You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

1091 lines
32 KiB

  1. /*
  2. * FILE: sha2.c
  3. * AUTHOR: Aaron D. Gifford - http://www.aarongifford.com/
  4. *
  5. * Copyright (c) 2000-2001, Aaron D. Gifford
  6. * All rights reserved.
  7. *
  8. * Redistribution and use in source and binary forms, with or without
  9. * modification, are permitted provided that the following conditions
  10. * are met:
  11. * 1. Redistributions of source code must retain the above copyright
  12. * notice, this list of conditions and the following disclaimer.
  13. * 2. Redistributions in binary form must reproduce the above copyright
  14. * notice, this list of conditions and the following disclaimer in the
  15. * documentation and/or other materials provided with the distribution.
  16. * 3. Neither the name of the copyright holder nor the names of contributors
  17. * may be used to endorse or promote products derived from this software
  18. * without specific prior written permission.
  19. *
  20. * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTOR(S) ``AS IS'' AND
  21. * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  22. * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  23. * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTOR(S) BE LIABLE
  24. * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  25. * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  26. * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  27. * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  28. * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  29. * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  30. * SUCH DAMAGE.
  31. *
  32. * $Id: sha2.c,v 1.1 2001/11/08 00:01:51 adg Exp adg $
  33. */
  34. #include <config.h>
  35. #include <endian.h>
  36. #include <string.h> /* memcpy()/memset() or bcopy()/bzero() */
  37. #include <assert.h> /* assert() */
  38. #include "sha2_internal.h"
  39. /*
  40. * ASSERT NOTE:
  41. * Some sanity checking code is included using assert(). On my FreeBSD
  42. * system, this additional code can be removed by compiling with NDEBUG
  43. * defined. Check your own systems manpage on assert() to see how to
  44. * compile WITHOUT the sanity checking code on your system.
  45. *
  46. * UNROLLED TRANSFORM LOOP NOTE:
  47. * You can define SHA2_UNROLL_TRANSFORM to use the unrolled transform
  48. * loop version for the hash transform rounds (defined using macros
  49. * later in this file). Either define on the command line, for example:
  50. *
  51. * cc -DSHA2_UNROLL_TRANSFORM -o sha2 sha2.c sha2prog.c
  52. *
  53. * or define below:
  54. *
  55. * #define SHA2_UNROLL_TRANSFORM
  56. *
  57. */
  58. /*** SHA-256/384/512 Machine Architecture Definitions *****************/
  59. /*
  60. * BYTE_ORDER NOTE:
  61. *
  62. * Please make sure that your system defines BYTE_ORDER. If your
  63. * architecture is little-endian, make sure it also defines
  64. * LITTLE_ENDIAN and that the two (BYTE_ORDER and LITTLE_ENDIAN) are
  65. * equivalent.
  66. *
  67. * If your system does not define the above, then you can do so by
  68. * hand like this:
  69. *
  70. * #define LITTLE_ENDIAN 1234
  71. * #define BIG_ENDIAN 4321
  72. *
  73. * And for little-endian machines, add:
  74. *
  75. * #define BYTE_ORDER LITTLE_ENDIAN
  76. *
  77. * Or for big-endian machines:
  78. *
  79. * #define BYTE_ORDER BIG_ENDIAN
  80. *
  81. * The FreeBSD machine this was written on defines BYTE_ORDER
  82. * appropriately by including <sys/types.h> (which in turn includes
  83. * <machine/endian.h> where the appropriate definitions are actually
  84. * made).
  85. */
  86. #if !defined(BYTE_ORDER) || (BYTE_ORDER != LITTLE_ENDIAN && BYTE_ORDER != BIG_ENDIAN)
  87. #error Define BYTE_ORDER to be equal to either LITTLE_ENDIAN or BIG_ENDIAN
  88. #endif
  89. /*
  90. * Define the followingsha2_* types to types of the correct length on
  91. * the native architecture. Most BSD systems and Linux define u_intXX_t
  92. * types. Machines with very recent ANSI C headers, can use the
  93. * uintXX_t definintions from inttypes.h by defining SHA2_USE_INTTYPES_H
  94. * during compile or in the sha.h header file.
  95. *
  96. * Machines that support neither u_intXX_t nor inttypes.h's uintXX_t
  97. * will need to define these three typedefs below (and the appropriate
  98. * ones in sha.h too) by hand according to their system architecture.
  99. *
  100. * Thank you, Jun-ichiro itojun Hagino, for suggesting using u_intXX_t
  101. * types and pointing out recent ANSI C support for uintXX_t in inttypes.h.
  102. */
  103. #ifdef SHA2_USE_INTTYPES_H
  104. typedef uint8_t sha2_byte; /* Exactly 1 byte */
  105. typedef uint32_t sha2_word32; /* Exactly 4 bytes */
  106. typedef uint64_t sha2_word64; /* Exactly 8 bytes */
  107. #else /* SHA2_USE_INTTYPES_H */
  108. typedef u_int8_t sha2_byte; /* Exactly 1 byte */
  109. typedef u_int32_t sha2_word32; /* Exactly 4 bytes */
  110. typedef u_int64_t sha2_word64; /* Exactly 8 bytes */
  111. #endif /* SHA2_USE_INTTYPES_H */
  112. /*** SHA-256/384/512 Various Length Definitions ***********************/
  113. /* NOTE: Most of these are in sha2.h */
  114. #define SHA256_SHORT_BLOCK_LENGTH (SHA256_BLOCK_LENGTH - 8)
  115. #define SHA384_SHORT_BLOCK_LENGTH (SHA384_BLOCK_LENGTH - 16)
  116. #define SHA512_SHORT_BLOCK_LENGTH (SHA512_BLOCK_LENGTH - 16)
  117. /*** ENDIAN REVERSAL MACROS *******************************************/
  118. #if BYTE_ORDER == LITTLE_ENDIAN
  119. #if defined(__GNUC__) && (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 3))
  120. #define REVERSE32(w,x) { \
  121. (x) = __builtin_bswap32(w); \
  122. }
  123. #define REVERSE64(w,x) { \
  124. (x) = __builtin_bswap64(w); \
  125. }
  126. #else
  127. #define REVERSE32(w,x) { \
  128. sha2_word32 tmp = (w); \
  129. tmp = (tmp >> 16) | (tmp << 16); \
  130. (x) = ((tmp & 0xff00ff00UL) >> 8) | ((tmp & 0x00ff00ffUL) << 8); \
  131. }
  132. #define REVERSE64(w,x) { \
  133. sha2_word64 tmp = (w); \
  134. tmp = (tmp >> 32) | (tmp << 32); \
  135. tmp = ((tmp & 0xff00ff00ff00ff00ULL) >> 8) | \
  136. ((tmp & 0x00ff00ff00ff00ffULL) << 8); \
  137. (x) = ((tmp & 0xffff0000ffff0000ULL) >> 16) | \
  138. ((tmp & 0x0000ffff0000ffffULL) << 16); \
  139. }
  140. #endif
  141. #endif /* BYTE_ORDER == LITTLE_ENDIAN */
  142. /*
  143. * Macro for incrementally adding the unsigned 64-bit integer n to the
  144. * unsigned 128-bit integer (represented using a two-element array of
  145. * 64-bit words):
  146. */
  147. #define ADDINC128(w,n) { \
  148. (w)[0] += (sha2_word64)(n); \
  149. if ((w)[0] < (n)) { \
  150. (w)[1]++; \
  151. } \
  152. }
  153. /*
  154. * Macros for copying blocks of memory and for zeroing out ranges
  155. * of memory. Using these macros makes it easy to switch from
  156. * using memset()/memcpy() and using bzero()/bcopy().
  157. *
  158. * Please define either SHA2_USE_MEMSET_MEMCPY or define
  159. * SHA2_USE_BZERO_BCOPY depending on which function set you
  160. * choose to use:
  161. */
  162. #if !defined(SHA2_USE_MEMSET_MEMCPY) && !defined(SHA2_USE_BZERO_BCOPY)
  163. /* Default to memset()/memcpy() if no option is specified */
  164. #define SHA2_USE_MEMSET_MEMCPY 1
  165. #endif
  166. #if defined(SHA2_USE_MEMSET_MEMCPY) && defined(SHA2_USE_BZERO_BCOPY)
  167. /* Abort with an error if BOTH options are defined */
  168. #error Define either SHA2_USE_MEMSET_MEMCPY or SHA2_USE_BZERO_BCOPY, not both!
  169. #endif
  170. #ifdef SHA2_USE_MEMSET_MEMCPY
  171. #define MEMSET_BZERO(p,l) memset((p), 0, (l))
  172. #define MEMCPY_BCOPY(d,s,l) memcpy((d), (s), (l))
  173. #endif
  174. #ifdef SHA2_USE_BZERO_BCOPY
  175. #define MEMSET_BZERO(p,l) bzero((p), (l))
  176. #define MEMCPY_BCOPY(d,s,l) bcopy((s), (d), (l))
  177. #endif
  178. /*** THE SIX LOGICAL FUNCTIONS ****************************************/
  179. /*
  180. * Bit shifting and rotation (used by the six SHA-XYZ logical functions:
  181. *
  182. * NOTE: The naming of R and S appears backwards here (R is a SHIFT and
  183. * S is a ROTATION) because the SHA-256/384/512 description document
  184. * (see http://csrc.nist.gov/cryptval/shs/sha256-384-512.pdf) uses this
  185. * same "backwards" definition.
  186. */
  187. /* Shift-right (used in SHA-256, SHA-384, and SHA-512): */
  188. #define R(b,x) ((x) >> (b))
  189. /* 32-bit Rotate-right (used in SHA-256): */
  190. #define S32(b,x) (((x) >> (b)) | ((x) << (32 - (b))))
  191. /* 64-bit Rotate-right (used in SHA-384 and SHA-512): */
  192. #define S64(b,x) (((x) >> (b)) | ((x) << (64 - (b))))
  193. /* Two of six logical functions used in SHA-256, SHA-384, and SHA-512: */
  194. #define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z)))
  195. #define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
  196. /* Four of six logical functions used in SHA-256: */
  197. #define Sigma0_256(x) (S32(2, (x)) ^ S32(13, (x)) ^ S32(22, (x)))
  198. #define Sigma1_256(x) (S32(6, (x)) ^ S32(11, (x)) ^ S32(25, (x)))
  199. #define sigma0_256(x) (S32(7, (x)) ^ S32(18, (x)) ^ R(3 , (x)))
  200. #define sigma1_256(x) (S32(17, (x)) ^ S32(19, (x)) ^ R(10, (x)))
  201. /* Four of six logical functions used in SHA-384 and SHA-512: */
  202. #define Sigma0_512(x) (S64(28, (x)) ^ S64(34, (x)) ^ S64(39, (x)))
  203. #define Sigma1_512(x) (S64(14, (x)) ^ S64(18, (x)) ^ S64(41, (x)))
  204. #define sigma0_512(x) (S64( 1, (x)) ^ S64( 8, (x)) ^ R( 7, (x)))
  205. #define sigma1_512(x) (S64(19, (x)) ^ S64(61, (x)) ^ R( 6, (x)))
  206. /*** INTERNAL FUNCTION PROTOTYPES *************************************/
  207. /* NOTE: These should not be accessed directly from outside this
  208. * library -- they are intended for private internal visibility/use
  209. * only.
  210. */
  211. static void SHA512_Last(SHA512_CTX*);
  212. static void SHA256_Transform(SHA256_CTX*, const sha2_word32*);
  213. static void SHA512_Transform(SHA512_CTX*, const sha2_word64*);
  214. /*** SHA-XYZ INITIAL HASH VALUES AND CONSTANTS ************************/
  215. /* Hash constant words K for SHA-256: */
  216. const static sha2_word32 K256[64] = {
  217. 0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL,
  218. 0x3956c25bUL, 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL,
  219. 0xd807aa98UL, 0x12835b01UL, 0x243185beUL, 0x550c7dc3UL,
  220. 0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL, 0xc19bf174UL,
  221. 0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL,
  222. 0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL,
  223. 0x983e5152UL, 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL,
  224. 0xc6e00bf3UL, 0xd5a79147UL, 0x06ca6351UL, 0x14292967UL,
  225. 0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL, 0x53380d13UL,
  226. 0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL,
  227. 0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL,
  228. 0xd192e819UL, 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL,
  229. 0x19a4c116UL, 0x1e376c08UL, 0x2748774cUL, 0x34b0bcb5UL,
  230. 0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL, 0x682e6ff3UL,
  231. 0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL,
  232. 0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL
  233. };
  234. /* Initial hash value H for SHA-256: */
  235. const static sha2_word32 sha256_initial_hash_value[8] = {
  236. 0x6a09e667UL,
  237. 0xbb67ae85UL,
  238. 0x3c6ef372UL,
  239. 0xa54ff53aUL,
  240. 0x510e527fUL,
  241. 0x9b05688cUL,
  242. 0x1f83d9abUL,
  243. 0x5be0cd19UL
  244. };
  245. /* Hash constant words K for SHA-384 and SHA-512: */
  246. const static sha2_word64 K512[80] = {
  247. 0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL,
  248. 0xb5c0fbcfec4d3b2fULL, 0xe9b5dba58189dbbcULL,
  249. 0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL,
  250. 0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL,
  251. 0xd807aa98a3030242ULL, 0x12835b0145706fbeULL,
  252. 0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL,
  253. 0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL,
  254. 0x9bdc06a725c71235ULL, 0xc19bf174cf692694ULL,
  255. 0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL,
  256. 0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL,
  257. 0x2de92c6f592b0275ULL, 0x4a7484aa6ea6e483ULL,
  258. 0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL,
  259. 0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL,
  260. 0xb00327c898fb213fULL, 0xbf597fc7beef0ee4ULL,
  261. 0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL,
  262. 0x06ca6351e003826fULL, 0x142929670a0e6e70ULL,
  263. 0x27b70a8546d22ffcULL, 0x2e1b21385c26c926ULL,
  264. 0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL,
  265. 0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL,
  266. 0x81c2c92e47edaee6ULL, 0x92722c851482353bULL,
  267. 0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL,
  268. 0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL,
  269. 0xd192e819d6ef5218ULL, 0xd69906245565a910ULL,
  270. 0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL,
  271. 0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL,
  272. 0x2748774cdf8eeb99ULL, 0x34b0bcb5e19b48a8ULL,
  273. 0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL,
  274. 0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL,
  275. 0x748f82ee5defb2fcULL, 0x78a5636f43172f60ULL,
  276. 0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL,
  277. 0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL,
  278. 0xbef9a3f7b2c67915ULL, 0xc67178f2e372532bULL,
  279. 0xca273eceea26619cULL, 0xd186b8c721c0c207ULL,
  280. 0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL,
  281. 0x06f067aa72176fbaULL, 0x0a637dc5a2c898a6ULL,
  282. 0x113f9804bef90daeULL, 0x1b710b35131c471bULL,
  283. 0x28db77f523047d84ULL, 0x32caab7b40c72493ULL,
  284. 0x3c9ebe0a15c9bebcULL, 0x431d67c49c100d4cULL,
  285. 0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL,
  286. 0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL
  287. };
  288. /* Initial hash value H for SHA-384 */
  289. const static sha2_word64 sha384_initial_hash_value[8] = {
  290. 0xcbbb9d5dc1059ed8ULL,
  291. 0x629a292a367cd507ULL,
  292. 0x9159015a3070dd17ULL,
  293. 0x152fecd8f70e5939ULL,
  294. 0x67332667ffc00b31ULL,
  295. 0x8eb44a8768581511ULL,
  296. 0xdb0c2e0d64f98fa7ULL,
  297. 0x47b5481dbefa4fa4ULL
  298. };
  299. /* Initial hash value H for SHA-512 */
  300. const static sha2_word64 sha512_initial_hash_value[8] = {
  301. 0x6a09e667f3bcc908ULL,
  302. 0xbb67ae8584caa73bULL,
  303. 0x3c6ef372fe94f82bULL,
  304. 0xa54ff53a5f1d36f1ULL,
  305. 0x510e527fade682d1ULL,
  306. 0x9b05688c2b3e6c1fULL,
  307. 0x1f83d9abfb41bd6bULL,
  308. 0x5be0cd19137e2179ULL
  309. };
  310. /*
  311. * Constant used by SHA256/384/512_End() functions for converting the
  312. * digest to a readable hexadecimal character string:
  313. */
  314. static const char *sha2_hex_digits = "0123456789abcdef";
  315. /*** SHA-256: *********************************************************/
  316. void SHA256_Init(SHA256_CTX* context) {
  317. if (context == (SHA256_CTX*)0) {
  318. return;
  319. }
  320. MEMCPY_BCOPY(context->state, sha256_initial_hash_value, SHA256_DIGEST_LENGTH);
  321. MEMSET_BZERO(context->buffer, SHA256_BLOCK_LENGTH);
  322. context->bitcount = 0;
  323. }
  324. #ifdef SHA2_UNROLL_TRANSFORM
  325. /* Unrolled SHA-256 round macros: */
  326. #if BYTE_ORDER == LITTLE_ENDIAN
  327. #define ROUND256_0_TO_15(a,b,c,d,e,f,g,h) \
  328. REVERSE32(*data++, W256[j]); \
  329. T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + \
  330. K256[j] + W256[j]; \
  331. (d) += T1; \
  332. (h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \
  333. j++
  334. #else /* BYTE_ORDER == LITTLE_ENDIAN */
  335. #define ROUND256_0_TO_15(a,b,c,d,e,f,g,h) \
  336. T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + \
  337. K256[j] + (W256[j] = *data++); \
  338. (d) += T1; \
  339. (h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \
  340. j++
  341. #endif /* BYTE_ORDER == LITTLE_ENDIAN */
  342. #define ROUND256(a,b,c,d,e,f,g,h) \
  343. s0 = W256[(j+1)&0x0f]; \
  344. s0 = sigma0_256(s0); \
  345. s1 = W256[(j+14)&0x0f]; \
  346. s1 = sigma1_256(s1); \
  347. T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + K256[j] + \
  348. (W256[j&0x0f] += s1 + W256[(j+9)&0x0f] + s0); \
  349. (d) += T1; \
  350. (h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \
  351. j++
  352. static void SHA256_Transform(SHA256_CTX* context, const sha2_word32* data) {
  353. sha2_word32 a, b, c, d, e, f, g, h, s0, s1;
  354. sha2_word32 T1, *W256;
  355. int j;
  356. W256 = (sha2_word32*)context->buffer;
  357. /* Initialize registers with the prev. intermediate value */
  358. a = context->state[0];
  359. b = context->state[1];
  360. c = context->state[2];
  361. d = context->state[3];
  362. e = context->state[4];
  363. f = context->state[5];
  364. g = context->state[6];
  365. h = context->state[7];
  366. j = 0;
  367. do {
  368. /* Rounds 0 to 15 (unrolled): */
  369. ROUND256_0_TO_15(a,b,c,d,e,f,g,h);
  370. ROUND256_0_TO_15(h,a,b,c,d,e,f,g);
  371. ROUND256_0_TO_15(g,h,a,b,c,d,e,f);
  372. ROUND256_0_TO_15(f,g,h,a,b,c,d,e);
  373. ROUND256_0_TO_15(e,f,g,h,a,b,c,d);
  374. ROUND256_0_TO_15(d,e,f,g,h,a,b,c);
  375. ROUND256_0_TO_15(c,d,e,f,g,h,a,b);
  376. ROUND256_0_TO_15(b,c,d,e,f,g,h,a);
  377. } while (j < 16);
  378. /* Now for the remaining rounds to 64: */
  379. do {
  380. ROUND256(a,b,c,d,e,f,g,h);
  381. ROUND256(h,a,b,c,d,e,f,g);
  382. ROUND256(g,h,a,b,c,d,e,f);
  383. ROUND256(f,g,h,a,b,c,d,e);
  384. ROUND256(e,f,g,h,a,b,c,d);
  385. ROUND256(d,e,f,g,h,a,b,c);
  386. ROUND256(c,d,e,f,g,h,a,b);
  387. ROUND256(b,c,d,e,f,g,h,a);
  388. } while (j < 64);
  389. /* Compute the current intermediate hash value */
  390. context->state[0] += a;
  391. context->state[1] += b;
  392. context->state[2] += c;
  393. context->state[3] += d;
  394. context->state[4] += e;
  395. context->state[5] += f;
  396. context->state[6] += g;
  397. context->state[7] += h;
  398. /* Clean up */
  399. a = b = c = d = e = f = g = h = T1 = 0;
  400. }
  401. #else /* SHA2_UNROLL_TRANSFORM */
  402. static void SHA256_Transform(SHA256_CTX* context, const sha2_word32* data) {
  403. sha2_word32 a, b, c, d, e, f, g, h, s0, s1;
  404. sha2_word32 T1, T2, *W256;
  405. int j;
  406. W256 = (sha2_word32*)context->buffer;
  407. /* Initialize registers with the prev. intermediate value */
  408. a = context->state[0];
  409. b = context->state[1];
  410. c = context->state[2];
  411. d = context->state[3];
  412. e = context->state[4];
  413. f = context->state[5];
  414. g = context->state[6];
  415. h = context->state[7];
  416. j = 0;
  417. do {
  418. #if BYTE_ORDER == LITTLE_ENDIAN
  419. /* Copy data while converting to host byte order */
  420. REVERSE32(*data++,W256[j]);
  421. /* Apply the SHA-256 compression function to update a..h */
  422. T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + W256[j];
  423. #else /* BYTE_ORDER == LITTLE_ENDIAN */
  424. /* Apply the SHA-256 compression function to update a..h with copy */
  425. T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + (W256[j] = *data++);
  426. #endif /* BYTE_ORDER == LITTLE_ENDIAN */
  427. T2 = Sigma0_256(a) + Maj(a, b, c);
  428. h = g;
  429. g = f;
  430. f = e;
  431. e = d + T1;
  432. d = c;
  433. c = b;
  434. b = a;
  435. a = T1 + T2;
  436. j++;
  437. } while (j < 16);
  438. do {
  439. /* Part of the message block expansion: */
  440. s0 = W256[(j+1)&0x0f];
  441. s0 = sigma0_256(s0);
  442. s1 = W256[(j+14)&0x0f];
  443. s1 = sigma1_256(s1);
  444. /* Apply the SHA-256 compression function to update a..h */
  445. T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] +
  446. (W256[j&0x0f] += s1 + W256[(j+9)&0x0f] + s0);
  447. T2 = Sigma0_256(a) + Maj(a, b, c);
  448. h = g;
  449. g = f;
  450. f = e;
  451. e = d + T1;
  452. d = c;
  453. c = b;
  454. b = a;
  455. a = T1 + T2;
  456. j++;
  457. } while (j < 64);
  458. /* Compute the current intermediate hash value */
  459. context->state[0] += a;
  460. context->state[1] += b;
  461. context->state[2] += c;
  462. context->state[3] += d;
  463. context->state[4] += e;
  464. context->state[5] += f;
  465. context->state[6] += g;
  466. context->state[7] += h;
  467. /* Clean up */
  468. a = b = c = d = e = f = g = h = T1 = T2 = 0;
  469. }
  470. #endif /* SHA2_UNROLL_TRANSFORM */
  471. void SHA256_Update(SHA256_CTX* context, const sha2_byte *data, size_t len) {
  472. unsigned int freespace, usedspace;
  473. if (len == 0) {
  474. /* Calling with no data is valid - we do nothing */
  475. return;
  476. }
  477. /* Sanity check: */
  478. assert(context != (SHA256_CTX*)0 && data != (sha2_byte*)0);
  479. usedspace = (context->bitcount >> 3) % SHA256_BLOCK_LENGTH;
  480. if (usedspace > 0) {
  481. /* Calculate how much free space is available in the buffer */
  482. freespace = SHA256_BLOCK_LENGTH - usedspace;
  483. if (len >= freespace) {
  484. /* Fill the buffer completely and process it */
  485. MEMCPY_BCOPY(&context->buffer[usedspace], data, freespace);
  486. context->bitcount += freespace << 3;
  487. len -= freespace;
  488. data += freespace;
  489. SHA256_Transform(context, (sha2_word32*)context->buffer);
  490. } else {
  491. /* The buffer is not yet full */
  492. MEMCPY_BCOPY(&context->buffer[usedspace], data, len);
  493. context->bitcount += len << 3;
  494. /* Clean up: */
  495. usedspace = freespace = 0;
  496. return;
  497. }
  498. }
  499. while (len >= SHA256_BLOCK_LENGTH) {
  500. /* Process as many complete blocks as we can */
  501. sha2_byte buffer[SHA256_BLOCK_LENGTH];
  502. MEMCPY_BCOPY(buffer, data, SHA256_BLOCK_LENGTH);
  503. SHA256_Transform(context, (sha2_word32*)buffer);
  504. context->bitcount += SHA256_BLOCK_LENGTH << 3;
  505. len -= SHA256_BLOCK_LENGTH;
  506. data += SHA256_BLOCK_LENGTH;
  507. }
  508. if (len > 0) {
  509. /* There's left-overs, so save 'em */
  510. MEMCPY_BCOPY(context->buffer, data, len);
  511. context->bitcount += len << 3;
  512. }
  513. /* Clean up: */
  514. usedspace = freespace = 0;
  515. }
  516. void SHA256_Final(sha2_byte digest[], SHA256_CTX* context) {
  517. sha2_word32 *d = (sha2_word32*)digest;
  518. unsigned int usedspace;
  519. /* Sanity check: */
  520. assert(context != (SHA256_CTX*)0);
  521. /* If no digest buffer is passed, we don't bother doing this: */
  522. if (digest != (sha2_byte*)0) {
  523. usedspace = (context->bitcount >> 3) % SHA256_BLOCK_LENGTH;
  524. #if BYTE_ORDER == LITTLE_ENDIAN
  525. /* Convert FROM host byte order */
  526. REVERSE64(context->bitcount,context->bitcount);
  527. #endif
  528. if (usedspace > 0) {
  529. /* Begin padding with a 1 bit: */
  530. context->buffer[usedspace++] = 0x80;
  531. if (usedspace <= SHA256_SHORT_BLOCK_LENGTH) {
  532. /* Set-up for the last transform: */
  533. MEMSET_BZERO(&context->buffer[usedspace], SHA256_SHORT_BLOCK_LENGTH - usedspace);
  534. } else {
  535. if (usedspace < SHA256_BLOCK_LENGTH) {
  536. MEMSET_BZERO(&context->buffer[usedspace], SHA256_BLOCK_LENGTH - usedspace);
  537. }
  538. /* Do second-to-last transform: */
  539. SHA256_Transform(context, (sha2_word32*)context->buffer);
  540. /* And set-up for the last transform: */
  541. MEMSET_BZERO(context->buffer, SHA256_SHORT_BLOCK_LENGTH);
  542. }
  543. } else {
  544. /* Set-up for the last transform: */
  545. MEMSET_BZERO(context->buffer, SHA256_SHORT_BLOCK_LENGTH);
  546. /* Begin padding with a 1 bit: */
  547. *context->buffer = 0x80;
  548. }
  549. /* Set the bit count: */
  550. union {
  551. sha2_byte* c;
  552. sha2_word64* l;
  553. } bitcount;
  554. bitcount.c = &context->buffer[SHA256_SHORT_BLOCK_LENGTH];
  555. *(bitcount.l) = context->bitcount;
  556. /* Final transform: */
  557. SHA256_Transform(context, (sha2_word32*)context->buffer);
  558. #if BYTE_ORDER == LITTLE_ENDIAN
  559. {
  560. /* Convert TO host byte order */
  561. int j;
  562. for (j = 0; j < 8; j++) {
  563. REVERSE32(context->state[j],context->state[j]);
  564. *d++ = context->state[j];
  565. }
  566. }
  567. #else
  568. MEMCPY_BCOPY(d, context->state, SHA256_DIGEST_LENGTH);
  569. #endif
  570. }
  571. /* Clean up state data: */
  572. MEMSET_BZERO(context, sizeof(*context));
  573. usedspace = 0;
  574. }
  575. char *SHA256_End(SHA256_CTX* context, char buffer[]) {
  576. sha2_byte digest[SHA256_DIGEST_LENGTH], *d = digest;
  577. int i;
  578. /* Sanity check: */
  579. assert(context != (SHA256_CTX*)0);
  580. if (buffer != (char*)0) {
  581. SHA256_Final(digest, context);
  582. for (i = 0; i < SHA256_DIGEST_LENGTH; i++) {
  583. *buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4];
  584. *buffer++ = sha2_hex_digits[*d & 0x0f];
  585. d++;
  586. }
  587. *buffer = (char)0;
  588. } else {
  589. MEMSET_BZERO(context, sizeof(*context));
  590. }
  591. MEMSET_BZERO(digest, SHA256_DIGEST_LENGTH);
  592. return buffer;
  593. }
  594. char* SHA256_Data(const sha2_byte* data, size_t len, char digest[SHA256_DIGEST_STRING_LENGTH]) {
  595. SHA256_CTX context;
  596. SHA256_Init(&context);
  597. SHA256_Update(&context, data, len);
  598. return SHA256_End(&context, digest);
  599. }
  600. /*** SHA-512: *********************************************************/
  601. void SHA512_Init(SHA512_CTX* context) {
  602. if (context == (SHA512_CTX*)0) {
  603. return;
  604. }
  605. MEMCPY_BCOPY(context->state, sha512_initial_hash_value, SHA512_DIGEST_LENGTH);
  606. MEMSET_BZERO(context->buffer, SHA512_BLOCK_LENGTH);
  607. context->bitcount[0] = context->bitcount[1] = 0;
  608. }
  609. #ifdef SHA2_UNROLL_TRANSFORM
  610. /* Unrolled SHA-512 round macros: */
  611. #if BYTE_ORDER == LITTLE_ENDIAN
  612. #define ROUND512_0_TO_15(a,b,c,d,e,f,g,h) \
  613. REVERSE64(*data++, W512[j]); \
  614. T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + \
  615. K512[j] + W512[j]; \
  616. (d) += T1, \
  617. (h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)), \
  618. j++
  619. #else /* BYTE_ORDER == LITTLE_ENDIAN */
  620. #define ROUND512_0_TO_15(a,b,c,d,e,f,g,h) \
  621. T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + \
  622. K512[j] + (W512[j] = *data++); \
  623. (d) += T1; \
  624. (h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)); \
  625. j++
  626. #endif /* BYTE_ORDER == LITTLE_ENDIAN */
  627. #define ROUND512(a,b,c,d,e,f,g,h) \
  628. s0 = W512[(j+1)&0x0f]; \
  629. s0 = sigma0_512(s0); \
  630. s1 = W512[(j+14)&0x0f]; \
  631. s1 = sigma1_512(s1); \
  632. T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + K512[j] + \
  633. (W512[j&0x0f] += s1 + W512[(j+9)&0x0f] + s0); \
  634. (d) += T1; \
  635. (h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)); \
  636. j++
  637. static void SHA512_Transform(SHA512_CTX* context, const sha2_word64* data) {
  638. sha2_word64 a, b, c, d, e, f, g, h, s0, s1;
  639. sha2_word64 T1, *W512 = (sha2_word64*)context->buffer;
  640. int j;
  641. /* Initialize registers with the prev. intermediate value */
  642. a = context->state[0];
  643. b = context->state[1];
  644. c = context->state[2];
  645. d = context->state[3];
  646. e = context->state[4];
  647. f = context->state[5];
  648. g = context->state[6];
  649. h = context->state[7];
  650. j = 0;
  651. do {
  652. ROUND512_0_TO_15(a,b,c,d,e,f,g,h);
  653. ROUND512_0_TO_15(h,a,b,c,d,e,f,g);
  654. ROUND512_0_TO_15(g,h,a,b,c,d,e,f);
  655. ROUND512_0_TO_15(f,g,h,a,b,c,d,e);
  656. ROUND512_0_TO_15(e,f,g,h,a,b,c,d);
  657. ROUND512_0_TO_15(d,e,f,g,h,a,b,c);
  658. ROUND512_0_TO_15(c,d,e,f,g,h,a,b);
  659. ROUND512_0_TO_15(b,c,d,e,f,g,h,a);
  660. } while (j < 16);
  661. /* Now for the remaining rounds up to 79: */
  662. do {
  663. ROUND512(a,b,c,d,e,f,g,h);
  664. ROUND512(h,a,b,c,d,e,f,g);
  665. ROUND512(g,h,a,b,c,d,e,f);
  666. ROUND512(f,g,h,a,b,c,d,e);
  667. ROUND512(e,f,g,h,a,b,c,d);
  668. ROUND512(d,e,f,g,h,a,b,c);
  669. ROUND512(c,d,e,f,g,h,a,b);
  670. ROUND512(b,c,d,e,f,g,h,a);
  671. } while (j < 80);
  672. /* Compute the current intermediate hash value */
  673. context->state[0] += a;
  674. context->state[1] += b;
  675. context->state[2] += c;
  676. context->state[3] += d;
  677. context->state[4] += e;
  678. context->state[5] += f;
  679. context->state[6] += g;
  680. context->state[7] += h;
  681. /* Clean up */
  682. a = b = c = d = e = f = g = h = T1 = 0;
  683. }
  684. #else /* SHA2_UNROLL_TRANSFORM */
  685. static void SHA512_Transform(SHA512_CTX* context, const sha2_word64* data) {
  686. sha2_word64 a, b, c, d, e, f, g, h, s0, s1;
  687. sha2_word64 T1, T2, *W512 = (sha2_word64*)context->buffer;
  688. int j;
  689. /* Initialize registers with the prev. intermediate value */
  690. a = context->state[0];
  691. b = context->state[1];
  692. c = context->state[2];
  693. d = context->state[3];
  694. e = context->state[4];
  695. f = context->state[5];
  696. g = context->state[6];
  697. h = context->state[7];
  698. j = 0;
  699. do {
  700. #if BYTE_ORDER == LITTLE_ENDIAN
  701. /* Convert TO host byte order */
  702. REVERSE64(*data++, W512[j]);
  703. /* Apply the SHA-512 compression function to update a..h */
  704. T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + W512[j];
  705. #else /* BYTE_ORDER == LITTLE_ENDIAN */
  706. /* Apply the SHA-512 compression function to update a..h with copy */
  707. T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + (W512[j] = *data++);
  708. #endif /* BYTE_ORDER == LITTLE_ENDIAN */
  709. T2 = Sigma0_512(a) + Maj(a, b, c);
  710. h = g;
  711. g = f;
  712. f = e;
  713. e = d + T1;
  714. d = c;
  715. c = b;
  716. b = a;
  717. a = T1 + T2;
  718. j++;
  719. } while (j < 16);
  720. do {
  721. /* Part of the message block expansion: */
  722. s0 = W512[(j+1)&0x0f];
  723. s0 = sigma0_512(s0);
  724. s1 = W512[(j+14)&0x0f];
  725. s1 = sigma1_512(s1);
  726. /* Apply the SHA-512 compression function to update a..h */
  727. T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] +
  728. (W512[j&0x0f] += s1 + W512[(j+9)&0x0f] + s0);
  729. T2 = Sigma0_512(a) + Maj(a, b, c);
  730. h = g;
  731. g = f;
  732. f = e;
  733. e = d + T1;
  734. d = c;
  735. c = b;
  736. b = a;
  737. a = T1 + T2;
  738. j++;
  739. } while (j < 80);
  740. /* Compute the current intermediate hash value */
  741. context->state[0] += a;
  742. context->state[1] += b;
  743. context->state[2] += c;
  744. context->state[3] += d;
  745. context->state[4] += e;
  746. context->state[5] += f;
  747. context->state[6] += g;
  748. context->state[7] += h;
  749. /* Clean up */
  750. a = b = c = d = e = f = g = h = T1 = T2 = 0;
  751. }
  752. #endif /* SHA2_UNROLL_TRANSFORM */
  753. void SHA512_Update(SHA512_CTX* context, const sha2_byte *data, size_t len) {
  754. unsigned int freespace, usedspace;
  755. if (len == 0) {
  756. /* Calling with no data is valid - we do nothing */
  757. return;
  758. }
  759. /* Sanity check: */
  760. assert(context != (SHA512_CTX*)0 && data != (sha2_byte*)0);
  761. usedspace = (context->bitcount[0] >> 3) % SHA512_BLOCK_LENGTH;
  762. if (usedspace > 0) {
  763. /* Calculate how much free space is available in the buffer */
  764. freespace = SHA512_BLOCK_LENGTH - usedspace;
  765. if (len >= freespace) {
  766. /* Fill the buffer completely and process it */
  767. MEMCPY_BCOPY(&context->buffer[usedspace], data, freespace);
  768. ADDINC128(context->bitcount, freespace << 3);
  769. len -= freespace;
  770. data += freespace;
  771. SHA512_Transform(context, (sha2_word64*)context->buffer);
  772. } else {
  773. /* The buffer is not yet full */
  774. MEMCPY_BCOPY(&context->buffer[usedspace], data, len);
  775. ADDINC128(context->bitcount, len << 3);
  776. /* Clean up: */
  777. usedspace = freespace = 0;
  778. return;
  779. }
  780. }
  781. while (len >= SHA512_BLOCK_LENGTH) {
  782. /* Process as many complete blocks as we can */
  783. sha2_byte buffer[SHA512_BLOCK_LENGTH];
  784. MEMCPY_BCOPY(buffer, data, SHA512_BLOCK_LENGTH);
  785. SHA512_Transform(context, (sha2_word64*)buffer);
  786. ADDINC128(context->bitcount, SHA512_BLOCK_LENGTH << 3);
  787. len -= SHA512_BLOCK_LENGTH;
  788. data += SHA512_BLOCK_LENGTH;
  789. }
  790. if (len > 0) {
  791. /* There's left-overs, so save 'em */
  792. MEMCPY_BCOPY(context->buffer, data, len);
  793. ADDINC128(context->bitcount, len << 3);
  794. }
  795. /* Clean up: */
  796. usedspace = freespace = 0;
  797. }
  798. static void SHA512_Last(SHA512_CTX* context) {
  799. unsigned int usedspace;
  800. usedspace = (context->bitcount[0] >> 3) % SHA512_BLOCK_LENGTH;
  801. #if BYTE_ORDER == LITTLE_ENDIAN
  802. /* Convert FROM host byte order */
  803. REVERSE64(context->bitcount[0],context->bitcount[0]);
  804. REVERSE64(context->bitcount[1],context->bitcount[1]);
  805. #endif
  806. if (usedspace > 0) {
  807. /* Begin padding with a 1 bit: */
  808. context->buffer[usedspace++] = 0x80;
  809. if (usedspace <= SHA512_SHORT_BLOCK_LENGTH) {
  810. /* Set-up for the last transform: */
  811. MEMSET_BZERO(&context->buffer[usedspace], SHA512_SHORT_BLOCK_LENGTH - usedspace);
  812. } else {
  813. if (usedspace < SHA512_BLOCK_LENGTH) {
  814. MEMSET_BZERO(&context->buffer[usedspace], SHA512_BLOCK_LENGTH - usedspace);
  815. }
  816. /* Do second-to-last transform: */
  817. SHA512_Transform(context, (sha2_word64*)context->buffer);
  818. /* And set-up for the last transform: */
  819. MEMSET_BZERO(context->buffer, SHA512_BLOCK_LENGTH - 2);
  820. }
  821. } else {
  822. /* Prepare for final transform: */
  823. MEMSET_BZERO(context->buffer, SHA512_SHORT_BLOCK_LENGTH);
  824. /* Begin padding with a 1 bit: */
  825. *context->buffer = 0x80;
  826. }
  827. /* Store the length of input data (in bits): */
  828. union {
  829. sha2_byte* c;
  830. sha2_word64* l;
  831. } bitcount;
  832. bitcount.c = &context->buffer[SHA512_SHORT_BLOCK_LENGTH];
  833. bitcount.l[0] = context->bitcount[1];
  834. bitcount.l[1] = context->bitcount[0];
  835. /* Final transform: */
  836. SHA512_Transform(context, (sha2_word64*)context->buffer);
  837. }
  838. void SHA512_Final(sha2_byte digest[], SHA512_CTX* context) {
  839. sha2_word64 *d = (sha2_word64*)digest;
  840. /* Sanity check: */
  841. assert(context != (SHA512_CTX*)0);
  842. /* If no digest buffer is passed, we don't bother doing this: */
  843. if (digest != (sha2_byte*)0) {
  844. SHA512_Last(context);
  845. /* Save the hash data for output: */
  846. #if BYTE_ORDER == LITTLE_ENDIAN
  847. {
  848. /* Convert TO host byte order */
  849. int j;
  850. for (j = 0; j < 8; j++) {
  851. REVERSE64(context->state[j],context->state[j]);
  852. *d++ = context->state[j];
  853. }
  854. }
  855. #else
  856. MEMCPY_BCOPY(d, context->state, SHA512_DIGEST_LENGTH);
  857. #endif
  858. }
  859. /* Zero out state data */
  860. MEMSET_BZERO(context, sizeof(*context));
  861. }
  862. char *SHA512_End(SHA512_CTX* context, char buffer[]) {
  863. sha2_byte digest[SHA512_DIGEST_LENGTH], *d = digest;
  864. int i;
  865. /* Sanity check: */
  866. assert(context != (SHA512_CTX*)0);
  867. if (buffer != (char*)0) {
  868. SHA512_Final(digest, context);
  869. for (i = 0; i < SHA512_DIGEST_LENGTH; i++) {
  870. *buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4];
  871. *buffer++ = sha2_hex_digits[*d & 0x0f];
  872. d++;
  873. }
  874. *buffer = (char)0;
  875. } else {
  876. MEMSET_BZERO(context, sizeof(*context));
  877. }
  878. MEMSET_BZERO(digest, SHA512_DIGEST_LENGTH);
  879. return buffer;
  880. }
  881. char* SHA512_Data(const sha2_byte* data, size_t len, char digest[SHA512_DIGEST_STRING_LENGTH]) {
  882. SHA512_CTX context;
  883. SHA512_Init(&context);
  884. SHA512_Update(&context, data, len);
  885. return SHA512_End(&context, digest);
  886. }
  887. /*** SHA-384: *********************************************************/
  888. void SHA384_Init(SHA384_CTX* context) {
  889. if (context == (SHA384_CTX*)0) {
  890. return;
  891. }
  892. MEMCPY_BCOPY(context->state, sha384_initial_hash_value, SHA512_DIGEST_LENGTH);
  893. MEMSET_BZERO(context->buffer, SHA384_BLOCK_LENGTH);
  894. context->bitcount[0] = context->bitcount[1] = 0;
  895. }
  896. void SHA384_Update(SHA384_CTX* context, const sha2_byte* data, size_t len) {
  897. SHA512_Update((SHA512_CTX*)context, data, len);
  898. }
  899. void SHA384_Final(sha2_byte digest[], SHA384_CTX* context) {
  900. sha2_word64 *d = (sha2_word64*)digest;
  901. /* Sanity check: */
  902. assert(context != (SHA384_CTX*)0);
  903. /* If no digest buffer is passed, we don't bother doing this: */
  904. if (digest != (sha2_byte*)0) {
  905. SHA512_Last((SHA512_CTX*)context);
  906. /* Save the hash data for output: */
  907. #if BYTE_ORDER == LITTLE_ENDIAN
  908. {
  909. /* Convert TO host byte order */
  910. int j;
  911. for (j = 0; j < 6; j++) {
  912. REVERSE64(context->state[j],context->state[j]);
  913. *d++ = context->state[j];
  914. }
  915. }
  916. #else
  917. MEMCPY_BCOPY(d, context->state, SHA384_DIGEST_LENGTH);
  918. #endif
  919. }
  920. /* Zero out state data */
  921. MEMSET_BZERO(context, sizeof(*context));
  922. }
  923. char *SHA384_End(SHA384_CTX* context, char buffer[]) {
  924. sha2_byte digest[SHA384_DIGEST_LENGTH], *d = digest;
  925. int i;
  926. /* Sanity check: */
  927. assert(context != (SHA384_CTX*)0);
  928. if (buffer != (char*)0) {
  929. SHA384_Final(digest, context);
  930. for (i = 0; i < SHA384_DIGEST_LENGTH; i++) {
  931. *buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4];
  932. *buffer++ = sha2_hex_digits[*d & 0x0f];
  933. d++;
  934. }
  935. *buffer = (char)0;
  936. } else {
  937. MEMSET_BZERO(context, sizeof(*context));
  938. }
  939. MEMSET_BZERO(digest, SHA384_DIGEST_LENGTH);
  940. return buffer;
  941. }
  942. char* SHA384_Data(const sha2_byte* data, size_t len, char digest[SHA384_DIGEST_STRING_LENGTH]) {
  943. SHA384_CTX context;
  944. SHA384_Init(&context);
  945. SHA384_Update(&context, data, len);
  946. return SHA384_End(&context, digest);
  947. }