1 /* $NetBSD: sha2.c,v 1.10 2015/07/08 17:28:59 christos Exp $ */ 2 3 /* 4 * Copyright (C) 2005-2007, 2009, 2011, 2012, 2014 Internet Systems Consortium, Inc. ("ISC") 5 * 6 * Permission to use, copy, modify, and/or distribute this software for any 7 * purpose with or without fee is hereby granted, provided that the above 8 * copyright notice and this permission notice appear in all copies. 9 * 10 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH 11 * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 12 * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, 13 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM 14 * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE 15 * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 16 * PERFORMANCE OF THIS SOFTWARE. 17 */ 18 19 /* Id */ 20 21 /* $FreeBSD: src/sys/crypto/sha2/sha2.c,v 1.2.2.2 2002/03/05 08:36:47 ume Exp $ */ 22 /* $KAME: sha2.c,v 1.8 2001/11/08 01:07:52 itojun Exp $ */ 23 24 /* 25 * sha2.c 26 * 27 * Version 1.0.0beta1 28 * 29 * Written by Aaron D. Gifford <me@aarongifford.com> 30 * 31 * Copyright 2000 Aaron D. Gifford. All rights reserved. 32 * 33 * Redistribution and use in source and binary forms, with or without 34 * modification, are permitted provided that the following conditions 35 * are met: 36 * 1. Redistributions of source code must retain the above copyright 37 * notice, this list of conditions and the following disclaimer. 38 * 2. Redistributions in binary form must reproduce the above copyright 39 * notice, this list of conditions and the following disclaimer in the 40 * documentation and/or other materials provided with the distribution. 41 * 3. Neither the name of the copyright holder nor the names of contributors 42 * may be used to endorse or promote products derived from this software 43 * without specific prior written permission. 44 * 45 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) AND CONTRIBUTOR(S) ``AS IS'' AND 46 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 47 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 48 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR(S) OR CONTRIBUTOR(S) BE LIABLE 49 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 50 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 51 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 52 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 53 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 54 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 55 * SUCH DAMAGE. 56 * 57 */ 58 59 60 #include <config.h> 61 62 #include <isc/assertions.h> 63 #include <isc/platform.h> 64 #include <isc/sha2.h> 65 #include <isc/string.h> 66 #include <isc/util.h> 67 68 #if PKCS11CRYPTO 69 #include <pk11/internal.h> 70 #include <pk11/pk11.h> 71 #endif 72 73 #ifdef ISC_PLATFORM_OPENSSLHASH 74 75 void 76 isc_sha224_init(isc_sha224_t *context) { 77 if (context == (isc_sha224_t *)0) { 78 return; 79 } 80 RUNTIME_CHECK(EVP_DigestInit(context, EVP_sha224()) == 1); 81 } 82 83 void 84 isc_sha224_invalidate(isc_sha224_t *context) { 85 EVP_MD_CTX_cleanup(context); 86 } 87 88 void 89 isc_sha224_update(isc_sha224_t *context, const isc_uint8_t* data, size_t len) { 90 if (len == 0U) { 91 /* Calling with no data is valid - we do nothing */ 92 return; 93 } 94 95 /* Sanity check: */ 96 REQUIRE(context != (isc_sha224_t *)0 && data != (isc_uint8_t*)0); 97 98 RUNTIME_CHECK(EVP_DigestUpdate(context, 99 (const void *) data, len) == 1); 100 } 101 102 void 103 isc_sha224_final(isc_uint8_t digest[], isc_sha224_t *context) { 104 /* Sanity check: */ 105 REQUIRE(context != (isc_sha224_t *)0); 106 107 /* If no digest buffer is passed, we don't bother doing this: */ 108 if (digest != (isc_uint8_t*)0) { 109 RUNTIME_CHECK(EVP_DigestFinal(context, digest, NULL) == 1); 110 } else { 111 EVP_MD_CTX_cleanup(context); 112 } 113 } 114 115 void 116 isc_sha256_init(isc_sha256_t *context) { 117 if (context == (isc_sha256_t *)0) { 118 return; 119 } 120 RUNTIME_CHECK(EVP_DigestInit(context, EVP_sha256()) == 1); 121 } 122 123 void 124 isc_sha256_invalidate(isc_sha256_t *context) { 125 EVP_MD_CTX_cleanup(context); 126 } 127 128 void 129 isc_sha256_update(isc_sha256_t *context, const isc_uint8_t *data, size_t len) { 130 if (len == 0U) { 131 /* Calling with no data is valid - we do nothing */ 132 return; 133 } 134 135 /* Sanity check: */ 136 REQUIRE(context != (isc_sha256_t *)0 && data != (isc_uint8_t*)0); 137 138 RUNTIME_CHECK(EVP_DigestUpdate(context, 139 (const void *) data, len) == 1); 140 } 141 142 void 143 isc_sha256_final(isc_uint8_t digest[], isc_sha256_t *context) { 144 /* Sanity check: */ 145 REQUIRE(context != (isc_sha256_t *)0); 146 147 /* If no digest buffer is passed, we don't bother doing this: */ 148 if (digest != (isc_uint8_t*)0) { 149 RUNTIME_CHECK(EVP_DigestFinal(context, digest, NULL) == 1); 150 } else { 151 EVP_MD_CTX_cleanup(context); 152 } 153 } 154 155 void 156 isc_sha512_init(isc_sha512_t *context) { 157 if (context == (isc_sha512_t *)0) { 158 return; 159 } 160 RUNTIME_CHECK(EVP_DigestInit(context, EVP_sha512()) == 1); 161 } 162 163 void 164 isc_sha512_invalidate(isc_sha512_t *context) { 165 EVP_MD_CTX_cleanup(context); 166 } 167 168 void isc_sha512_update(isc_sha512_t *context, const isc_uint8_t *data, size_t len) { 169 if (len == 0U) { 170 /* Calling with no data is valid - we do nothing */ 171 return; 172 } 173 174 /* Sanity check: */ 175 REQUIRE(context != (isc_sha512_t *)0 && data != (isc_uint8_t*)0); 176 177 RUNTIME_CHECK(EVP_DigestUpdate(context, 178 (const void *) data, len) == 1); 179 } 180 181 void isc_sha512_final(isc_uint8_t digest[], isc_sha512_t *context) { 182 /* Sanity check: */ 183 REQUIRE(context != (isc_sha512_t *)0); 184 185 /* If no digest buffer is passed, we don't bother doing this: */ 186 if (digest != (isc_uint8_t*)0) { 187 RUNTIME_CHECK(EVP_DigestFinal(context, digest, NULL) == 1); 188 } else { 189 EVP_MD_CTX_cleanup(context); 190 } 191 } 192 193 void 194 isc_sha384_init(isc_sha384_t *context) { 195 if (context == (isc_sha384_t *)0) { 196 return; 197 } 198 RUNTIME_CHECK(EVP_DigestInit(context, EVP_sha384()) == 1); 199 } 200 201 void 202 isc_sha384_invalidate(isc_sha384_t *context) { 203 EVP_MD_CTX_cleanup(context); 204 } 205 206 void 207 isc_sha384_update(isc_sha384_t *context, const isc_uint8_t* data, size_t len) { 208 if (len == 0U) { 209 /* Calling with no data is valid - we do nothing */ 210 return; 211 } 212 213 /* Sanity check: */ 214 REQUIRE(context != (isc_sha512_t *)0 && data != (isc_uint8_t*)0); 215 216 RUNTIME_CHECK(EVP_DigestUpdate(context, 217 (const void *) data, len) == 1); 218 } 219 220 void 221 isc_sha384_final(isc_uint8_t digest[], isc_sha384_t *context) { 222 /* Sanity check: */ 223 REQUIRE(context != (isc_sha384_t *)0); 224 225 /* If no digest buffer is passed, we don't bother doing this: */ 226 if (digest != (isc_uint8_t*)0) { 227 RUNTIME_CHECK(EVP_DigestFinal(context, digest, NULL) == 1); 228 } else { 229 EVP_MD_CTX_cleanup(context); 230 } 231 } 232 233 #elif PKCS11CRYPTO 234 235 void 236 isc_sha224_init(isc_sha224_t *context) { 237 CK_RV rv; 238 CK_MECHANISM mech = { CKM_SHA224, NULL, 0 }; 239 240 if (context == (isc_sha224_t *)0) { 241 return; 242 } 243 RUNTIME_CHECK(pk11_get_session(context, OP_DIGEST, ISC_TRUE, ISC_FALSE, 244 ISC_FALSE, NULL, 0) == ISC_R_SUCCESS); 245 PK11_FATALCHECK(pkcs_C_DigestInit, (context->session, &mech)); 246 } 247 248 void 249 isc_sha224_invalidate(isc_sha224_t *context) { 250 CK_BYTE garbage[ISC_SHA224_DIGESTLENGTH]; 251 CK_ULONG len = ISC_SHA224_DIGESTLENGTH; 252 253 if (context->handle == NULL) 254 return; 255 (void) pkcs_C_DigestFinal(context->session, garbage, &len); 256 memset(garbage, 0, sizeof(garbage)); 257 pk11_return_session(context); 258 } 259 260 void 261 isc_sha224_update(isc_sha224_t *context, const isc_uint8_t* data, size_t len) { 262 CK_RV rv; 263 CK_BYTE_PTR pPart; 264 265 if (len == 0U) { 266 /* Calling with no data is valid - we do nothing */ 267 return; 268 } 269 270 /* Sanity check: */ 271 REQUIRE(context != (isc_sha224_t *)0 && data != (isc_uint8_t*)0); 272 273 DE_CONST(data, pPart); 274 PK11_FATALCHECK(pkcs_C_DigestUpdate, 275 (context->session, pPart, (CK_ULONG) len)); 276 } 277 278 void 279 isc_sha224_final(isc_uint8_t digest[], isc_sha224_t *context) { 280 CK_RV rv; 281 CK_ULONG len = ISC_SHA224_DIGESTLENGTH; 282 283 /* Sanity check: */ 284 REQUIRE(context != (isc_sha224_t *)0); 285 286 /* If no digest buffer is passed, we don't bother doing this: */ 287 if (digest != (isc_uint8_t*)0) { 288 PK11_FATALCHECK(pkcs_C_DigestFinal, 289 (context->session, 290 (CK_BYTE_PTR) digest, 291 &len)); 292 } else { 293 CK_BYTE garbage[ISC_SHA224_DIGESTLENGTH]; 294 295 (void) pkcs_C_DigestFinal(context->session, garbage, &len); 296 memset(garbage, 0, sizeof(garbage)); 297 } 298 pk11_return_session(context); 299 } 300 301 void 302 isc_sha256_init(isc_sha256_t *context) { 303 CK_RV rv; 304 CK_MECHANISM mech = { CKM_SHA256, NULL, 0 }; 305 306 if (context == (isc_sha256_t *)0) { 307 return; 308 } 309 RUNTIME_CHECK(pk11_get_session(context, OP_DIGEST, ISC_TRUE, ISC_FALSE, 310 ISC_FALSE, NULL, 0) == ISC_R_SUCCESS); 311 PK11_FATALCHECK(pkcs_C_DigestInit, (context->session, &mech)); 312 } 313 314 void 315 isc_sha256_invalidate(isc_sha256_t *context) { 316 CK_BYTE garbage[ISC_SHA256_DIGESTLENGTH]; 317 CK_ULONG len = ISC_SHA256_DIGESTLENGTH; 318 319 if (context->handle == NULL) 320 return; 321 (void) pkcs_C_DigestFinal(context->session, garbage, &len); 322 memset(garbage, 0, sizeof(garbage)); 323 pk11_return_session(context); 324 } 325 326 void 327 isc_sha256_update(isc_sha256_t *context, const isc_uint8_t* data, size_t len) { 328 CK_RV rv; 329 CK_BYTE_PTR pPart; 330 331 if (len == 0U) { 332 /* Calling with no data is valid - we do nothing */ 333 return; 334 } 335 336 /* Sanity check: */ 337 REQUIRE(context != (isc_sha256_t *)0 && data != (isc_uint8_t*)0); 338 339 DE_CONST(data, pPart); 340 PK11_FATALCHECK(pkcs_C_DigestUpdate, 341 (context->session, pPart, (CK_ULONG) len)); 342 } 343 344 void 345 isc_sha256_final(isc_uint8_t digest[], isc_sha256_t *context) { 346 CK_RV rv; 347 CK_ULONG len = ISC_SHA256_DIGESTLENGTH; 348 349 /* Sanity check: */ 350 REQUIRE(context != (isc_sha256_t *)0); 351 352 /* If no digest buffer is passed, we don't bother doing this: */ 353 if (digest != (isc_uint8_t*)0) { 354 PK11_FATALCHECK(pkcs_C_DigestFinal, 355 (context->session, 356 (CK_BYTE_PTR) digest, 357 &len)); 358 } else { 359 CK_BYTE garbage[ISC_SHA256_DIGESTLENGTH]; 360 361 (void) pkcs_C_DigestFinal(context->session, garbage, &len); 362 memset(garbage, 0, sizeof(garbage)); 363 } 364 pk11_return_session(context); 365 } 366 367 void 368 isc_sha512_init(isc_sha512_t *context) { 369 CK_RV rv; 370 CK_MECHANISM mech = { CKM_SHA512, NULL, 0 }; 371 372 if (context == (isc_sha512_t *)0) { 373 return; 374 } 375 RUNTIME_CHECK(pk11_get_session(context, OP_DIGEST, ISC_TRUE, ISC_FALSE, 376 ISC_FALSE, NULL, 0) == ISC_R_SUCCESS); 377 PK11_FATALCHECK(pkcs_C_DigestInit, (context->session, &mech)); 378 } 379 380 void 381 isc_sha512_invalidate(isc_sha512_t *context) { 382 CK_BYTE garbage[ISC_SHA512_DIGESTLENGTH]; 383 CK_ULONG len = ISC_SHA512_DIGESTLENGTH; 384 385 if (context->handle == NULL) 386 return; 387 (void) pkcs_C_DigestFinal(context->session, garbage, &len); 388 memset(garbage, 0, sizeof(garbage)); 389 pk11_return_session(context); 390 } 391 392 void 393 isc_sha512_update(isc_sha512_t *context, const isc_uint8_t* data, size_t len) { 394 CK_RV rv; 395 CK_BYTE_PTR pPart; 396 397 if (len == 0U) { 398 /* Calling with no data is valid - we do nothing */ 399 return; 400 } 401 402 /* Sanity check: */ 403 REQUIRE(context != (isc_sha512_t *)0 && data != (isc_uint8_t*)0); 404 405 DE_CONST(data, pPart); 406 PK11_FATALCHECK(pkcs_C_DigestUpdate, 407 (context->session, pPart, (CK_ULONG) len)); 408 } 409 410 void 411 isc_sha512_final(isc_uint8_t digest[], isc_sha512_t *context) { 412 CK_RV rv; 413 CK_ULONG len = ISC_SHA512_DIGESTLENGTH; 414 415 /* Sanity check: */ 416 REQUIRE(context != (isc_sha512_t *)0); 417 418 /* If no digest buffer is passed, we don't bother doing this: */ 419 if (digest != (isc_uint8_t*)0) { 420 PK11_FATALCHECK(pkcs_C_DigestFinal, 421 (context->session, 422 (CK_BYTE_PTR) digest, 423 &len)); 424 } else { 425 CK_BYTE garbage[ISC_SHA512_DIGESTLENGTH]; 426 427 (void) pkcs_C_DigestFinal(context->session, garbage, &len); 428 memset(garbage, 0, sizeof(garbage)); 429 } 430 pk11_return_session(context); 431 } 432 433 void 434 isc_sha384_init(isc_sha384_t *context) { 435 CK_RV rv; 436 CK_MECHANISM mech = { CKM_SHA384, NULL, 0 }; 437 438 if (context == (isc_sha384_t *)0) { 439 return; 440 } 441 RUNTIME_CHECK(pk11_get_session(context, OP_DIGEST, ISC_TRUE, ISC_FALSE, 442 ISC_FALSE, NULL, 0) == ISC_R_SUCCESS); 443 PK11_FATALCHECK(pkcs_C_DigestInit, (context->session, &mech)); 444 } 445 446 void 447 isc_sha384_invalidate(isc_sha384_t *context) { 448 CK_BYTE garbage[ISC_SHA384_DIGESTLENGTH]; 449 CK_ULONG len = ISC_SHA384_DIGESTLENGTH; 450 451 if (context->handle == NULL) 452 return; 453 (void) pkcs_C_DigestFinal(context->session, garbage, &len); 454 memset(garbage, 0, sizeof(garbage)); 455 pk11_return_session(context); 456 } 457 458 void 459 isc_sha384_update(isc_sha384_t *context, const isc_uint8_t* data, size_t len) { 460 CK_RV rv; 461 CK_BYTE_PTR pPart; 462 463 if (len == 0U) { 464 /* Calling with no data is valid - we do nothing */ 465 return; 466 } 467 468 /* Sanity check: */ 469 REQUIRE(context != (isc_sha384_t *)0 && data != (isc_uint8_t*)0); 470 471 DE_CONST(data, pPart); 472 PK11_FATALCHECK(pkcs_C_DigestUpdate, 473 (context->session, pPart, (CK_ULONG) len)); 474 } 475 476 void 477 isc_sha384_final(isc_uint8_t digest[], isc_sha384_t *context) { 478 CK_RV rv; 479 CK_ULONG len = ISC_SHA384_DIGESTLENGTH; 480 481 /* Sanity check: */ 482 REQUIRE(context != (isc_sha384_t *)0); 483 484 /* If no digest buffer is passed, we don't bother doing this: */ 485 if (digest != (isc_uint8_t*)0) { 486 PK11_FATALCHECK(pkcs_C_DigestFinal, 487 (context->session, 488 (CK_BYTE_PTR) digest, 489 &len)); 490 } else { 491 CK_BYTE garbage[ISC_SHA384_DIGESTLENGTH]; 492 493 (void) pkcs_C_DigestFinal(context->session, garbage, &len); 494 memset(garbage, 0, sizeof(garbage)); 495 } 496 pk11_return_session(context); 497 } 498 499 #else 500 501 /* 502 * UNROLLED TRANSFORM LOOP NOTE: 503 * You can define SHA2_UNROLL_TRANSFORM to use the unrolled transform 504 * loop version for the hash transform rounds (defined using macros 505 * later in this file). Either define on the command line, for example: 506 * 507 * cc -DISC_SHA2_UNROLL_TRANSFORM -o sha2 sha2.c sha2prog.c 508 * 509 * or define below: 510 * 511 * \#define ISC_SHA2_UNROLL_TRANSFORM 512 * 513 */ 514 515 /*** SHA-256/384/512 Machine Architecture Definitions *****************/ 516 /* 517 * BYTE_ORDER NOTE: 518 * 519 * Please make sure that your system defines BYTE_ORDER. If your 520 * architecture is little-endian, make sure it also defines 521 * LITTLE_ENDIAN and that the two (BYTE_ORDER and LITTLE_ENDIAN) are 522 * equivalent. 523 * 524 * If your system does not define the above, then you can do so by 525 * hand like this: 526 * 527 * \#define LITTLE_ENDIAN 1234 528 * \#define BIG_ENDIAN 4321 529 * 530 * And for little-endian machines, add: 531 * 532 * \#define BYTE_ORDER LITTLE_ENDIAN 533 * 534 * Or for big-endian machines: 535 * 536 * \#define BYTE_ORDER BIG_ENDIAN 537 * 538 * The FreeBSD machine this was written on defines BYTE_ORDER 539 * appropriately by including <sys/types.h> (which in turn includes 540 * <machine/endian.h> where the appropriate definitions are actually 541 * made). 542 */ 543 #if !defined(BYTE_ORDER) || (BYTE_ORDER != LITTLE_ENDIAN && BYTE_ORDER != BIG_ENDIAN) 544 #ifndef BYTE_ORDER 545 #ifndef BIG_ENDIAN 546 #define BIG_ENDIAN 4321 547 #endif 548 #ifndef LITTLE_ENDIAN 549 #define LITTLE_ENDIAN 1234 550 #endif 551 #ifdef WORDS_BIGENDIAN 552 #define BYTE_ORDER BIG_ENDIAN 553 #else 554 #define BYTE_ORDER LITTLE_ENDIAN 555 #endif 556 #else 557 #error Define BYTE_ORDER to be equal to either LITTLE_ENDIAN or BIG_ENDIAN 558 #endif 559 #endif 560 561 /*** SHA-256/384/512 Various Length Definitions ***********************/ 562 /* NOTE: Most of these are in sha2.h */ 563 #define ISC_SHA256_SHORT_BLOCK_LENGTH (ISC_SHA256_BLOCK_LENGTH - 8) 564 #define ISC_SHA384_SHORT_BLOCK_LENGTH (ISC_SHA384_BLOCK_LENGTH - 16) 565 #define ISC_SHA512_SHORT_BLOCK_LENGTH (ISC_SHA512_BLOCK_LENGTH - 16) 566 567 568 /*** ENDIAN REVERSAL MACROS *******************************************/ 569 #if BYTE_ORDER == LITTLE_ENDIAN 570 #define REVERSE32(w,x) { \ 571 isc_uint32_t tmp = (w); \ 572 tmp = (tmp >> 16) | (tmp << 16); \ 573 (x) = ((tmp & 0xff00ff00UL) >> 8) | ((tmp & 0x00ff00ffUL) << 8); \ 574 } 575 #ifdef WIN32 576 #define REVERSE64(w,x) { \ 577 isc_uint64_t tmp = (w); \ 578 tmp = (tmp >> 32) | (tmp << 32); \ 579 tmp = ((tmp & 0xff00ff00ff00ff00UL) >> 8) | \ 580 ((tmp & 0x00ff00ff00ff00ffUL) << 8); \ 581 (x) = ((tmp & 0xffff0000ffff0000UL) >> 16) | \ 582 ((tmp & 0x0000ffff0000ffffUL) << 16); \ 583 } 584 #else 585 #define REVERSE64(w,x) { \ 586 isc_uint64_t tmp = (w); \ 587 tmp = (tmp >> 32) | (tmp << 32); \ 588 tmp = ((tmp & 0xff00ff00ff00ff00ULL) >> 8) | \ 589 ((tmp & 0x00ff00ff00ff00ffULL) << 8); \ 590 (x) = ((tmp & 0xffff0000ffff0000ULL) >> 16) | \ 591 ((tmp & 0x0000ffff0000ffffULL) << 16); \ 592 } 593 #endif 594 #endif /* BYTE_ORDER == LITTLE_ENDIAN */ 595 596 /* 597 * Macro for incrementally adding the unsigned 64-bit integer n to the 598 * unsigned 128-bit integer (represented using a two-element array of 599 * 64-bit words): 600 */ 601 #define ADDINC128(w,n) { \ 602 (w)[0] += (isc_uint64_t)(n); \ 603 if ((w)[0] < (n)) { \ 604 (w)[1]++; \ 605 } \ 606 } 607 608 /*** THE SIX LOGICAL FUNCTIONS ****************************************/ 609 /* 610 * Bit shifting and rotation (used by the six SHA-XYZ logical functions: 611 * 612 * NOTE: The naming of R and S appears backwards here (R is a SHIFT and 613 * S is a ROTATION) because the SHA-256/384/512 description document 614 * (see http://csrc.nist.gov/cryptval/shs/sha256-384-512.pdf) uses this 615 * same "backwards" definition. 616 */ 617 /* Shift-right (used in SHA-256, SHA-384, and SHA-512): */ 618 #define R(b,x) ((x) >> (b)) 619 /* 32-bit Rotate-right (used in SHA-256): */ 620 #define S32(b,x) (((x) >> (b)) | ((x) << (32 - (b)))) 621 /* 64-bit Rotate-right (used in SHA-384 and SHA-512): */ 622 #define S64(b,x) (((x) >> (b)) | ((x) << (64 - (b)))) 623 624 /* Two of six logical functions used in SHA-256, SHA-384, and SHA-512: */ 625 #define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z))) 626 #define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) 627 628 /* Four of six logical functions used in SHA-256: */ 629 #define Sigma0_256(x) (S32(2, (x)) ^ S32(13, (x)) ^ S32(22, (x))) 630 #define Sigma1_256(x) (S32(6, (x)) ^ S32(11, (x)) ^ S32(25, (x))) 631 #define sigma0_256(x) (S32(7, (x)) ^ S32(18, (x)) ^ R(3 , (x))) 632 #define sigma1_256(x) (S32(17, (x)) ^ S32(19, (x)) ^ R(10, (x))) 633 634 /* Four of six logical functions used in SHA-384 and SHA-512: */ 635 #define Sigma0_512(x) (S64(28, (x)) ^ S64(34, (x)) ^ S64(39, (x))) 636 #define Sigma1_512(x) (S64(14, (x)) ^ S64(18, (x)) ^ S64(41, (x))) 637 #define sigma0_512(x) (S64( 1, (x)) ^ S64( 8, (x)) ^ R( 7, (x))) 638 #define sigma1_512(x) (S64(19, (x)) ^ S64(61, (x)) ^ R( 6, (x))) 639 640 /*** INTERNAL FUNCTION PROTOTYPES *************************************/ 641 /* NOTE: These should not be accessed directly from outside this 642 * library -- they are intended for private internal visibility/use 643 * only. 644 */ 645 void isc_sha512_last(isc_sha512_t *); 646 void isc_sha256_transform(isc_sha256_t *, const isc_uint32_t*); 647 void isc_sha512_transform(isc_sha512_t *, const isc_uint64_t*); 648 649 650 /*** SHA-XYZ INITIAL HASH VALUES AND CONSTANTS ************************/ 651 /* Hash constant words K for SHA-224 and SHA-256: */ 652 static const isc_uint32_t K256[64] = { 653 0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL, 654 0x3956c25bUL, 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL, 655 0xd807aa98UL, 0x12835b01UL, 0x243185beUL, 0x550c7dc3UL, 656 0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL, 0xc19bf174UL, 657 0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL, 658 0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL, 659 0x983e5152UL, 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL, 660 0xc6e00bf3UL, 0xd5a79147UL, 0x06ca6351UL, 0x14292967UL, 661 0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL, 0x53380d13UL, 662 0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL, 663 0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL, 664 0xd192e819UL, 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL, 665 0x19a4c116UL, 0x1e376c08UL, 0x2748774cUL, 0x34b0bcb5UL, 666 0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL, 0x682e6ff3UL, 667 0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL, 668 0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL 669 }; 670 671 /* Initial hash value H for SHA-224: */ 672 static const isc_uint32_t sha224_initial_hash_value[8] = { 673 0xc1059ed8UL, 674 0x367cd507UL, 675 0x3070dd17UL, 676 0xf70e5939UL, 677 0xffc00b31UL, 678 0x68581511UL, 679 0x64f98fa7UL, 680 0xbefa4fa4UL 681 }; 682 683 /* Initial hash value H for SHA-256: */ 684 static const isc_uint32_t sha256_initial_hash_value[8] = { 685 0x6a09e667UL, 686 0xbb67ae85UL, 687 0x3c6ef372UL, 688 0xa54ff53aUL, 689 0x510e527fUL, 690 0x9b05688cUL, 691 0x1f83d9abUL, 692 0x5be0cd19UL 693 }; 694 695 #ifdef WIN32 696 /* Hash constant words K for SHA-384 and SHA-512: */ 697 static const isc_uint64_t K512[80] = { 698 0x428a2f98d728ae22UL, 0x7137449123ef65cdUL, 699 0xb5c0fbcfec4d3b2fUL, 0xe9b5dba58189dbbcUL, 700 0x3956c25bf348b538UL, 0x59f111f1b605d019UL, 701 0x923f82a4af194f9bUL, 0xab1c5ed5da6d8118UL, 702 0xd807aa98a3030242UL, 0x12835b0145706fbeUL, 703 0x243185be4ee4b28cUL, 0x550c7dc3d5ffb4e2UL, 704 0x72be5d74f27b896fUL, 0x80deb1fe3b1696b1UL, 705 0x9bdc06a725c71235UL, 0xc19bf174cf692694UL, 706 0xe49b69c19ef14ad2UL, 0xefbe4786384f25e3UL, 707 0x0fc19dc68b8cd5b5UL, 0x240ca1cc77ac9c65UL, 708 0x2de92c6f592b0275UL, 0x4a7484aa6ea6e483UL, 709 0x5cb0a9dcbd41fbd4UL, 0x76f988da831153b5UL, 710 0x983e5152ee66dfabUL, 0xa831c66d2db43210UL, 711 0xb00327c898fb213fUL, 0xbf597fc7beef0ee4UL, 712 0xc6e00bf33da88fc2UL, 0xd5a79147930aa725UL, 713 0x06ca6351e003826fUL, 0x142929670a0e6e70UL, 714 0x27b70a8546d22ffcUL, 0x2e1b21385c26c926UL, 715 0x4d2c6dfc5ac42aedUL, 0x53380d139d95b3dfUL, 716 0x650a73548baf63deUL, 0x766a0abb3c77b2a8UL, 717 0x81c2c92e47edaee6UL, 0x92722c851482353bUL, 718 0xa2bfe8a14cf10364UL, 0xa81a664bbc423001UL, 719 0xc24b8b70d0f89791UL, 0xc76c51a30654be30UL, 720 0xd192e819d6ef5218UL, 0xd69906245565a910UL, 721 0xf40e35855771202aUL, 0x106aa07032bbd1b8UL, 722 0x19a4c116b8d2d0c8UL, 0x1e376c085141ab53UL, 723 0x2748774cdf8eeb99UL, 0x34b0bcb5e19b48a8UL, 724 0x391c0cb3c5c95a63UL, 0x4ed8aa4ae3418acbUL, 725 0x5b9cca4f7763e373UL, 0x682e6ff3d6b2b8a3UL, 726 0x748f82ee5defb2fcUL, 0x78a5636f43172f60UL, 727 0x84c87814a1f0ab72UL, 0x8cc702081a6439ecUL, 728 0x90befffa23631e28UL, 0xa4506cebde82bde9UL, 729 0xbef9a3f7b2c67915UL, 0xc67178f2e372532bUL, 730 0xca273eceea26619cUL, 0xd186b8c721c0c207UL, 731 0xeada7dd6cde0eb1eUL, 0xf57d4f7fee6ed178UL, 732 0x06f067aa72176fbaUL, 0x0a637dc5a2c898a6UL, 733 0x113f9804bef90daeUL, 0x1b710b35131c471bUL, 734 0x28db77f523047d84UL, 0x32caab7b40c72493UL, 735 0x3c9ebe0a15c9bebcUL, 0x431d67c49c100d4cUL, 736 0x4cc5d4becb3e42b6UL, 0x597f299cfc657e2aUL, 737 0x5fcb6fab3ad6faecUL, 0x6c44198c4a475817UL 738 }; 739 740 /* Initial hash value H for SHA-384: */ 741 static const isc_uint64_t sha384_initial_hash_value[8] = { 742 0xcbbb9d5dc1059ed8UL, 743 0x629a292a367cd507UL, 744 0x9159015a3070dd17UL, 745 0x152fecd8f70e5939UL, 746 0x67332667ffc00b31UL, 747 0x8eb44a8768581511UL, 748 0xdb0c2e0d64f98fa7UL, 749 0x47b5481dbefa4fa4UL 750 }; 751 752 /* Initial hash value H for SHA-512: */ 753 static const isc_uint64_t sha512_initial_hash_value[8] = { 754 0x6a09e667f3bcc908U, 755 0xbb67ae8584caa73bUL, 756 0x3c6ef372fe94f82bUL, 757 0xa54ff53a5f1d36f1UL, 758 0x510e527fade682d1UL, 759 0x9b05688c2b3e6c1fUL, 760 0x1f83d9abfb41bd6bUL, 761 0x5be0cd19137e2179UL 762 }; 763 #else 764 /* Hash constant words K for SHA-384 and SHA-512: */ 765 static const isc_uint64_t K512[80] = { 766 0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL, 767 0xb5c0fbcfec4d3b2fULL, 0xe9b5dba58189dbbcULL, 768 0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL, 769 0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL, 770 0xd807aa98a3030242ULL, 0x12835b0145706fbeULL, 771 0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL, 772 0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL, 773 0x9bdc06a725c71235ULL, 0xc19bf174cf692694ULL, 774 0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL, 775 0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL, 776 0x2de92c6f592b0275ULL, 0x4a7484aa6ea6e483ULL, 777 0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL, 778 0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL, 779 0xb00327c898fb213fULL, 0xbf597fc7beef0ee4ULL, 780 0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL, 781 0x06ca6351e003826fULL, 0x142929670a0e6e70ULL, 782 0x27b70a8546d22ffcULL, 0x2e1b21385c26c926ULL, 783 0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL, 784 0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL, 785 0x81c2c92e47edaee6ULL, 0x92722c851482353bULL, 786 0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL, 787 0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL, 788 0xd192e819d6ef5218ULL, 0xd69906245565a910ULL, 789 0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL, 790 0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL, 791 0x2748774cdf8eeb99ULL, 0x34b0bcb5e19b48a8ULL, 792 0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL, 793 0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL, 794 0x748f82ee5defb2fcULL, 0x78a5636f43172f60ULL, 795 0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL, 796 0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL, 797 0xbef9a3f7b2c67915ULL, 0xc67178f2e372532bULL, 798 0xca273eceea26619cULL, 0xd186b8c721c0c207ULL, 799 0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL, 800 0x06f067aa72176fbaULL, 0x0a637dc5a2c898a6ULL, 801 0x113f9804bef90daeULL, 0x1b710b35131c471bULL, 802 0x28db77f523047d84ULL, 0x32caab7b40c72493ULL, 803 0x3c9ebe0a15c9bebcULL, 0x431d67c49c100d4cULL, 804 0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL, 805 0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL 806 }; 807 808 /* Initial hash value H for SHA-384: */ 809 static const isc_uint64_t sha384_initial_hash_value[8] = { 810 0xcbbb9d5dc1059ed8ULL, 811 0x629a292a367cd507ULL, 812 0x9159015a3070dd17ULL, 813 0x152fecd8f70e5939ULL, 814 0x67332667ffc00b31ULL, 815 0x8eb44a8768581511ULL, 816 0xdb0c2e0d64f98fa7ULL, 817 0x47b5481dbefa4fa4ULL 818 }; 819 820 /* Initial hash value H for SHA-512: */ 821 static const isc_uint64_t sha512_initial_hash_value[8] = { 822 0x6a09e667f3bcc908ULL, 823 0xbb67ae8584caa73bULL, 824 0x3c6ef372fe94f82bULL, 825 0xa54ff53a5f1d36f1ULL, 826 0x510e527fade682d1ULL, 827 0x9b05688c2b3e6c1fULL, 828 0x1f83d9abfb41bd6bULL, 829 0x5be0cd19137e2179ULL 830 }; 831 #endif 832 833 834 /*** SHA-224: *********************************************************/ 835 void 836 isc_sha224_init(isc_sha224_t *context) { 837 if (context == (isc_sha256_t *)0) { 838 return; 839 } 840 memmove(context->state, sha224_initial_hash_value, 841 ISC_SHA256_DIGESTLENGTH); 842 memset(context->buffer, 0, ISC_SHA256_BLOCK_LENGTH); 843 context->bitcount = 0; 844 } 845 846 void 847 isc_sha224_invalidate(isc_sha224_t *context) { 848 memset(context, 0, sizeof(isc_sha224_t)); 849 } 850 851 void 852 isc_sha224_update(isc_sha224_t *context, const isc_uint8_t* data, size_t len) { 853 isc_sha256_update((isc_sha256_t *)context, data, len); 854 } 855 856 void 857 isc_sha224_final(isc_uint8_t digest[], isc_sha224_t *context) { 858 isc_uint8_t sha256_digest[ISC_SHA256_DIGESTLENGTH]; 859 isc_sha256_final(sha256_digest, (isc_sha256_t *)context); 860 memmove(digest, sha256_digest, ISC_SHA224_DIGESTLENGTH); 861 memset(sha256_digest, 0, ISC_SHA256_DIGESTLENGTH); 862 } 863 864 /*** SHA-256: *********************************************************/ 865 void 866 isc_sha256_init(isc_sha256_t *context) { 867 if (context == (isc_sha256_t *)0) { 868 return; 869 } 870 memmove(context->state, sha256_initial_hash_value, 871 ISC_SHA256_DIGESTLENGTH); 872 memset(context->buffer, 0, ISC_SHA256_BLOCK_LENGTH); 873 context->bitcount = 0; 874 } 875 876 void 877 isc_sha256_invalidate(isc_sha256_t *context) { 878 memset(context, 0, sizeof(isc_sha256_t)); 879 } 880 881 #ifdef ISC_SHA2_UNROLL_TRANSFORM 882 883 /* Unrolled SHA-256 round macros: */ 884 885 #if BYTE_ORDER == LITTLE_ENDIAN 886 887 #define ROUND256_0_TO_15(a,b,c,d,e,f,g,h) \ 888 REVERSE32(*data++, W256[j]); \ 889 T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + \ 890 K256[j] + W256[j]; \ 891 (d) += T1; \ 892 (h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \ 893 j++ 894 895 896 #else /* BYTE_ORDER == LITTLE_ENDIAN */ 897 898 #define ROUND256_0_TO_15(a,b,c,d,e,f,g,h) \ 899 T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + \ 900 K256[j] + (W256[j] = *data++); \ 901 (d) += T1; \ 902 (h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \ 903 j++ 904 905 #endif /* BYTE_ORDER == LITTLE_ENDIAN */ 906 907 #define ROUND256(a,b,c,d,e,f,g,h) \ 908 s0 = W256[(j+1)&0x0f]; \ 909 s0 = sigma0_256(s0); \ 910 s1 = W256[(j+14)&0x0f]; \ 911 s1 = sigma1_256(s1); \ 912 T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + K256[j] + \ 913 (W256[j&0x0f] += s1 + W256[(j+9)&0x0f] + s0); \ 914 (d) += T1; \ 915 (h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \ 916 j++ 917 918 void isc_sha256_transform(isc_sha256_t *context, const isc_uint32_t* data) { 919 isc_uint32_t a, b, c, d, e, f, g, h, s0, s1; 920 isc_uint32_t T1, *W256; 921 int j; 922 923 W256 = (isc_uint32_t*)context->buffer; 924 925 /* Initialize registers with the prev. intermediate value */ 926 a = context->state[0]; 927 b = context->state[1]; 928 c = context->state[2]; 929 d = context->state[3]; 930 e = context->state[4]; 931 f = context->state[5]; 932 g = context->state[6]; 933 h = context->state[7]; 934 935 j = 0; 936 do { 937 /* Rounds 0 to 15 (unrolled): */ 938 ROUND256_0_TO_15(a,b,c,d,e,f,g,h); 939 ROUND256_0_TO_15(h,a,b,c,d,e,f,g); 940 ROUND256_0_TO_15(g,h,a,b,c,d,e,f); 941 ROUND256_0_TO_15(f,g,h,a,b,c,d,e); 942 ROUND256_0_TO_15(e,f,g,h,a,b,c,d); 943 ROUND256_0_TO_15(d,e,f,g,h,a,b,c); 944 ROUND256_0_TO_15(c,d,e,f,g,h,a,b); 945 ROUND256_0_TO_15(b,c,d,e,f,g,h,a); 946 } while (j < 16); 947 948 /* Now for the remaining rounds to 64: */ 949 do { 950 ROUND256(a,b,c,d,e,f,g,h); 951 ROUND256(h,a,b,c,d,e,f,g); 952 ROUND256(g,h,a,b,c,d,e,f); 953 ROUND256(f,g,h,a,b,c,d,e); 954 ROUND256(e,f,g,h,a,b,c,d); 955 ROUND256(d,e,f,g,h,a,b,c); 956 ROUND256(c,d,e,f,g,h,a,b); 957 ROUND256(b,c,d,e,f,g,h,a); 958 } while (j < 64); 959 960 /* Compute the current intermediate hash value */ 961 context->state[0] += a; 962 context->state[1] += b; 963 context->state[2] += c; 964 context->state[3] += d; 965 context->state[4] += e; 966 context->state[5] += f; 967 context->state[6] += g; 968 context->state[7] += h; 969 970 /* Clean up */ 971 a = b = c = d = e = f = g = h = T1 = 0; 972 /* Avoid compiler warnings */ 973 POST(a); POST(b); POST(c); POST(d); POST(e); POST(f); 974 POST(g); POST(h); POST(T1); 975 } 976 977 #else /* ISC_SHA2_UNROLL_TRANSFORM */ 978 979 void 980 isc_sha256_transform(isc_sha256_t *context, const isc_uint32_t* data) { 981 isc_uint32_t a, b, c, d, e, f, g, h, s0, s1; 982 isc_uint32_t T1, T2, *W256; 983 int j; 984 985 W256 = (isc_uint32_t*)context->buffer; 986 987 /* Initialize registers with the prev. intermediate value */ 988 a = context->state[0]; 989 b = context->state[1]; 990 c = context->state[2]; 991 d = context->state[3]; 992 e = context->state[4]; 993 f = context->state[5]; 994 g = context->state[6]; 995 h = context->state[7]; 996 997 j = 0; 998 do { 999 #if BYTE_ORDER == LITTLE_ENDIAN 1000 /* Copy data while converting to host byte order */ 1001 REVERSE32(*data++,W256[j]); 1002 /* Apply the SHA-256 compression function to update a..h */ 1003 T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + W256[j]; 1004 #else /* BYTE_ORDER == LITTLE_ENDIAN */ 1005 /* Apply the SHA-256 compression function to update a..h with copy */ 1006 T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + (W256[j] = *data++); 1007 #endif /* BYTE_ORDER == LITTLE_ENDIAN */ 1008 T2 = Sigma0_256(a) + Maj(a, b, c); 1009 h = g; 1010 g = f; 1011 f = e; 1012 e = d + T1; 1013 d = c; 1014 c = b; 1015 b = a; 1016 a = T1 + T2; 1017 1018 j++; 1019 } while (j < 16); 1020 1021 do { 1022 /* Part of the message block expansion: */ 1023 s0 = W256[(j+1)&0x0f]; 1024 s0 = sigma0_256(s0); 1025 s1 = W256[(j+14)&0x0f]; 1026 s1 = sigma1_256(s1); 1027 1028 /* Apply the SHA-256 compression function to update a..h */ 1029 T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + 1030 (W256[j&0x0f] += s1 + W256[(j+9)&0x0f] + s0); 1031 T2 = Sigma0_256(a) + Maj(a, b, c); 1032 h = g; 1033 g = f; 1034 f = e; 1035 e = d + T1; 1036 d = c; 1037 c = b; 1038 b = a; 1039 a = T1 + T2; 1040 1041 j++; 1042 } while (j < 64); 1043 1044 /* Compute the current intermediate hash value */ 1045 context->state[0] += a; 1046 context->state[1] += b; 1047 context->state[2] += c; 1048 context->state[3] += d; 1049 context->state[4] += e; 1050 context->state[5] += f; 1051 context->state[6] += g; 1052 context->state[7] += h; 1053 1054 /* Clean up */ 1055 a = b = c = d = e = f = g = h = T1 = T2 = 0; 1056 /* Avoid compiler warnings */ 1057 POST(a); POST(b); POST(c); POST(d); POST(e); POST(f); 1058 POST(g); POST(h); POST(T1); POST(T2); 1059 } 1060 1061 #endif /* ISC_SHA2_UNROLL_TRANSFORM */ 1062 1063 void 1064 isc_sha256_update(isc_sha256_t *context, const isc_uint8_t *data, size_t len) { 1065 unsigned int freespace, usedspace; 1066 1067 if (len == 0U) { 1068 /* Calling with no data is valid - we do nothing */ 1069 return; 1070 } 1071 1072 /* Sanity check: */ 1073 REQUIRE(context != (isc_sha256_t *)0 && data != (isc_uint8_t*)0); 1074 1075 usedspace = (unsigned int)((context->bitcount >> 3) % 1076 ISC_SHA256_BLOCK_LENGTH); 1077 if (usedspace > 0) { 1078 /* Calculate how much free space is available in the buffer */ 1079 freespace = ISC_SHA256_BLOCK_LENGTH - usedspace; 1080 1081 if (len >= freespace) { 1082 /* Fill the buffer completely and process it */ 1083 memmove(&context->buffer[usedspace], data, freespace); 1084 context->bitcount += freespace << 3; 1085 len -= freespace; 1086 data += freespace; 1087 isc_sha256_transform(context, 1088 (isc_uint32_t*)context->buffer); 1089 } else { 1090 /* The buffer is not yet full */ 1091 memmove(&context->buffer[usedspace], data, len); 1092 context->bitcount += len << 3; 1093 /* Clean up: */ 1094 usedspace = freespace = 0; 1095 /* Avoid compiler warnings: */ 1096 POST(usedspace); POST(freespace); 1097 return; 1098 } 1099 } 1100 while (len >= ISC_SHA256_BLOCK_LENGTH) { 1101 /* Process as many complete blocks as we can */ 1102 memmove(context->buffer, data, ISC_SHA256_BLOCK_LENGTH); 1103 isc_sha256_transform(context, (isc_uint32_t*)context->buffer); 1104 context->bitcount += ISC_SHA256_BLOCK_LENGTH << 3; 1105 len -= ISC_SHA256_BLOCK_LENGTH; 1106 data += ISC_SHA256_BLOCK_LENGTH; 1107 } 1108 if (len > 0U) { 1109 /* There's left-overs, so save 'em */ 1110 memmove(context->buffer, data, len); 1111 context->bitcount += len << 3; 1112 } 1113 /* Clean up: */ 1114 usedspace = freespace = 0; 1115 /* Avoid compiler warnings: */ 1116 POST(usedspace); POST(freespace); 1117 } 1118 1119 void 1120 isc_sha256_final(isc_uint8_t digest[], isc_sha256_t *context) { 1121 isc_uint32_t *d = (isc_uint32_t*)digest; 1122 unsigned int usedspace; 1123 1124 /* Sanity check: */ 1125 REQUIRE(context != (isc_sha256_t *)0); 1126 1127 /* If no digest buffer is passed, we don't bother doing this: */ 1128 if (digest != (isc_uint8_t*)0) { 1129 usedspace = (unsigned int)((context->bitcount >> 3) % 1130 ISC_SHA256_BLOCK_LENGTH); 1131 #if BYTE_ORDER == LITTLE_ENDIAN 1132 /* Convert FROM host byte order */ 1133 REVERSE64(context->bitcount,context->bitcount); 1134 #endif 1135 if (usedspace > 0) { 1136 /* Begin padding with a 1 bit: */ 1137 context->buffer[usedspace++] = 0x80; 1138 1139 if (usedspace <= ISC_SHA256_SHORT_BLOCK_LENGTH) { 1140 /* Set-up for the last transform: */ 1141 memset(&context->buffer[usedspace], 0, 1142 ISC_SHA256_SHORT_BLOCK_LENGTH - usedspace); 1143 } else { 1144 if (usedspace < ISC_SHA256_BLOCK_LENGTH) { 1145 memset(&context->buffer[usedspace], 0, 1146 ISC_SHA256_BLOCK_LENGTH - 1147 usedspace); 1148 } 1149 /* Do second-to-last transform: */ 1150 isc_sha256_transform(context, 1151 (isc_uint32_t*)context->buffer); 1152 1153 /* And set-up for the last transform: */ 1154 memset(context->buffer, 0, 1155 ISC_SHA256_SHORT_BLOCK_LENGTH); 1156 } 1157 } else { 1158 /* Set-up for the last transform: */ 1159 memset(context->buffer, 0, ISC_SHA256_SHORT_BLOCK_LENGTH); 1160 1161 /* Begin padding with a 1 bit: */ 1162 *context->buffer = 0x80; 1163 } 1164 /* Set the bit count: */ 1165 memcpy(&context->buffer[ISC_SHA256_SHORT_BLOCK_LENGTH], 1166 &context->bitcount, sizeof(isc_uint64_t)); 1167 1168 /* Final transform: */ 1169 isc_sha256_transform(context, (isc_uint32_t*)context->buffer); 1170 1171 #if BYTE_ORDER == LITTLE_ENDIAN 1172 { 1173 /* Convert TO host byte order */ 1174 int j; 1175 for (j = 0; j < 8; j++) { 1176 REVERSE32(context->state[j],context->state[j]); 1177 *d++ = context->state[j]; 1178 } 1179 } 1180 #else 1181 memmove(d, context->state, ISC_SHA256_DIGESTLENGTH); 1182 #endif 1183 } 1184 1185 /* Clean up state data: */ 1186 memset(context, 0, sizeof(*context)); 1187 usedspace = 0; 1188 POST(usedspace); 1189 } 1190 1191 /*** SHA-512: *********************************************************/ 1192 void 1193 isc_sha512_init(isc_sha512_t *context) { 1194 if (context == (isc_sha512_t *)0) { 1195 return; 1196 } 1197 memmove(context->state, sha512_initial_hash_value, 1198 ISC_SHA512_DIGESTLENGTH); 1199 memset(context->buffer, 0, ISC_SHA512_BLOCK_LENGTH); 1200 context->bitcount[0] = context->bitcount[1] = 0; 1201 } 1202 1203 void 1204 isc_sha512_invalidate(isc_sha512_t *context) { 1205 memset(context, 0, sizeof(isc_sha512_t)); 1206 } 1207 1208 #ifdef ISC_SHA2_UNROLL_TRANSFORM 1209 1210 /* Unrolled SHA-512 round macros: */ 1211 #if BYTE_ORDER == LITTLE_ENDIAN 1212 1213 #define ROUND512_0_TO_15(a,b,c,d,e,f,g,h) \ 1214 REVERSE64(*data++, W512[j]); \ 1215 T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + \ 1216 K512[j] + W512[j]; \ 1217 (d) += T1, \ 1218 (h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)), \ 1219 j++ 1220 1221 1222 #else /* BYTE_ORDER == LITTLE_ENDIAN */ 1223 1224 #define ROUND512_0_TO_15(a,b,c,d,e,f,g,h) \ 1225 T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + \ 1226 K512[j] + (W512[j] = *data++); \ 1227 (d) += T1; \ 1228 (h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)); \ 1229 j++ 1230 1231 #endif /* BYTE_ORDER == LITTLE_ENDIAN */ 1232 1233 #define ROUND512(a,b,c,d,e,f,g,h) \ 1234 s0 = W512[(j+1)&0x0f]; \ 1235 s0 = sigma0_512(s0); \ 1236 s1 = W512[(j+14)&0x0f]; \ 1237 s1 = sigma1_512(s1); \ 1238 T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + K512[j] + \ 1239 (W512[j&0x0f] += s1 + W512[(j+9)&0x0f] + s0); \ 1240 (d) += T1; \ 1241 (h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)); \ 1242 j++ 1243 1244 void isc_sha512_transform(isc_sha512_t *context, const isc_uint64_t* data) { 1245 isc_uint64_t a, b, c, d, e, f, g, h, s0, s1; 1246 isc_uint64_t T1, *W512 = (isc_uint64_t*)context->buffer; 1247 int j; 1248 1249 /* Initialize registers with the prev. intermediate value */ 1250 a = context->state[0]; 1251 b = context->state[1]; 1252 c = context->state[2]; 1253 d = context->state[3]; 1254 e = context->state[4]; 1255 f = context->state[5]; 1256 g = context->state[6]; 1257 h = context->state[7]; 1258 1259 j = 0; 1260 do { 1261 ROUND512_0_TO_15(a,b,c,d,e,f,g,h); 1262 ROUND512_0_TO_15(h,a,b,c,d,e,f,g); 1263 ROUND512_0_TO_15(g,h,a,b,c,d,e,f); 1264 ROUND512_0_TO_15(f,g,h,a,b,c,d,e); 1265 ROUND512_0_TO_15(e,f,g,h,a,b,c,d); 1266 ROUND512_0_TO_15(d,e,f,g,h,a,b,c); 1267 ROUND512_0_TO_15(c,d,e,f,g,h,a,b); 1268 ROUND512_0_TO_15(b,c,d,e,f,g,h,a); 1269 } while (j < 16); 1270 1271 /* Now for the remaining rounds up to 79: */ 1272 do { 1273 ROUND512(a,b,c,d,e,f,g,h); 1274 ROUND512(h,a,b,c,d,e,f,g); 1275 ROUND512(g,h,a,b,c,d,e,f); 1276 ROUND512(f,g,h,a,b,c,d,e); 1277 ROUND512(e,f,g,h,a,b,c,d); 1278 ROUND512(d,e,f,g,h,a,b,c); 1279 ROUND512(c,d,e,f,g,h,a,b); 1280 ROUND512(b,c,d,e,f,g,h,a); 1281 } while (j < 80); 1282 1283 /* Compute the current intermediate hash value */ 1284 context->state[0] += a; 1285 context->state[1] += b; 1286 context->state[2] += c; 1287 context->state[3] += d; 1288 context->state[4] += e; 1289 context->state[5] += f; 1290 context->state[6] += g; 1291 context->state[7] += h; 1292 1293 /* Clean up */ 1294 a = b = c = d = e = f = g = h = T1 = 0; 1295 /* Avoid compiler warnings */ 1296 POST(a); POST(b); POST(c); POST(d); POST(e); POST(f); 1297 POST(g); POST(h); POST(T1); 1298 } 1299 1300 #else /* ISC_SHA2_UNROLL_TRANSFORM */ 1301 1302 void 1303 isc_sha512_transform(isc_sha512_t *context, const isc_uint64_t* data) { 1304 isc_uint64_t a, b, c, d, e, f, g, h, s0, s1; 1305 isc_uint64_t T1, T2, *W512 = (isc_uint64_t*)context->buffer; 1306 int j; 1307 1308 /* Initialize registers with the prev. intermediate value */ 1309 a = context->state[0]; 1310 b = context->state[1]; 1311 c = context->state[2]; 1312 d = context->state[3]; 1313 e = context->state[4]; 1314 f = context->state[5]; 1315 g = context->state[6]; 1316 h = context->state[7]; 1317 1318 j = 0; 1319 do { 1320 #if BYTE_ORDER == LITTLE_ENDIAN 1321 /* Convert TO host byte order */ 1322 REVERSE64(*data++, W512[j]); 1323 /* Apply the SHA-512 compression function to update a..h */ 1324 T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + W512[j]; 1325 #else /* BYTE_ORDER == LITTLE_ENDIAN */ 1326 /* Apply the SHA-512 compression function to update a..h with copy */ 1327 T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + (W512[j] = *data++); 1328 #endif /* BYTE_ORDER == LITTLE_ENDIAN */ 1329 T2 = Sigma0_512(a) + Maj(a, b, c); 1330 h = g; 1331 g = f; 1332 f = e; 1333 e = d + T1; 1334 d = c; 1335 c = b; 1336 b = a; 1337 a = T1 + T2; 1338 1339 j++; 1340 } while (j < 16); 1341 1342 do { 1343 /* Part of the message block expansion: */ 1344 s0 = W512[(j+1)&0x0f]; 1345 s0 = sigma0_512(s0); 1346 s1 = W512[(j+14)&0x0f]; 1347 s1 = sigma1_512(s1); 1348 1349 /* Apply the SHA-512 compression function to update a..h */ 1350 T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + 1351 (W512[j&0x0f] += s1 + W512[(j+9)&0x0f] + s0); 1352 T2 = Sigma0_512(a) + Maj(a, b, c); 1353 h = g; 1354 g = f; 1355 f = e; 1356 e = d + T1; 1357 d = c; 1358 c = b; 1359 b = a; 1360 a = T1 + T2; 1361 1362 j++; 1363 } while (j < 80); 1364 1365 /* Compute the current intermediate hash value */ 1366 context->state[0] += a; 1367 context->state[1] += b; 1368 context->state[2] += c; 1369 context->state[3] += d; 1370 context->state[4] += e; 1371 context->state[5] += f; 1372 context->state[6] += g; 1373 context->state[7] += h; 1374 1375 /* Clean up */ 1376 a = b = c = d = e = f = g = h = T1 = T2 = 0; 1377 /* Avoid compiler warnings */ 1378 POST(a); POST(b); POST(c); POST(d); POST(e); POST(f); 1379 POST(g); POST(h); POST(T1); POST(T2); 1380 } 1381 1382 #endif /* ISC_SHA2_UNROLL_TRANSFORM */ 1383 1384 void isc_sha512_update(isc_sha512_t *context, const isc_uint8_t *data, size_t len) { 1385 unsigned int freespace, usedspace; 1386 1387 if (len == 0U) { 1388 /* Calling with no data is valid - we do nothing */ 1389 return; 1390 } 1391 1392 /* Sanity check: */ 1393 REQUIRE(context != (isc_sha512_t *)0 && data != (isc_uint8_t*)0); 1394 1395 usedspace = (unsigned int)((context->bitcount[0] >> 3) % 1396 ISC_SHA512_BLOCK_LENGTH); 1397 if (usedspace > 0) { 1398 /* Calculate how much free space is available in the buffer */ 1399 freespace = ISC_SHA512_BLOCK_LENGTH - usedspace; 1400 1401 if (len >= freespace) { 1402 /* Fill the buffer completely and process it */ 1403 memmove(&context->buffer[usedspace], data, freespace); 1404 ADDINC128(context->bitcount, freespace << 3); 1405 len -= freespace; 1406 data += freespace; 1407 isc_sha512_transform(context, 1408 (isc_uint64_t*)context->buffer); 1409 } else { 1410 /* The buffer is not yet full */ 1411 memmove(&context->buffer[usedspace], data, len); 1412 ADDINC128(context->bitcount, len << 3); 1413 /* Clean up: */ 1414 usedspace = freespace = 0; 1415 /* Avoid compiler warnings: */ 1416 POST(usedspace); POST(freespace); 1417 return; 1418 } 1419 } 1420 while (len >= ISC_SHA512_BLOCK_LENGTH) { 1421 /* Process as many complete blocks as we can */ 1422 memmove(context->buffer, data, ISC_SHA512_BLOCK_LENGTH); 1423 isc_sha512_transform(context, (isc_uint64_t*)context->buffer); 1424 ADDINC128(context->bitcount, ISC_SHA512_BLOCK_LENGTH << 3); 1425 len -= ISC_SHA512_BLOCK_LENGTH; 1426 data += ISC_SHA512_BLOCK_LENGTH; 1427 } 1428 if (len > 0U) { 1429 /* There's left-overs, so save 'em */ 1430 memmove(context->buffer, data, len); 1431 ADDINC128(context->bitcount, len << 3); 1432 } 1433 /* Clean up: */ 1434 usedspace = freespace = 0; 1435 /* Avoid compiler warnings: */ 1436 POST(usedspace); POST(freespace); 1437 } 1438 1439 void isc_sha512_last(isc_sha512_t *context) { 1440 unsigned int usedspace; 1441 1442 usedspace = (unsigned int)((context->bitcount[0] >> 3) % 1443 ISC_SHA512_BLOCK_LENGTH); 1444 #if BYTE_ORDER == LITTLE_ENDIAN 1445 /* Convert FROM host byte order */ 1446 REVERSE64(context->bitcount[0],context->bitcount[0]); 1447 REVERSE64(context->bitcount[1],context->bitcount[1]); 1448 #endif 1449 if (usedspace > 0) { 1450 /* Begin padding with a 1 bit: */ 1451 context->buffer[usedspace++] = 0x80; 1452 1453 if (usedspace <= ISC_SHA512_SHORT_BLOCK_LENGTH) { 1454 /* Set-up for the last transform: */ 1455 memset(&context->buffer[usedspace], 0, 1456 ISC_SHA512_SHORT_BLOCK_LENGTH - usedspace); 1457 } else { 1458 if (usedspace < ISC_SHA512_BLOCK_LENGTH) { 1459 memset(&context->buffer[usedspace], 0, 1460 ISC_SHA512_BLOCK_LENGTH - usedspace); 1461 } 1462 /* Do second-to-last transform: */ 1463 isc_sha512_transform(context, 1464 (isc_uint64_t*)context->buffer); 1465 1466 /* And set-up for the last transform: */ 1467 memset(context->buffer, 0, ISC_SHA512_BLOCK_LENGTH - 2); 1468 } 1469 } else { 1470 /* Prepare for final transform: */ 1471 memset(context->buffer, 0, ISC_SHA512_SHORT_BLOCK_LENGTH); 1472 1473 /* Begin padding with a 1 bit: */ 1474 *context->buffer = 0x80; 1475 } 1476 /* Store the length of input data (in bits): */ 1477 memcpy(&context->buffer[ISC_SHA512_SHORT_BLOCK_LENGTH+8], 1478 &context->bitcount[0], sizeof(isc_uint64_t)); 1479 1480 /* Final transform: */ 1481 isc_sha512_transform(context, (isc_uint64_t*)context->buffer); 1482 } 1483 1484 void isc_sha512_final(isc_uint8_t digest[], isc_sha512_t *context) { 1485 isc_uint64_t *d = (isc_uint64_t*)digest; 1486 1487 /* Sanity check: */ 1488 REQUIRE(context != (isc_sha512_t *)0); 1489 1490 /* If no digest buffer is passed, we don't bother doing this: */ 1491 if (digest != (isc_uint8_t*)0) { 1492 isc_sha512_last(context); 1493 1494 /* Save the hash data for output: */ 1495 #if BYTE_ORDER == LITTLE_ENDIAN 1496 { 1497 /* Convert TO host byte order */ 1498 int j; 1499 for (j = 0; j < 8; j++) { 1500 REVERSE64(context->state[j],context->state[j]); 1501 *d++ = context->state[j]; 1502 } 1503 } 1504 #else 1505 memmove(d, context->state, ISC_SHA512_DIGESTLENGTH); 1506 #endif 1507 } 1508 1509 /* Zero out state data */ 1510 memset(context, 0, sizeof(*context)); 1511 } 1512 1513 1514 /*** SHA-384: *********************************************************/ 1515 void 1516 isc_sha384_init(isc_sha384_t *context) { 1517 if (context == (isc_sha384_t *)0) { 1518 return; 1519 } 1520 memmove(context->state, sha384_initial_hash_value, 1521 ISC_SHA512_DIGESTLENGTH); 1522 memset(context->buffer, 0, ISC_SHA384_BLOCK_LENGTH); 1523 context->bitcount[0] = context->bitcount[1] = 0; 1524 } 1525 1526 void 1527 isc_sha384_invalidate(isc_sha384_t *context) { 1528 memset(context, 0, sizeof(isc_sha384_t)); 1529 } 1530 1531 void 1532 isc_sha384_update(isc_sha384_t *context, const isc_uint8_t* data, size_t len) { 1533 isc_sha512_update((isc_sha512_t *)context, data, len); 1534 } 1535 1536 void 1537 isc_sha384_final(isc_uint8_t digest[], isc_sha384_t *context) { 1538 isc_uint64_t *d = (isc_uint64_t*)digest; 1539 1540 /* Sanity check: */ 1541 REQUIRE(context != (isc_sha384_t *)0); 1542 1543 /* If no digest buffer is passed, we don't bother doing this: */ 1544 if (digest != (isc_uint8_t*)0) { 1545 isc_sha512_last((isc_sha512_t *)context); 1546 1547 /* Save the hash data for output: */ 1548 #if BYTE_ORDER == LITTLE_ENDIAN 1549 { 1550 /* Convert TO host byte order */ 1551 int j; 1552 for (j = 0; j < 6; j++) { 1553 REVERSE64(context->state[j],context->state[j]); 1554 *d++ = context->state[j]; 1555 } 1556 } 1557 #else 1558 memmove(d, context->state, ISC_SHA384_DIGESTLENGTH); 1559 #endif 1560 } 1561 1562 /* Zero out state data */ 1563 memset(context, 0, sizeof(*context)); 1564 } 1565 #endif /* !ISC_PLATFORM_OPENSSLHASH */ 1566 1567 /* 1568 * Constant used by SHA256/384/512_End() functions for converting the 1569 * digest to a readable hexadecimal character string: 1570 */ 1571 static const char *sha2_hex_digits = "0123456789abcdef"; 1572 1573 char * 1574 isc_sha224_end(isc_sha224_t *context, char buffer[]) { 1575 isc_uint8_t digest[ISC_SHA224_DIGESTLENGTH], *d = digest; 1576 unsigned int i; 1577 1578 /* Sanity check: */ 1579 REQUIRE(context != (isc_sha224_t *)0); 1580 1581 if (buffer != (char*)0) { 1582 isc_sha224_final(digest, context); 1583 1584 for (i = 0; i < ISC_SHA224_DIGESTLENGTH; i++) { 1585 *buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4]; 1586 *buffer++ = sha2_hex_digits[*d & 0x0f]; 1587 d++; 1588 } 1589 *buffer = (char)0; 1590 } else { 1591 #ifdef ISC_PLATFORM_OPENSSLHASH 1592 EVP_MD_CTX_cleanup(context); 1593 #elif PKCS11CRYPTO 1594 pk11_return_session(context); 1595 #else 1596 memset(context, 0, sizeof(*context)); 1597 #endif 1598 } 1599 memset(digest, 0, ISC_SHA224_DIGESTLENGTH); 1600 return buffer; 1601 } 1602 1603 char * 1604 isc_sha224_data(const isc_uint8_t *data, size_t len, 1605 char digest[ISC_SHA224_DIGESTSTRINGLENGTH]) 1606 { 1607 isc_sha224_t context; 1608 1609 isc_sha224_init(&context); 1610 isc_sha224_update(&context, data, len); 1611 return (isc_sha224_end(&context, digest)); 1612 } 1613 1614 char * 1615 isc_sha256_end(isc_sha256_t *context, char buffer[]) { 1616 isc_uint8_t digest[ISC_SHA256_DIGESTLENGTH], *d = digest; 1617 unsigned int i; 1618 1619 /* Sanity check: */ 1620 REQUIRE(context != (isc_sha256_t *)0); 1621 1622 if (buffer != (char*)0) { 1623 isc_sha256_final(digest, context); 1624 1625 for (i = 0; i < ISC_SHA256_DIGESTLENGTH; i++) { 1626 *buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4]; 1627 *buffer++ = sha2_hex_digits[*d & 0x0f]; 1628 d++; 1629 } 1630 *buffer = (char)0; 1631 } else { 1632 #ifdef ISC_PLATFORM_OPENSSLHASH 1633 EVP_MD_CTX_cleanup(context); 1634 #elif PKCS11CRYPTO 1635 pk11_return_session(context); 1636 #else 1637 memset(context, 0, sizeof(*context)); 1638 #endif 1639 } 1640 memset(digest, 0, ISC_SHA256_DIGESTLENGTH); 1641 return buffer; 1642 } 1643 1644 char * 1645 isc_sha256_data(const isc_uint8_t* data, size_t len, 1646 char digest[ISC_SHA256_DIGESTSTRINGLENGTH]) 1647 { 1648 isc_sha256_t context; 1649 1650 isc_sha256_init(&context); 1651 isc_sha256_update(&context, data, len); 1652 return (isc_sha256_end(&context, digest)); 1653 } 1654 1655 char * 1656 isc_sha512_end(isc_sha512_t *context, char buffer[]) { 1657 isc_uint8_t digest[ISC_SHA512_DIGESTLENGTH], *d = digest; 1658 unsigned int i; 1659 1660 /* Sanity check: */ 1661 REQUIRE(context != (isc_sha512_t *)0); 1662 1663 if (buffer != (char*)0) { 1664 isc_sha512_final(digest, context); 1665 1666 for (i = 0; i < ISC_SHA512_DIGESTLENGTH; i++) { 1667 *buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4]; 1668 *buffer++ = sha2_hex_digits[*d & 0x0f]; 1669 d++; 1670 } 1671 *buffer = (char)0; 1672 } else { 1673 #ifdef ISC_PLATFORM_OPENSSLHASH 1674 EVP_MD_CTX_cleanup(context); 1675 #elif PKCS11CRYPTO 1676 pk11_return_session(context); 1677 #else 1678 memset(context, 0, sizeof(*context)); 1679 #endif 1680 } 1681 memset(digest, 0, ISC_SHA512_DIGESTLENGTH); 1682 return buffer; 1683 } 1684 1685 char * 1686 isc_sha512_data(const isc_uint8_t *data, size_t len, 1687 char digest[ISC_SHA512_DIGESTSTRINGLENGTH]) 1688 { 1689 isc_sha512_t context; 1690 1691 isc_sha512_init(&context); 1692 isc_sha512_update(&context, data, len); 1693 return (isc_sha512_end(&context, digest)); 1694 } 1695 1696 char * 1697 isc_sha384_end(isc_sha384_t *context, char buffer[]) { 1698 isc_uint8_t digest[ISC_SHA384_DIGESTLENGTH], *d = digest; 1699 unsigned int i; 1700 1701 /* Sanity check: */ 1702 REQUIRE(context != (isc_sha384_t *)0); 1703 1704 if (buffer != (char*)0) { 1705 isc_sha384_final(digest, context); 1706 1707 for (i = 0; i < ISC_SHA384_DIGESTLENGTH; i++) { 1708 *buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4]; 1709 *buffer++ = sha2_hex_digits[*d & 0x0f]; 1710 d++; 1711 } 1712 *buffer = (char)0; 1713 } else { 1714 #ifdef ISC_PLATFORM_OPENSSLHASH 1715 EVP_MD_CTX_cleanup(context); 1716 #elif PKCS11CRYPTO 1717 pk11_return_session(context); 1718 #else 1719 memset(context, 0, sizeof(*context)); 1720 #endif 1721 } 1722 memset(digest, 0, ISC_SHA384_DIGESTLENGTH); 1723 return buffer; 1724 } 1725 1726 char * 1727 isc_sha384_data(const isc_uint8_t *data, size_t len, 1728 char digest[ISC_SHA384_DIGESTSTRINGLENGTH]) 1729 { 1730 isc_sha384_t context; 1731 1732 isc_sha384_init(&context); 1733 isc_sha384_update(&context, data, len); 1734 return (isc_sha384_end(&context, digest)); 1735 } 1736