ENDIAN 4321
	83	*
	84	* And for little-endian machines, add:
	85	*
	86	* #define SHA2_BYTE_ORDER SHA2_LITTLE_ENDIAN
	87	*
	88	* Or for big-endian machines:
	89	*
	90	* #define SHA2_BYTE_ORDER SHA2_BIG_ENDIAN
	91	*
	92	* The FreeBSD machine this was written on defines BYTE_ORDER
	93	* appropriately by including <sys/types.h> (which in turn includes
	94	* <machine/endian.h> where the appropriate definitions are actually
	95	* made).
	96	*/
	97	#if !defined(SHA2_BYTE_ORDER) \|\| (SHA2_BYTE_ORDER != SHA2_LITTLE_ENDIAN && SHA2_BYTE_ORDER != SHA2_BIG_ENDIAN)
	98	#error Define SHA2_BYTE_ORDER to be equal to either SHA2_LITTLE_ENDIAN or SHA2_BIG_ENDIAN
	99	#endif
	100
	101	/*
	102	* Define the followingsha2_* types to types of the correct length on
	103	* the native archtecture. Most BSD systems and Linux define u_intXX_t
	104	* types. Machines with very recent ANSI C headers, can use the
	105	* uintXX_t definintions from inttypes.h by defining SHA2_USE_INTTYPES_H
	106	* during compile or in the sha.h header file.
	107	*
	108	* Machines that support neither u_intXX_t nor inttypes.h's uintXX_t
	109	* will need to define these three typedefs below (and the appropriate
	110	* ones in sha.h too) by hand according to their system architecture.
	111	*
	112	* Thank you, Jun-ichiro itojun Hagino, for suggesting using u_intXX_t
	113	* types and pointing out recent ANSI C support for uintXX_t in inttypes.h.
	114	*/
	115	#if 0 /def SHA2_USE_INTTYPES_H/
	116
	117	typedef uint8_t sha2_byte; /* Exactly 1 byte */
	118	typedef uint32_t sha2_word32; /* Exactly 4 bytes */
	119	typedef uint64_t sha2_word64; /* Exactly 8 bytes */
	120
	121	#else /* SHA2_USE_INTTYPES_H */
	122
	123	typedef u_int8_t sha2_byte; /* Exactly 1 byte */
	124	typedef u_int32_t sha2_word32; /* Exactly 4 bytes */
	125	typedef u_int64_t sha2_word64; /* Exactly 8 bytes */
	126
	127	#endif /* SHA2_USE_INTTYPES_H */
	128
	129	/* SHA-256/384/512 Various Length Definitions *********************/
	130	/* NOTE: Most of these are in sha2.h */
	131	#define SHA256_SHORT_BLOCK_LENGTH (SHA256_BLOCK_LENGTH - 8)
	132	#define SHA384_SHORT_BLOCK_LENGTH (SHA384_BLOCK_LENGTH - 16)
	133	#define SHA512_SHORT_BLOCK_LENGTH (SHA512_BLOCK_LENGTH - 16)
	134
	135	/* ENDIAN REVERSAL MACROS *****************************************/
	136	#if SHA2_BYTE_ORDER == SHA2_LITTLE_ENDIAN
	137	#define REVERSE32(w,x) { \
	138	sha2_word32 tmp = (w); \
	139	tmp = (tmp >> 16) \| (tmp << 16); \
	140	(x) = ((tmp & 0xff00ff00UL) >> 8) \| ((tmp & 0x00ff00ffUL) << 8); \
	141	}
	142	#define REVERSE64(w,x) { \
	143	sha2_word64 tmp = (w); \
	144	tmp = (tmp >> 32) \| (tmp << 32); \
	145	tmp = ((tmp & 0xff00ff00ff00ff00ULL) >> 8) \| \
	146	((tmp & 0x00ff00ff00ff00ffULL) << 8); \
	147	(x) = ((tmp & 0xffff0000ffff0000ULL) >> 16) \| \
	148	((tmp & 0x0000ffff0000ffffULL) << 16); \
	149	}
	150	#if MINIX_64BIT
	151	#undef REVERSE64
	152	#define REVERSE64(w,x) { \
	153	u32_t hi, lo; \
	154	REVERSE32(ex64hi((w)), lo); \
	155	REVERSE32(ex64lo((w)), hi); \
	156	(x) = make64(lo, hi); \
	157	}
	158	#endif /* MINIX_64BIT */
	159	#endif /* SHA2_BYTE_ORDER == SHA2_LITTLE_ENDIAN */
	160
	161	/*
	162	* Macro for incrementally adding the unsigned 64-bit integer n to the
	163	* unsigned 128-bit integer (represented using a two-element array of
	164	* 64-bit words):
	165	*/
	166	#define ADDINC128(w,n) { \
	167	(w)[0] += (sha2_word64)(n); \
	168	if ((w)[0] < (n)) { \
	169	(w)[1]++; \
	170	} \
	171	}
	172
	173	/* THE SIX LOGICAL FUNCTIONS **************************************/
	174	/*
	175	* Bit shifting and rotation (used by the six SHA-XYZ logical functions:
	176	*
	177	* NOTE: The naming of R and S appears backwards here (R is a SHIFT and
	178	* S is a ROTATION) because the SHA-256/384/512 description document
	179	* (see http://csrc.nist.gov/cryptval/shs/sha256-384-512.pdf) uses this
	180	* same "backwards" definition.
	181	*/
	182	/* Shift-right (used in SHA-256, SHA-384, and SHA-512): */
	183	#define R(b,x) ((x) >> (b))
	184	/* 32-bit Rotate-right (used in SHA-256): */
	185	#define S32(b,x) (((x) >> (b)) \| ((x) << (32 - (b))))
	186	/* 64-bit Rotate-right (used in SHA-384 and SHA-512): */
	187	#define S64(b,x) (((x) >> (b)) \| ((x) << (64 - (b))))
	188
	189	/* Two of six logical functions used in SHA-256, SHA-384, and SHA-512: */
	190	#define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z)))
	191	#define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
	192
	193	/* Four of six logical functions used in SHA-256: */
	194	#define Sigma0_256(x) (S32(2, (x)) ^ S32(13, (x)) ^ S32(22, (x)))
	195	#define Sigma1_256(x) (S32(6, (x)) ^ S32(11, (x)) ^ S32(25, (x)))
	196	#define sigma0_256(x) (S32(7, (x)) ^ S32(18, (x)) ^ R(3 , (x)))
	197	#define sigma1_256(x) (S32(17, (x)) ^ S32(19, (x)) ^ R(10, (x)))
	198
	199	/* Four of six logical functions used in SHA-384 and SHA-512: */
	200	#define Sigma0_512(x) (S64(28, (x)) ^ S64(34, (x)) ^ S64(39, (x)))
	201	#define Sigma1_512(x) (S64(14, (x)) ^ S64(18, (x)) ^ S64(41, (x)))
	202	#define sigma0_512(x) (S64( 1, (x)) ^ S64( 8, (x)) ^ R( 7, (x)))
	203	#define sigma1_512(x) (S64(19, (x)) ^ S64(61, (x)) ^ R( 6, (x)))
	204
	205	/* INTERNAL FUNCTION PROTOTYPES ***********************************/
	206	/* NOTE: These should not be accessed directly from outside this
	207	* library -- they are intended for private internal visibility/use
	208	* only.
	209	*/
	210	void SHA512_Last(SHA512_CTX*);
	211	void SHA256_Transform(SHA256_CTX, const sha2_word32);
	212	void SHA512_Transform(SHA512_CTX, const sha2_word64);
	213
	214	/* SHA-XYZ INITIAL HASH VALUES AND CONSTANTS **********************/
	215	/* Hash constant words K for SHA-256: */
	216	const static sha2_word32 K256[64] = {
	217	0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL,
	218	0x3956c25bUL, 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL,
	219	0xd807aa98UL, 0x12835b01UL, 0x243185beUL, 0x550c7dc3UL,
	220	0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL, 0xc19bf174UL,
	221	0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL,
	222	0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL,
	223	0x983e5152UL, 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL,
	224	0xc6e00bf3UL, 0xd5a79147UL, 0x06ca6351UL, 0x14292967UL,
	225	0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL, 0x53380d13UL,
	226	0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL,
	227	0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL,
	228	0xd192e819UL, 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL,
	229	0x19a4c116UL, 0x1e376c08UL, 0x2748774cUL, 0x34b0bcb5UL,
	230	0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL, 0x682e6ff3UL,
	231	0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL,
	232	0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL
	233	};
	234
	235	/* Initial hash value H for SHA-256: */
	236	const static sha2_word32 sha256_initial_hash_value[8] = {
	237	0x6a09e667UL,
	238	0xbb67ae85UL,
	239	0x3c6ef372UL,
	240	0xa54ff53aUL,
	241	0x510e527fUL,
	242	0x9b05688cUL,
	243	0x1f83d9abUL,
	244	0x5be0cd19UL
	245	};
	246
	247	#if !NO_64BIT
	248	/* Hash constant words K for SHA-384 and SHA-512: */
	249	const static sha2_word64 K512[80] = {
	250	0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL,
	251	0xb5c0fbcfec4d3b2fULL, 0xe9b5dba58189dbbcULL,
	252	0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL,
	253	0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL,
	254	0xd807aa98a3030242ULL, 0x12835b0145706fbeULL,
	255	0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL,
	256	0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL,
	257	0x9bdc06a725c71235ULL, 0xc19bf174cf692694ULL,
	258	0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL,
	259	0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL,
	260	0x2de92c6f592b0275ULL, 0x4a7484aa6ea6e483ULL,
	261	0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL,
	262	0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL,
	263	0xb00327c898fb213fULL, 0xbf597fc7beef0ee4ULL,
	264	0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL,
	265	0x06ca6351e003826fULL, 0x142929670a0e6e70ULL,
	266	0x27b70a8546d22ffcULL, 0x2e1b21385c26c926ULL,
	267	0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL,
	268	0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL,
	269	0x81c2c92e47edaee6ULL, 0x92722c851482353bULL,
	270	0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL,
	271	0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL,
	272	0xd192e819d6ef5218ULL, 0xd69906245565a910ULL,
	273	0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL,
	274	0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL,
	275	0x2748774cdf8eeb99ULL, 0x34b0bcb5e19b48a8ULL,
	276	0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL,
	277	0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL,
	278	0x748f82ee5defb2fcULL, 0x78a5636f43172f60ULL,
	279	0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL,
	280	0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL,
	281	0xbef9a3f7b2c67915ULL, 0xc67178f2e372532bULL,
	282	0xca273eceea26619cULL, 0xd186b8c721c0c207ULL,
	283	0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL,
	284	0x06f067aa72176fbaULL, 0x0a637dc5a2c898a6ULL,
	285	0x113f9804bef90daeULL, 0x1b710b35131c471bULL,
	286	0x28db77f523047d84ULL, 0x32caab7b40c72493ULL,
	287	0x3c9ebe0a15c9bebcULL, 0x431d67c49c100d4cULL,
	288	0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL,
	289	0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL
	290	};
	291
	292	/* Initial hash value H for SHA-384 */
	293	const static sha2_word64 sha384_initial_hash_value[8] = {
	294	0xcbbb9d5dc1059ed8ULL,
	295	0x629a292a367cd507ULL,
	296	0x9159015a3070dd17ULL,
	297	0x152fecd8f70e5939ULL,
	298	0x67332667ffc00b31ULL,
	299	0x8eb44a8768581511ULL,
	300	0xdb0c2e0d64f98fa7ULL,
	301	0x47b5481dbefa4fa4ULL
	302	};
	303
	304	/* Initial hash value H for SHA-512 */
	305	const static sha2_word64 sha512_initial_hash_value[8] = {
	306	0x6a09e667f3bcc908ULL,
	307	0xbb67ae8584caa73bULL,
	308	0x3c6ef372fe94f82bULL,
	309	0xa54ff53a5f1d36f1ULL,
	310	0x510e527fade682d1ULL,
	311	0x9b05688c2b3e6c1fULL,
	312	0x1f83d9abfb41bd6bULL,
	313	0x5be0cd19137e2179ULL
	314	};
	315	#endif /* !NO_64BIT */
	316
	317	/*
	318	* Constant used by SHA256/384/512_End() functions for converting the
	319	* digest to a readable hexadecimal character string:
	320	*/
	321	static const char *sha2_hex_digits = "0123456789abcdef";
	322
	323	/* SHA-256: *******************************************************/
	324	void SHA256_Init(SHA256_CTX* context) {
	325	if (context == (SHA256_CTX*)0) {
	326	return;
	327	}
	328	bcopy(sha256_initial_hash_value, context->state, SHA256_DIGEST_LENGTH);
	329	bzero(context->buffer, SHA256_BLOCK_LENGTH);
	330	#if MINIX_64BIT
	331	context->bitcount= cvu64(0);
	332	#else /* !MINIX_64BIT */
	333	context->bitcount = 0;
	334	#endif /* MINIX_64BIT */
	335	}
	336
	337	#ifdef SHA2_UNROLL_TRANSFORM
	338
	339	/* Unrolled SHA-256 round macros: */
	340
	341	#if SHA2_BYTE_ORDER == SHA2_LITTLE_ENDIAN
	342
	343	#define ROUND256_0_TO_15(a,b,c,d,e,f,g,h) \
	344	REVERSE32(*data++, W256[j]); \
	345	T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + \
	346	K256[j] + W256[j]; \
	347	(d) += T1; \
	348	(h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \
	349	j++
	350
	351	#else /* SHA2_BYTE_ORDER == SHA2_LITTLE_ENDIAN */
	352
	353	#define ROUND256_0_TO_15(a,b,c,d,e,f,g,h) \
	354	T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + \
	355	K256[j] + (W256[j] = *data++); \
	356	(d) += T1; \
	357	(h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \
	358	j++
	359
	360	#endif /* SHA2_BYTE_ORDER == SHA2_LITTLE_ENDIAN */
	361
	362	#define ROUND256(a,b,c,d,e,f,g,h) \
	363	s0 = W256[(j+1)&0x0f]; \
	364	s0 = sigma0_256(s0); \
	365	s1 = W256[(j+14)&0x0f]; \
	366	s1 = sigma1_256(s1); \
	367	T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + K256[j] + \
	368	(W256[j&0x0f] += s1 + W256[(j+9)&0x0f] + s0); \
	369	(d) += T1; \
	370	(h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \
	371	j++
	372
	373	void SHA256_Transform(SHA256_CTX* context, const sha2_word32* data) {
	374	sha2_word32 a, b, c, d, e, f, g, h, s0, s1;
	375	sha2_word32 T1, *W256;
	376	int j;
	377
	378	W256 = (sha2_word32*)context->buffer;
	379
	380	/* Initialize registers with the prev. intermediate value */
	381	a = context->state[0];
	382	b = context->state[1];
	383	c = context->state[2];
	384	d = context->state[3];
	385	e = context->state[4];
	386	f = context->state[5];
	387	g = context->state[6];
	388	h = context->state[7];
	389
	390	j = 0;
	391	do {
	392	/* Rounds 0 to 15 (unrolled): */
	393	ROUND256_0_TO_15(a,b,c,d,e,f,g,h);
	394	ROUND256_0_TO_15(h,a,b,c,d,e,f,g);
	395	ROUND256_0_TO_15(g,h,a,b,c,d,e,f);
	396	ROUND256_0_TO_15(f,g,h,a,b,c,d,e);
	397	ROUND256_0_TO_15(e,f,g,h,a,b,c,d);
	398	ROUND256_0_TO_15(d,e,f,g,h,a,b,c);
	399	ROUND256_0_TO_15(c,d,e,f,g,h,a,b);
	400	ROUND256_0_TO_15(b,c,d,e,f,g,h,a);
	401	} while (j < 16);
	402
	403	/* Now for the remaining rounds to 64: */
	404	do {
	405	ROUND256(a,b,c,d,e,f,g,h);
	406	ROUND256(h,a,b,c,d,e,f,g);
	407	ROUND256(g,h,a,b,c,d,e,f);
	408	ROUND256(f,g,h,a,b,c,d,e);
	409	ROUND256(e,f,g,h,a,b,c,d);
	410	ROUND256(d,e,f,g,h,a,b,c);
	411	ROUND256(c,d,e,f,g,h,a,b);
	412	ROUND256(b,c,d,e,f,g,h,a);
	413	} while (j < 64);
	414
	415	/* Compute the current intermediate hash value */
	416	context->state[0] += a;
	417	context->state[1] += b;
	418	context->state[2] += c;
	419	context->state[3] += d;
	420	context->state[4] += e;
	421	context->state[5] += f;
	422	context->state[6] += g;
	423	context->state[7] += h;
	424
	425	/* Clean up */
	426	a = b = c = d = e = f = g = h = T1 = 0;
	427	}
	428
	429	#else /* SHA2_UNROLL_TRANSFORM */
	430
	431	void SHA256_Transform(SHA256_CTX* context, const sha2_word32* data) {
	432	sha2_word32 a, b, c, d, e, f, g, h, s0, s1;
	433	sha2_word32 T1, T2, *W256;
	434	int j;
	435
	436	W256 = (sha2_word32*)context->buffer;
	437
	438	/* Initialize registers with the prev. intermediate value */
	439	a = context->state[0];
	440	b = context->state[1];
	441	c = context->state[2];
	442	d = context->state[3];
	443	e = context->state[4];
	444	f = context->state[5];
	445	g = context->state[6];
	446	h = context->state[7];
	447
	448	j = 0;
	449	do {
	450	#if SHA2_BYTE_ORDER == SHA2_LITTLE_ENDIAN
	451	/* Copy data while converting to host byte order */
	452	REVERSE32(*data++,W256[j]);
	453	/* Apply the SHA-256 compression function to update a..h */
	454	T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + W256[j];
	455	#else /* SHA2_BYTE_ORDER == SHA2_LITTLE_ENDIAN */
	456	/* Apply the SHA-256 compression function to update a..h with copy */
	457	T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + (W256[j] = *data++);
	458	#endif /* SHA2_BYTE_ORDER == SHA2_LITTLE_ENDIAN */
	459	T2 = Sigma0_256(a) + Maj(a, b, c);
	460	h = g;
	461	g = f;
	462	f = e;
	463	e = d + T1;
	464	d = c;
	465	c = b;
	466	b = a;
	467	a = T1 + T2;
	468
	469	j++;
	470	} while (j < 16);
	471
	472	do {
	473	/* Part of the message block expansion: */
	474	s0 = W256[(j+1)&0x0f];
	475	s0 = sigma0_256(s0);
	476	s1 = W256[(j+14)&0x0f];
	477	s1 = sigma1_256(s1);
	478
	479	/* Apply the SHA-256 compression function to update a..h */
	480	T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] +
	481	(W256[j&0x0f] += s1 + W256[(j+9)&0x0f] + s0);
	482	T2 = Sigma0_256(a) + Maj(a, b, c);
	483	h = g;
	484	g = f;
	485	f = e;
	486	e = d + T1;
	487	d = c;
	488	c = b;
	489	b = a;
	490	a = T1 + T2;
	491
	492	j++;
	493	} while (j < 64);
	494
	495	/* Compute the current intermediate hash value */
	496	context->state[0] += a;
	497	context->state[1] += b;
	498	context->state[2] += c;
	499	context->state[3] += d;
	500	context->state[4] += e;
	501	context->state[5] += f;
	502	context->state[6] += g;
	503	context->state[7] += h;
	504
	505	/* Clean up */
	506	a = b = c = d = e = f = g = h = T1 = T2 = 0;
	507	}
	508
	509	#endif /* SHA2_UNROLL_TRANSFORM */
	510
	511	void SHA256_Update(SHA256_CTX* context, const sha2_byte *data, size_t len) {
	512	unsigned int freespace, usedspace;
	513
	514	if (len == 0) {
	515	/* Calling with no data is valid - we do nothing */
	516	return;
	517	}
	518
	519	/* Sanity check: */
	520	assert(context != (SHA256_CTX)0 && data != (sha2_byte)0);
	521
	522	#if MINIX_64BIT
	523	usedspace= rem64u(context->bitcount, SHA256_BLOCK_LENGTH*8)/8;
	524	#else /* !MINIX_64BIT */
	525	usedspace = (context->bitcount >> 3) % SHA256_BLOCK_LENGTH;
	526	#endif /* MINIX_64BIT */
	527	if (usedspace > 0) {
	528	/* Calculate how much free space is available in the buffer */
	529	freespace = SHA256_BLOCK_LENGTH - usedspace;
	530
	531	if (len >= freespace) {
	532	/* Fill the buffer completely and process it */
	533	bcopy(data, &context->buffer[usedspace], freespace);
	534	#if MINIX_64BIT
	535	context->bitcount= add64u(context->bitcount,
	536	freespace << 3);
	537	#else /* !MINIX_64BIT */
	538	context->bitcount += freespace << 3;
	539	#endif /* MINIX_64BIT */
	540	len -= freespace;
	541	data += freespace;
	542	SHA256_Transform(context, (sha2_word32*)context->buffer);
	543	} else {
	544	/* The buffer is not yet full */
	545	bcopy(data, &context->buffer[usedspace], len);
	546	#if MINIX_64BIT
	547	context->bitcount= add64u(context->bitcount, len << 3);
	548	#else /* !MINIX_64BIT */
	549	context->bitcount += len << 3;
	550	#endif /* MINIX_64BIT */
	551	/* Clean up: */
	552	usedspace = freespace = 0;
	553	return;
	554	}
	555	}
	556	while (len >= SHA256_BLOCK_LENGTH) {
	557	/* Process as many complete blocks as we can */
	558	SHA256_Transform(context, (const sha2_word32*)data);
	559	#if MINIX_64BIT
	560	context->bitcount= add64u(context->bitcount,
	561	SHA256_BLOCK_LENGTH << 3);
	562	#else /* !MINIX_64BIT */
	563	context->bitcount += SHA256_BLOCK_LENGTH << 3;
	564	#endif /* MINIX_64BIT */
	565	len -= SHA256_BLOCK_LENGTH;
	566	data += SHA256_BLOCK_LENGTH;
	567	}
	568	if (len > 0) {
	569	/* There's left-overs, so save 'em */
	570	bcopy(data, context->buffer, len);
	571	#if MINIX_64BIT
	572	context->bitcount= add64u(context->bitcount, len << 3);
	573	#else /* !MINIX_64BIT */
	574	context->bitcount += len << 3;
	575	#endif /* MINIX_64BIT */
	576	}
	577	/* Clean up: */
	578	usedspace = freespace = 0;
	579	}
	580
	581	void SHA256_Final(sha2_byte digest[], SHA256_CTX* context) {
	582	sha2_word32 d = (sha2_word32)digest;
	583	unsigned int usedspace;
	584
	585	/* Sanity check: */
	586	assert(context != (SHA256_CTX*)0);
	587
	588	/* If no digest buffer is passed, we don't bother doing this: */
	589	if (digest != (sha2_byte*)0) {
	590	#if MINIX_64BIT
	591	usedspace= rem64u(context->bitcount, SHA256_BLOCK_LENGTH*8)/8;
	592	#else /* !MINIX_64BIT */
	593	usedspace = (context->bitcount >> 3) % SHA256_BLOCK_LENGTH;
	594	#endif /* MINIX_64BIT */
	595	#if SHA2_BYTE_ORDER == SHA2_LITTLE_ENDIAN
	596	/* Convert FROM host byte order */
	597	REVERSE64(context->bitcount,context->bitcount);
	598	#endif
	599	if (usedspace > 0) {
	600	/* Begin padding with a 1 bit: */
	601	context->buffer[usedspace++] = 0x80;
	602
	603	if (usedspace <= SHA256_SHORT_BLOCK_LENGTH) {
	604	/* Set-up for the last transform: */
	605	bzero(&context->buffer[usedspace], SHA256_SHORT_BLOCK_LENGTH - usedspace);
	606	} else {
	607	if (usedspace < SHA256_BLOCK_LENGTH) {
	608	bzero(&context->buffer[usedspace], SHA256_BLOCK_LENGTH - usedspace);
	609	}
	610	/* Do second-to-last transform: */
	611	SHA256_Transform(context, (sha2_word32*)context->buffer);
	612
	613	/* And set-up for the last transform: */
	614	bzero(context->buffer, SHA256_SHORT_BLOCK_LENGTH);
	615	}
	616	} else {
	617	/* Set-up for the last transform: */
	618	bzero(context->buffer, SHA256_SHORT_BLOCK_LENGTH);
	619
	620	/* Begin padding with a 1 bit: */
	621	*context->buffer = 0x80;
	622	}
	623	/* Set the bit count: */
	624	(sha2_word64)&context->buffer[SHA256_SHORT_BLOCK_LENGTH] = context->bitcount;
	625
	626	/* Final transform: */
	627	SHA256_Transform(context, (sha2_word32*)context->buffer);
	628
	629	#if SHA2_BYTE_ORDER == SHA2_LITTLE_ENDIAN
	630	{
	631	/* Convert TO host byte order */
	632	int j;
	633	for (j = 0; j < 8; j++) {
	634	REVERSE32(context->state[j],context->state[j]);
	635	*d++ = context->state[j];
	636	}
	637	}
	638	#else
	639	bcopy(context->state, d, SHA256_DIGEST_LENGTH);
	640	#endif
	641	}
	642
	643	/* Clean up state data: */
	644	bzero(context, sizeof(context));
	645	usedspace = 0;
	646	}
	647
	648	char SHA256_End(SHA256_CTX context, char buffer[]) {
	649	sha2_byte digest[SHA256_DIGEST_LENGTH], *d = digest;
	650	int i;
	651
	652	/* Sanity check: */
	653	assert(context != (SHA256_CTX*)0);
	654
	655	if (buffer != (char*)0) {
	656	SHA256_Final(digest, context);
	657
	658	for (i = 0; i < SHA256_DIGEST_LENGTH; i++) {
	659	buffer++ = sha2_hex_digits[(d & 0xf0) >> 4];
	660	buffer++ = sha2_hex_digits[d & 0x0f];
	661	d++;
	662	}
	663	*buffer = (char)0;
	664	} else {
	665	bzero(context, sizeof(context));
	666	}
	667	bzero(digest, SHA256_DIGEST_LENGTH);
	668	return buffer;
	669	}
	670
	671	char* SHA256_Data(const sha2_byte* data, size_t len, char digest[SHA256_DIGEST_STRING_LENGTH]) {
	672	SHA256_CTX context;
	673
	674	SHA256_Init(&context);
	675	SHA256_Update(&context, data, len);
	676	return SHA256_End(&context, digest);
	677	}
	678
	679	#if !NO_64BIT
	680
	681	/* SHA-512: *******************************************************/
	682	void SHA512_Init(SHA512_CTX* context) {
	683	if (context == (SHA512_CTX*)0) {
	684	return;
	685	}
	686	bcopy(sha512_initial_hash_value, context->state, SHA512_DIGEST_LENGTH);
	687	bzero(context->buffer, SHA512_BLOCK_LENGTH);
	688	context->bitcount[0] = context->bitcount[1] = 0;
	689	}
	690
	691	#ifdef SHA2_UNROLL_TRANSFORM
	692
	693	/* Unrolled SHA-512 round macros: */
	694	#if SHA2_BYTE_ORDER == SHA2_LITTLE_ENDIAN
	695
	696	#define ROUND512_0_TO_15(a,b,c,d,e,f,g,h) \
	697	REVERSE64(*data++, W512[j]); \
	698	T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + \
	699	K512[j] + W512[j]; \
	700	(d) += T1, \
	701	(h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)), \
	702	j++
	703
	704	#else /* SHA2_BYTE_ORDER == SHA2_LITTLE_ENDIAN */
	705
	706	#define ROUND512_0_TO_15(a,b,c,d,e,f,g,h) \
	707	T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + \
	708	K512[j] + (W512[j] = *data++); \
	709	(d) += T1; \
	710	(h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)); \
	711	j++
	712
	713	#endif /* SHA2_BYTE_ORDER == SHA2_LITTLE_ENDIAN */
	714
	715	#define ROUND512(a,b,c,d,e,f,g,h) \
	716	s0 = W512[(j+1)&0x0f]; \
	717	s0 = sigma0_512(s0); \
	718	s1 = W512[(j+14)&0x0f]; \
	719	s1 = sigma1_512(s1); \
	720	T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + K512[j] + \
	721	(W512[j&0x0f] += s1 + W512[(j+9)&0x0f] + s0); \
	722	(d) += T1; \
	723	(h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)); \
	724	j++
	725
	726	void SHA512_Transform(SHA512_CTX* context, const sha2_word64* data) {
	727	sha2_word64 a, b, c, d, e, f, g, h, s0, s1;
	728	sha2_word64 T1, W512 = (sha2_word64)context->buffer;
	729	int j;
	730
	731	/* Initialize registers with the prev. intermediate value */
	732	a = context->state[0];
	733	b = context->state[1];
	734	c = context->state[2];
	735	d = context->state[3];
	736	e = context->state[4];
	737	f = context->state[5];
	738	g = context->state[6];
	739	h = context->state[7];
	740
	741	j = 0;
	742	do {
	743	ROUND512_0_TO_15(a,b,c,d,e,f,g,h);
	744	ROUND512_0_TO_15(h,a,b,c,d,e,f,g);
	745	ROUND512_0_TO_15(g,h,a,b,c,d,e,f);
	746	ROUND512_0_TO_15(f,g,h,a,b,c,d,e);
	747	ROUND512_0_TO_15(e,f,g,h,a,b,c,d);
	748	ROUND512_0_TO_15(d,e,f,g,h,a,b,c);
	749	ROUND512_0_TO_15(c,d,e,f,g,h,a,b);
	750	ROUND512_0_TO_15(b,c,d,e,f,g,h,a);
	751	} while (j < 16);
	752
	753	/* Now for the remaining rounds up to 79: */
	754	do {
	755	ROUND512(a,b,c,d,e,f,g,h);
	756	ROUND512(h,a,b,c,d,e,f,g);
	757	ROUND512(g,h,a,b,c,d,e,f);
	758	ROUND512(f,g,h,a,b,c,d,e);
	759	ROUND512(e,f,g,h,a,b,c,d);
	760	ROUND512(d,e,f,g,h,a,b,c);
	761	ROUND512(c,d,e,f,g,h,a,b);
	762	ROUND512(b,c,d,e,f,g,h,a);
	763	} while (j < 80);
	764
	765	/* Compute the current intermediate hash value */
	766	context->state[0] += a;
	767	context->state[1] += b;
	768	context->state[2] += c;
	769	context->state[3] += d;
	770	context->state[4] += e;
	771	context->state[5] += f;
	772	context->state[6] += g;
	773	context->state[7] += h;
	774
	775	/* Clean up */
	776	a = b = c = d = e = f = g = h = T1 = 0;
	777	}
	778
	779	#else /* SHA2_UNROLL_TRANSFORM */
	780
	781	void SHA512_Transform(SHA512_CTX* context, const sha2_word64* data) {
	782	sha2_word64 a, b, c, d, e, f, g, h, s0, s1;
	783	sha2_word64 T1, T2, W512 = (sha2_word64)context->buffer;
	784	int j;
	785
	786	/* Initialize registers with the prev. intermediate value */
	787	a = context->state[0];
	788	b = context->state[1];
	789	c = context->state[2];
	790	d = context->state[3];
	791	e = context->state[4];
	792	f = context->state[5];
	793	g = context->state[6];
	794	h = context->state[7];
	795
	796	j = 0;
	797	do {
	798	#if SHA2_BYTE_ORDER == SHA2_LITTLE_ENDIAN
	799	/* Convert TO host byte order */
	800	REVERSE64(*data++, W512[j]);
	801	/* Apply the SHA-512 compression function to update a..h */
	802	T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + W512[j];
	803	#else /* SHA2_BYTE_ORDER == SHA2_LITTLE_ENDIAN */
	804	/* Apply the SHA-512 compression function to update a..h with copy */
	805	T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + (W512[j] = *data++);
	806	#endif /* SHA2_BYTE_ORDER == SHA2_LITTLE_ENDIAN */
	807	T2 = Sigma0_512(a) + Maj(a, b, c);
	808	h = g;
	809	g = f;
	810	f = e;
	811	e = d + T1;
	812	d = c;
	813	c = b;
	814	b = a;
	815	a = T1 + T2;
	816
	817	j++;
	818	} while (j < 16);
	819
	820	do {
	821	/* Part of the message block expansion: */
	822	s0 = W512[(j+1)&0x0f];
	823	s0 = sigma0_512(s0);
	824	s1 = W512[(j+14)&0x0f];
	825	s1 = sigma1_512(s1);
	826
	827	/* Apply the SHA-512 compression function to update a..h */
	828	T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] +
	829	(W512[j&0x0f] += s1 + W512[(j+9)&0x0f] + s0);
	830	T2 = Sigma0_512(a) + Maj(a, b, c);
	831	h = g;
	832	g = f;
	833	f = e;
	834	e = d + T1;
	835	d = c;
	836	c = b;
	837	b = a;
	838	a = T1 + T2;
	839
	840	j++;
	841	} while (j < 80);
	842
	843	/* Compute the current intermediate hash value */
	844	context->state[0] += a;
	845	context->state[1] += b;
	846	context->state[2] += c;
	847	context->state[3] += d;
	848	context->state[4] += e;
	849	context->state[5] += f;
	850	context->state[6] += g;
	851	context->state[7] += h;
	852
	853	/* Clean up */
	854	a = b = c = d = e = f = g = h = T1 = T2 = 0;
	855	}
	856
	857	#endif /* SHA2_UNROLL_TRANSFORM */
	858
	859	void SHA512_Update(SHA512_CTX* context, const sha2_byte *data, size_t len) {
	860	unsigned int freespace, usedspace;
	861
	862	if (len == 0) {
	863	/* Calling with no data is valid - we do nothing */
	864	return;
	865	}
	866
	867	/* Sanity check: */
	868	assert(context != (SHA512_CTX)0 && data != (sha2_byte)0);
	869
	870	usedspace = (context->bitcount[0] >> 3) % SHA512_BLOCK_LENGTH;
	871	if (usedspace > 0) {
	872	/* Calculate how much free space is available in the buffer */
	873	freespace = SHA512_BLOCK_LENGTH - usedspace;
	874
	875	if (len >= freespace) {
	876	/* Fill the buffer completely and process it */
	877	bcopy(data, &context->buffer[usedspace], freespace);
	878	ADDINC128(context->bitcount, freespace << 3);
	879	len -= freespace;
	880	data += freespace;
	881	SHA512_Transform(context, (sha2_word64*)context->buffer);
	882	} else {
	883	/* The buffer is not yet full */
	884	bcopy(data, &context->buffer[usedspace], len);
	885	ADDINC128(context->bitcount, len << 3);
	886	/* Clean up: */
	887	usedspace = freespace = 0;
	888	return;
	889	}
	890	}
	891	while (len >= SHA512_BLOCK_LENGTH) {
	892	/* Process as many complete blocks as we can */
	893	SHA512_Transform(context, (const sha2_word64*)data);
	894	ADDINC128(context->bitcount, SHA512_BLOCK_LENGTH << 3);
	895	len -= SHA512_BLOCK_LENGTH;
	896	data += SHA512_BLOCK_LENGTH;
	897	}
	898	if (len > 0) {
	899	/* There's left-overs, so save 'em */
	900	bcopy(data, context->buffer, len);
	901	ADDINC128(context->bitcount, len << 3);
	902	}
	903	/* Clean up: */
	904	usedspace = freespace = 0;
	905	}
	906
	907	void SHA512_Last(SHA512_CTX* context) {
	908	unsigned int usedspace;
	909
	910	usedspace = (context->bitcount[0] >> 3) % SHA512_BLOCK_LENGTH;
	911	#if SHA2_BYTE_ORDER == SHA2_LITTLE_ENDIAN
	912	/* Convert FROM host byte order */
	913	REVERSE64(context->bitcount[0],context->bitcount[0]);
	914	REVERSE64(context->bitcount[1],context->bitcount[1]);
	915	#endif
	916	if (usedspace > 0) {
	917	/* Begin padding with a 1 bit: */
	918	context->buffer[usedspace++] = 0x80;
	919
	920	if (usedspace <= SHA512_SHORT_BLOCK_LENGTH) {
	921	/* Set-up for the last transform: */
	922	bzero(&context->buffer[usedspace], SHA512_SHORT_BLOCK_LENGTH - usedspace);
	923	} else {
	924	if (usedspace < SHA512_BLOCK_LENGTH) {
	925	bzero(&context->buffer[usedspace], SHA512_BLOCK_LENGTH - usedspace);
	926	}
	927	/* Do second-to-last transform: */
	928	SHA512_Transform(context, (sha2_word64*)context->buffer);
	929
	930	/* And set-up for the last transform: */
	931	bzero(context->buffer, SHA512_BLOCK_LENGTH - 2);
	932	}
	933	} else {
	934	/* Prepare for final transform: */
	935	bzero(context->buffer, SHA512_SHORT_BLOCK_LENGTH);
	936
	937	/* Begin padding with a 1 bit: */
	938	*context->buffer = 0x80;
	939	}
	940	/* Store the length of input data (in bits): */
	941	(sha2_word64)&context->buffer[SHA512_SHORT_BLOCK_LENGTH] = context->bitcount[1];
	942	(sha2_word64)&context->buffer[SHA512_SHORT_BLOCK_LENGTH+8] = context->bitcount[0];
	943
	944	/* Final transform: */
	945	SHA512_Transform(context, (sha2_word64*)context->buffer);
	946	}
	947
	948	void SHA512_Final(sha2_byte digest[], SHA512_CTX* context) {
	949	sha2_word64 d = (sha2_word64)digest;
	950
	951	/* Sanity check: */
	952	assert(context != (SHA512_CTX*)0);
	953
	954	/* If no digest buffer is passed, we don't bother doing this: */
	955	if (digest != (sha2_byte*)0) {
	956	SHA512_Last(context);
	957
	958	/* Save the hash data for output: */
	959	#if SHA2_BYTE_ORDER == SHA2_LITTLE_ENDIAN
	960	{
	961	/* Convert TO host byte order */
	962	int j;
	963	for (j = 0; j < 8; j++) {
	964	REVERSE64(context->state[j],context->state[j]);
	965	*d++ = context->state[j];
	966	}
	967	}
	968	#else
	969	bcopy(context->state, d, SHA512_DIGEST_LENGTH);
	970	#endif
	971	}
	972
	973	/* Zero out state data */
	974	bzero(context, sizeof(context));
	975	}
	976
	977	char SHA512_End(SHA512_CTX context, char buffer[]) {
	978	sha2_byte digest[SHA512_DIGEST_LENGTH], *d = digest;
	979	int i;
	980
	981	/* Sanity check: */
	982	assert(context != (SHA512_CTX*)0);
	983
	984	if (buffer != (char*)0) {
	985	SHA512_Final(digest, context);
	986
	987	for (i = 0; i < SHA512_DIGEST_LENGTH; i++) {
	988	buffer++ = sha2_hex_digits[(d & 0xf0) >> 4];
	989	buffer++ = sha2_hex_digits[d & 0x0f];
	990	d++;
	991	}
	992	*buffer = (char)0;
	993	} else {
	994	bzero(context, sizeof(context));
	995	}
	996	bzero(digest, SHA512_DIGEST_LENGTH);
	997	return buffer;
	998	}
	999
	1000	char* SHA512_Data(const sha2_byte* data, size_t len, char digest[SHA512_DIGEST_STRING_LENGTH]) {
	1001	SHA512_CTX context;
	1002
	1003	SHA512_Init(&context);
	1004	SHA512_Update(&context, data, len);
	1005	return SHA512_End(&context, digest);
	1006	}
	1007
	1008	/* SHA-384: *******************************************************/
	1009	void SHA384_Init(SHA384_CTX* context) {
	1010	if (context == (SHA384_CTX*)0) {
	1011	return;
	1012	}
	1013	bcopy(sha384_initial_hash_value, context->state, SHA512_DIGEST_LENGTH);
	1014	bzero(context->buffer, SHA384_BLOCK_LENGTH);
	1015	context->bitcount[0] = context->bitcount[1] = 0;
	1016	}
	1017
	1018	void SHA384_Update(SHA384_CTX* context, const sha2_byte* data, size_t len) {
	1019	SHA512_Update((SHA512_CTX*)context, data, len);
	1020	}
	1021
	1022	void SHA384_Final(sha2_byte digest[], SHA384_CTX* context) {
	1023	sha2_word64 d = (sha2_word64)digest;
	1024
	1025	/* Sanity check: */
	1026	assert(context != (SHA384_CTX*)0);
	1027
	1028	/* If no digest buffer is passed, we don't bother doing this: */
	1029	if (digest != (sha2_byte*)0) {
	1030	SHA512_Last((SHA512_CTX*)context);
	1031
	1032	/* Save the hash data for output: */
	1033	#if SHA2_BYTE_ORDER == SHA2_LITTLE_ENDIAN
	1034	{
	1035	/* Convert TO host byte order */
	1036	int j;
	1037	for (j = 0; j < 6; j++) {
	1038	REVERSE64(context->state[j],context->state[j]);
	1039	*d++ = context->state[j];
	1040	}
	1041	}
	1042	#else
	1043	bcopy(context->state, d, SHA384_DIGEST_LENGTH);
	1044	#endif
	1045	}
	1046
	1047	/* Zero out state data */
	1048	bzero(context, sizeof(context));
	1049	}
	1050
	1051	char SHA384_End(SHA384_CTX context, char buffer[]) {
	1052	sha2_byte digest[SHA384_DIGEST_LENGTH], *d = digest;
	1053	int i;
	1054
	1055	/* Sanity check: */
	1056	assert(context != (SHA384_CTX*)0);
	1057
	1058	if (buffer != (char*)0) {
	1059	SHA384_Final(digest, context);
	1060
	1061	for (i = 0; i < SHA384_DIGEST_LENGTH; i++) {
	1062	buffer++ = sha2_hex_digits[(d & 0xf0) >> 4];
	1063	buffer++ = sha2_hex_digits[d & 0x0f];
	1064	d++;
	1065	}
	1066	*buffer = (char)0;
	1067	} else {
	1068	bzero(context, sizeof(context));
	1069	}
	1070	bzero(digest, SHA384_DIGEST_LENGTH);
	1071	return buffer;
	1072	}
	1073
	1074	char* SHA384_Data(const sha2_byte* data, size_t len, char digest[SHA384_DIGEST_STRING_LENGTH]) {
	1075	SHA384_CTX context;
	1076
	1077	SHA384_Init(&context);
	1078	SHA384_Update(&context, data, len);
	1079	return SHA384_End(&context, digest);
	1080	}
	1081
	1082	#endif /* !NO_64BIT */
	1083
	1084	/*
	1085	* $PchId: sha2.c,v 1.1 2005/06/28 14:29:23 philip Exp $
	1086	*/

Note: See TracBrowser for help on using the repository browser.

Download in other formats: