satsolver 0.16.3
|
00001 /* 00002 * FILE: sha2.c 00003 * AUTHOR: Aaron D. Gifford <me@aarongifford.com> 00004 * 00005 * Copyright (c) 2000-2001, Aaron D. Gifford 00006 * All rights reserved. 00007 * 00008 * Redistribution and use in source and binary forms, with or without 00009 * modification, are permitted provided that the following conditions 00010 * are met: 00011 * 1. Redistributions of source code must retain the above copyright 00012 * notice, this list of conditions and the following disclaimer. 00013 * 2. Redistributions in binary form must reproduce the above copyright 00014 * notice, this list of conditions and the following disclaimer in the 00015 * documentation and/or other materials provided with the distribution. 00016 * 3. Neither the name of the copyright holder nor the names of contributors 00017 * may be used to endorse or promote products derived from this software 00018 * without specific prior written permission. 00019 * 00020 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTOR(S) ``AS IS'' AND 00021 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 00022 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 00023 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTOR(S) BE LIABLE 00024 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 00025 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 00026 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 00027 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 00028 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 00029 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 00030 * SUCH DAMAGE. 00031 * 00032 * $Id: sha2.c,v 1.1 2001/11/08 00:01:51 adg Exp adg $ 00033 */ 00034 00035 #include <sys/types.h> 00036 #include <string.h> /* memcpy()/memset() or bcopy()/bzero() */ 00037 /* #include <assert.h> */ /* assert() */ 00038 #include <stdio.h> 00039 #include <sysexits.h> 00040 #include <sys/uio.h> 00041 #include <unistd.h> 00042 #include <inttypes.h> 00043 #include <endian.h> 00044 00045 #include "sha2.h" 00046 00047 00048 /* 00049 * ASSERT NOTE: 00050 * Some sanity checking code is included using assert(). On my FreeBSD 00051 * system, this additional code can be removed by compiling with NDEBUG 00052 * defined. Check your own systems manpage on assert() to see how to 00053 * compile WITHOUT the sanity checking code on your system. 00054 * 00055 * UNROLLED TRANSFORM LOOP NOTE: 00056 * You can define SHA2_UNROLL_TRANSFORM to use the unrolled transform 00057 * loop version for the hash transform rounds (defined using macros 00058 * later in this file). Either define on the command line, for example: 00059 * 00060 * cc -DSHA2_UNROLL_TRANSFORM -o sha2 sha2.c sha2prog.c 00061 * 00062 * or define below: 00063 * 00064 * #define SHA2_UNROLL_TRANSFORM 00065 * 00066 */ 00067 00068 #define SHA2_UNROLL_TRANSFORM 00069 00070 00071 /*** SHA-256/384/512 Machine Architecture Definitions *****************/ 00072 /* 00073 * BYTE_ORDER NOTE: 00074 * 00075 * Please make sure that your system defines BYTE_ORDER. If your 00076 * architecture is little-endian, make sure it also defines 00077 * LITTLE_ENDIAN and that the two (BYTE_ORDER and LITTLE_ENDIAN) are 00078 * equivilent. 00079 * 00080 * If your system does not define the above, then you can do so by 00081 * hand like this: 00082 * 00083 * #define LITTLE_ENDIAN 1234 00084 * #define BIG_ENDIAN 4321 00085 * 00086 * And for little-endian machines, add: 00087 * 00088 * #define BYTE_ORDER LITTLE_ENDIAN 00089 * 00090 * Or for big-endian machines: 00091 * 00092 * #define BYTE_ORDER BIG_ENDIAN 00093 * 00094 * The FreeBSD machine this was written on defines BYTE_ORDER 00095 * appropriately by including <sys/types.h> (which in turn includes 00096 * <machine/endian.h> where the appropriate definitions are actually 00097 * made). 00098 */ 00099 #if !defined(__BYTE_ORDER) || (__BYTE_ORDER != __LITTLE_ENDIAN && __BYTE_ORDER != __BIG_ENDIAN) 00100 #error Define __BYTE_ORDER to be equal to either __LITTLE_ENDIAN or __BIG_ENDIAN 00101 #endif 00102 00103 /* 00104 * Define the following sha2_* types to types of the correct length on 00105 * the native archtecture. Most BSD systems and Linux define u_intXX_t 00106 * types. Machines with very recent ANSI C headers, can use the 00107 * uintXX_t definintions from inttypes.h by defining SHA2_USE_INTTYPES_H 00108 * during compile or in the sha.h header file. 00109 * 00110 * Machines that support neither u_intXX_t nor inttypes.h's uintXX_t 00111 * will need to define these three typedefs below (and the appropriate 00112 * ones in sha.h too) by hand according to their system architecture. 00113 * 00114 * Thank you, Jun-ichiro itojun Hagino, for suggesting using u_intXX_t 00115 * types and pointing out recent ANSI C support for uintXX_t in inttypes.h. 00116 */ 00117 typedef uint8_t sha2_byte; /* Exactly 1 byte */ 00118 typedef uint32_t sha2_word32; /* Exactly 4 bytes */ 00119 typedef uint64_t sha2_word64; /* Exactly 8 bytes */ 00120 00121 00122 /*** SHA-256/384/512 Various Length Definitions ***********************/ 00123 /* NOTE: Most of these are in sha2.h */ 00124 #define SHA256_SHORT_BLOCK_LENGTH (SHA256_BLOCK_LENGTH - 8) 00125 #define SHA384_SHORT_BLOCK_LENGTH (SHA384_BLOCK_LENGTH - 16) 00126 #define SHA512_SHORT_BLOCK_LENGTH (SHA512_BLOCK_LENGTH - 16) 00127 00128 00129 /*** ENDIAN REVERSAL MACROS *******************************************/ 00130 #if __BYTE_ORDER == __LITTLE_ENDIAN 00131 #define REVERSE32(w,x) { \ 00132 sha2_word32 tmp = (w); \ 00133 tmp = (tmp >> 16) | (tmp << 16); \ 00134 (x) = ((tmp & 0xff00ff00UL) >> 8) | ((tmp & 0x00ff00ffUL) << 8); \ 00135 } 00136 #define REVERSE64(w,x) { \ 00137 sha2_word64 tmp = (w); \ 00138 tmp = (tmp >> 32) | (tmp << 32); \ 00139 tmp = ((tmp & 0xff00ff00ff00ff00ULL) >> 8) | \ 00140 ((tmp & 0x00ff00ff00ff00ffULL) << 8); \ 00141 (x) = ((tmp & 0xffff0000ffff0000ULL) >> 16) | \ 00142 ((tmp & 0x0000ffff0000ffffULL) << 16); \ 00143 } 00144 #endif /* __BYTE_ORDER == __LITTLE_ENDIAN */ 00145 00146 /* 00147 * Macro for incrementally adding the unsigned 64-bit integer n to the 00148 * unsigned 128-bit integer (represented using a two-element array of 00149 * 64-bit words): 00150 */ 00151 #define ADDINC128(w,n) { \ 00152 (w)[0] += (sha2_word64)(n); \ 00153 if ((w)[0] < (n)) { \ 00154 (w)[1]++; \ 00155 } \ 00156 } 00157 00158 /* 00159 * Macros for copying blocks of memory and for zeroing out ranges 00160 * of memory. Using these macros makes it easy to switch from 00161 * using memset()/memcpy() and using bzero()/bcopy(). 00162 * 00163 * Please define either SHA2_USE_MEMSET_MEMCPY or define 00164 * SHA2_USE_BZERO_BCOPY depending on which function set you 00165 * choose to use: 00166 */ 00167 #if !defined(SHA2_USE_MEMSET_MEMCPY) && !defined(SHA2_USE_BZERO_BCOPY) 00168 /* Default to memset()/memcpy() if no option is specified */ 00169 #define SHA2_USE_MEMSET_MEMCPY 1 00170 #endif 00171 #if defined(SHA2_USE_MEMSET_MEMCPY) && defined(SHA2_USE_BZERO_BCOPY) 00172 /* Abort with an error if BOTH options are defined */ 00173 #error Define either SHA2_USE_MEMSET_MEMCPY or SHA2_USE_BZERO_BCOPY, not both! 00174 #endif 00175 00176 #ifdef SHA2_USE_MEMSET_MEMCPY 00177 #define MEMSET_BZERO(p,l) memset((p), 0, (l)) 00178 #define MEMCPY_BCOPY(d,s,l) memcpy((d), (s), (l)) 00179 #endif 00180 #ifdef SHA2_USE_BZERO_BCOPY 00181 #define MEMSET_BZERO(p,l) bzero((p), (l)) 00182 #define MEMCPY_BCOPY(d,s,l) bcopy((s), (d), (l)) 00183 #endif 00184 00185 00186 /*** THE SIX LOGICAL FUNCTIONS ****************************************/ 00187 /* 00188 * Bit shifting and rotation (used by the six SHA-XYZ logical functions: 00189 * 00190 * NOTE: The naming of R and S appears backwards here (R is a SHIFT and 00191 * S is a ROTATION) because the SHA-256/384/512 description document 00192 * (see http://csrc.nist.gov/cryptval/shs/sha256-384-512.pdf) uses this 00193 * same "backwards" definition. 00194 */ 00195 /* Shift-right (used in SHA-256, SHA-384, and SHA-512): */ 00196 #define R(b,x) ((x) >> (b)) 00197 /* 32-bit Rotate-right (used in SHA-256): */ 00198 #define S32(b,x) (((x) >> (b)) | ((x) << (32 - (b)))) 00199 /* 64-bit Rotate-right (used in SHA-384 and SHA-512): */ 00200 #define S64(b,x) (((x) >> (b)) | ((x) << (64 - (b)))) 00201 00202 /* Two of six logical functions used in SHA-256, SHA-384, and SHA-512: */ 00203 #define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z))) 00204 #define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) 00205 00206 /* Four of six logical functions used in SHA-256: */ 00207 #define Sigma0_256(x) (S32(2, (x)) ^ S32(13, (x)) ^ S32(22, (x))) 00208 #define Sigma1_256(x) (S32(6, (x)) ^ S32(11, (x)) ^ S32(25, (x))) 00209 #define sigma0_256(x) (S32(7, (x)) ^ S32(18, (x)) ^ R(3 , (x))) 00210 #define sigma1_256(x) (S32(17, (x)) ^ S32(19, (x)) ^ R(10, (x))) 00211 00212 /* Four of six logical functions used in SHA-384 and SHA-512: */ 00213 #define Sigma0_512(x) (S64(28, (x)) ^ S64(34, (x)) ^ S64(39, (x))) 00214 #define Sigma1_512(x) (S64(14, (x)) ^ S64(18, (x)) ^ S64(41, (x))) 00215 #define sigma0_512(x) (S64( 1, (x)) ^ S64( 8, (x)) ^ R( 7, (x))) 00216 #define sigma1_512(x) (S64(19, (x)) ^ S64(61, (x)) ^ R( 6, (x))) 00217 00218 /*** INTERNAL FUNCTION PROTOTYPES *************************************/ 00219 /* NOTE: These should not be accessed directly from outside this 00220 * library -- they are intended for private internal visibility/use 00221 * only. 00222 */ 00223 static void SHA512_Last(SHA512_CTX*); 00224 static void SHA256_Transform(SHA256_CTX*, const sha2_word32*); 00225 static void SHA512_Transform(SHA512_CTX*, const sha2_word64*); 00226 00227 00228 /*** SHA-XYZ INITIAL HASH VALUES AND CONSTANTS ************************/ 00229 /* Hash constant words K for SHA-256: */ 00230 const static sha2_word32 K256[64] = { 00231 0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL, 00232 0x3956c25bUL, 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL, 00233 0xd807aa98UL, 0x12835b01UL, 0x243185beUL, 0x550c7dc3UL, 00234 0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL, 0xc19bf174UL, 00235 0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL, 00236 0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL, 00237 0x983e5152UL, 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL, 00238 0xc6e00bf3UL, 0xd5a79147UL, 0x06ca6351UL, 0x14292967UL, 00239 0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL, 0x53380d13UL, 00240 0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL, 00241 0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL, 00242 0xd192e819UL, 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL, 00243 0x19a4c116UL, 0x1e376c08UL, 0x2748774cUL, 0x34b0bcb5UL, 00244 0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL, 0x682e6ff3UL, 00245 0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL, 00246 0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL 00247 }; 00248 00249 /* Initial hash value H for SHA-256: */ 00250 const static sha2_word32 sha256_initial_hash_value[8] = { 00251 0x6a09e667UL, 00252 0xbb67ae85UL, 00253 0x3c6ef372UL, 00254 0xa54ff53aUL, 00255 0x510e527fUL, 00256 0x9b05688cUL, 00257 0x1f83d9abUL, 00258 0x5be0cd19UL 00259 }; 00260 00261 /* Hash constant words K for SHA-384 and SHA-512: */ 00262 const static sha2_word64 K512[80] = { 00263 0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL, 00264 0xb5c0fbcfec4d3b2fULL, 0xe9b5dba58189dbbcULL, 00265 0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL, 00266 0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL, 00267 0xd807aa98a3030242ULL, 0x12835b0145706fbeULL, 00268 0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL, 00269 0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL, 00270 0x9bdc06a725c71235ULL, 0xc19bf174cf692694ULL, 00271 0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL, 00272 0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL, 00273 0x2de92c6f592b0275ULL, 0x4a7484aa6ea6e483ULL, 00274 0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL, 00275 0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL, 00276 0xb00327c898fb213fULL, 0xbf597fc7beef0ee4ULL, 00277 0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL, 00278 0x06ca6351e003826fULL, 0x142929670a0e6e70ULL, 00279 0x27b70a8546d22ffcULL, 0x2e1b21385c26c926ULL, 00280 0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL, 00281 0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL, 00282 0x81c2c92e47edaee6ULL, 0x92722c851482353bULL, 00283 0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL, 00284 0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL, 00285 0xd192e819d6ef5218ULL, 0xd69906245565a910ULL, 00286 0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL, 00287 0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL, 00288 0x2748774cdf8eeb99ULL, 0x34b0bcb5e19b48a8ULL, 00289 0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL, 00290 0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL, 00291 0x748f82ee5defb2fcULL, 0x78a5636f43172f60ULL, 00292 0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL, 00293 0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL, 00294 0xbef9a3f7b2c67915ULL, 0xc67178f2e372532bULL, 00295 0xca273eceea26619cULL, 0xd186b8c721c0c207ULL, 00296 0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL, 00297 0x06f067aa72176fbaULL, 0x0a637dc5a2c898a6ULL, 00298 0x113f9804bef90daeULL, 0x1b710b35131c471bULL, 00299 0x28db77f523047d84ULL, 0x32caab7b40c72493ULL, 00300 0x3c9ebe0a15c9bebcULL, 0x431d67c49c100d4cULL, 00301 0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL, 00302 0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL 00303 }; 00304 00305 /* Initial hash value H for SHA-384 */ 00306 const static sha2_word64 sha384_initial_hash_value[8] = { 00307 0xcbbb9d5dc1059ed8ULL, 00308 0x629a292a367cd507ULL, 00309 0x9159015a3070dd17ULL, 00310 0x152fecd8f70e5939ULL, 00311 0x67332667ffc00b31ULL, 00312 0x8eb44a8768581511ULL, 00313 0xdb0c2e0d64f98fa7ULL, 00314 0x47b5481dbefa4fa4ULL 00315 }; 00316 00317 /* Initial hash value H for SHA-512 */ 00318 const static sha2_word64 sha512_initial_hash_value[8] = { 00319 0x6a09e667f3bcc908ULL, 00320 0xbb67ae8584caa73bULL, 00321 0x3c6ef372fe94f82bULL, 00322 0xa54ff53a5f1d36f1ULL, 00323 0x510e527fade682d1ULL, 00324 0x9b05688c2b3e6c1fULL, 00325 0x1f83d9abfb41bd6bULL, 00326 0x5be0cd19137e2179ULL 00327 }; 00328 00329 /* 00330 * Constant used by SHA256/384/512_End() functions for converting the 00331 * digest to a readable hexadecimal character string: 00332 */ 00333 static const char *sha2_hex_digits = "0123456789abcdef"; 00334 00335 00336 /*** SHA-256: *********************************************************/ 00337 void sat_SHA256_Init(SHA256_CTX* context) { 00338 if (context == (SHA256_CTX*)0) { 00339 return; 00340 } 00341 MEMCPY_BCOPY(context->state, sha256_initial_hash_value, SHA256_DIGEST_LENGTH); 00342 MEMSET_BZERO(context->buffer, SHA256_BLOCK_LENGTH); 00343 context->bitcount = 0; 00344 } 00345 00346 #ifdef SHA2_UNROLL_TRANSFORM 00347 00348 /* Unrolled SHA-256 round macros: */ 00349 00350 #if __BYTE_ORDER == __LITTLE_ENDIAN 00351 00352 #define ROUND256_0_TO_15(a,b,c,d,e,f,g,h) \ 00353 REVERSE32(*data++, W256[j]); \ 00354 T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + \ 00355 K256[j] + W256[j]; \ 00356 (d) += T1; \ 00357 (h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \ 00358 j++ 00359 00360 00361 #else /* __BYTE_ORDER == __LITTLE_ENDIAN */ 00362 00363 #define ROUND256_0_TO_15(a,b,c,d,e,f,g,h) \ 00364 T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + \ 00365 K256[j] + (W256[j] = *data++); \ 00366 (d) += T1; \ 00367 (h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \ 00368 j++ 00369 00370 #endif /* __BYTE_ORDER == __LITTLE_ENDIAN */ 00371 00372 #define ROUND256(a,b,c,d,e,f,g,h) \ 00373 s0 = W256[(j+1)&0x0f]; \ 00374 s0 = sigma0_256(s0); \ 00375 s1 = W256[(j+14)&0x0f]; \ 00376 s1 = sigma1_256(s1); \ 00377 T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + K256[j] + \ 00378 (W256[j&0x0f] += s1 + W256[(j+9)&0x0f] + s0); \ 00379 (d) += T1; \ 00380 (h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \ 00381 j++ 00382 00383 static void SHA256_Transform(SHA256_CTX* context, const sha2_word32* data) { 00384 sha2_word32 a, b, c, d, e, f, g, h, s0, s1; 00385 sha2_word32 T1, *W256; 00386 int j; 00387 00388 W256 = (sha2_word32*)context->buffer; 00389 00390 /* Initialize registers with the prev. intermediate value */ 00391 a = context->state[0]; 00392 b = context->state[1]; 00393 c = context->state[2]; 00394 d = context->state[3]; 00395 e = context->state[4]; 00396 f = context->state[5]; 00397 g = context->state[6]; 00398 h = context->state[7]; 00399 00400 j = 0; 00401 do { 00402 /* Rounds 0 to 15 (unrolled): */ 00403 ROUND256_0_TO_15(a,b,c,d,e,f,g,h); 00404 ROUND256_0_TO_15(h,a,b,c,d,e,f,g); 00405 ROUND256_0_TO_15(g,h,a,b,c,d,e,f); 00406 ROUND256_0_TO_15(f,g,h,a,b,c,d,e); 00407 ROUND256_0_TO_15(e,f,g,h,a,b,c,d); 00408 ROUND256_0_TO_15(d,e,f,g,h,a,b,c); 00409 ROUND256_0_TO_15(c,d,e,f,g,h,a,b); 00410 ROUND256_0_TO_15(b,c,d,e,f,g,h,a); 00411 } while (j < 16); 00412 00413 /* Now for the remaining rounds to 64: */ 00414 do { 00415 ROUND256(a,b,c,d,e,f,g,h); 00416 ROUND256(h,a,b,c,d,e,f,g); 00417 ROUND256(g,h,a,b,c,d,e,f); 00418 ROUND256(f,g,h,a,b,c,d,e); 00419 ROUND256(e,f,g,h,a,b,c,d); 00420 ROUND256(d,e,f,g,h,a,b,c); 00421 ROUND256(c,d,e,f,g,h,a,b); 00422 ROUND256(b,c,d,e,f,g,h,a); 00423 } while (j < 64); 00424 00425 /* Compute the current intermediate hash value */ 00426 context->state[0] += a; 00427 context->state[1] += b; 00428 context->state[2] += c; 00429 context->state[3] += d; 00430 context->state[4] += e; 00431 context->state[5] += f; 00432 context->state[6] += g; 00433 context->state[7] += h; 00434 00435 /* Clean up */ 00436 a = b = c = d = e = f = g = h = T1 = 0; 00437 } 00438 00439 #else /* SHA2_UNROLL_TRANSFORM */ 00440 00441 static void SHA256_Transform(SHA256_CTX* context, const sha2_word32* data) { 00442 sha2_word32 a, b, c, d, e, f, g, h, s0, s1; 00443 sha2_word32 T1, T2, *W256; 00444 int j; 00445 00446 W256 = (sha2_word32*)context->buffer; 00447 00448 /* Initialize registers with the prev. intermediate value */ 00449 a = context->state[0]; 00450 b = context->state[1]; 00451 c = context->state[2]; 00452 d = context->state[3]; 00453 e = context->state[4]; 00454 f = context->state[5]; 00455 g = context->state[6]; 00456 h = context->state[7]; 00457 00458 j = 0; 00459 do { 00460 #if __BYTE_ORDER == __LITTLE_ENDIAN 00461 /* Copy data while converting to host byte order */ 00462 REVERSE32(*data++,W256[j]); 00463 /* Apply the SHA-256 compression function to update a..h */ 00464 T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + W256[j]; 00465 #else /* __BYTE_ORDER == __LITTLE_ENDIAN */ 00466 /* Apply the SHA-256 compression function to update a..h with copy */ 00467 T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + (W256[j] = *data++); 00468 #endif /* __BYTE_ORDER == __LITTLE_ENDIAN */ 00469 T2 = Sigma0_256(a) + Maj(a, b, c); 00470 h = g; 00471 g = f; 00472 f = e; 00473 e = d + T1; 00474 d = c; 00475 c = b; 00476 b = a; 00477 a = T1 + T2; 00478 00479 j++; 00480 } while (j < 16); 00481 00482 do { 00483 /* Part of the message block expansion: */ 00484 s0 = W256[(j+1)&0x0f]; 00485 s0 = sigma0_256(s0); 00486 s1 = W256[(j+14)&0x0f]; 00487 s1 = sigma1_256(s1); 00488 00489 /* Apply the SHA-256 compression function to update a..h */ 00490 T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + 00491 (W256[j&0x0f] += s1 + W256[(j+9)&0x0f] + s0); 00492 T2 = Sigma0_256(a) + Maj(a, b, c); 00493 h = g; 00494 g = f; 00495 f = e; 00496 e = d + T1; 00497 d = c; 00498 c = b; 00499 b = a; 00500 a = T1 + T2; 00501 00502 j++; 00503 } while (j < 64); 00504 00505 /* Compute the current intermediate hash value */ 00506 context->state[0] += a; 00507 context->state[1] += b; 00508 context->state[2] += c; 00509 context->state[3] += d; 00510 context->state[4] += e; 00511 context->state[5] += f; 00512 context->state[6] += g; 00513 context->state[7] += h; 00514 00515 /* Clean up */ 00516 a = b = c = d = e = f = g = h = T1 = T2 = 0; 00517 } 00518 00519 #endif /* SHA2_UNROLL_TRANSFORM */ 00520 00521 void sat_SHA256_Update(SHA256_CTX* context, const sha2_byte *data, size_t len) { 00522 unsigned int freespace, usedspace; 00523 00524 if (len == 0) { 00525 /* Calling with no data is valid - we do nothing */ 00526 return; 00527 } 00528 00529 /* Sanity check: */ 00530 /* assert(context != (SHA256_CTX*)0 && data != (sha2_byte*)0); */ 00531 00532 usedspace = (context->bitcount >> 3) % SHA256_BLOCK_LENGTH; 00533 if (usedspace > 0) { 00534 /* Calculate how much free space is available in the buffer */ 00535 freespace = SHA256_BLOCK_LENGTH - usedspace; 00536 00537 if (len >= freespace) { 00538 /* Fill the buffer completely and process it */ 00539 MEMCPY_BCOPY(&context->buffer[usedspace], data, freespace); 00540 context->bitcount += freespace << 3; 00541 len -= freespace; 00542 data += freespace; 00543 SHA256_Transform(context, (sha2_word32*)context->buffer); 00544 } else { 00545 /* The buffer is not yet full */ 00546 MEMCPY_BCOPY(&context->buffer[usedspace], data, len); 00547 context->bitcount += len << 3; 00548 /* Clean up: */ 00549 usedspace = freespace = 0; 00550 return; 00551 } 00552 } 00553 while (len >= SHA256_BLOCK_LENGTH) { 00554 /* Process as many complete blocks as we can */ 00555 SHA256_Transform(context, (sha2_word32*)data); 00556 context->bitcount += SHA256_BLOCK_LENGTH << 3; 00557 len -= SHA256_BLOCK_LENGTH; 00558 data += SHA256_BLOCK_LENGTH; 00559 } 00560 if (len > 0) { 00561 /* There's left-overs, so save 'em */ 00562 MEMCPY_BCOPY(context->buffer, data, len); 00563 context->bitcount += len << 3; 00564 } 00565 /* Clean up: */ 00566 usedspace = freespace = 0; 00567 } 00568 00569 void sat_SHA256_Final(sha2_byte digest[], SHA256_CTX* context) { 00570 sha2_word32 *d = (sha2_word32*)digest; 00571 unsigned int usedspace; 00572 00573 /* Sanity check: */ 00574 /* assert(context != (SHA256_CTX*)0); */ 00575 00576 /* If no digest buffer is passed, we don't bother doing this: */ 00577 if (digest != (sha2_byte*)0) { 00578 usedspace = (context->bitcount >> 3) % SHA256_BLOCK_LENGTH; 00579 #if __BYTE_ORDER == __LITTLE_ENDIAN 00580 /* Convert FROM host byte order */ 00581 REVERSE64(context->bitcount,context->bitcount); 00582 #endif 00583 if (usedspace > 0) { 00584 /* Begin padding with a 1 bit: */ 00585 context->buffer[usedspace++] = 0x80; 00586 00587 if (usedspace <= SHA256_SHORT_BLOCK_LENGTH) { 00588 /* Set-up for the last transform: */ 00589 MEMSET_BZERO(&context->buffer[usedspace], SHA256_SHORT_BLOCK_LENGTH - usedspace); 00590 } else { 00591 if (usedspace < SHA256_BLOCK_LENGTH) { 00592 MEMSET_BZERO(&context->buffer[usedspace], SHA256_BLOCK_LENGTH - usedspace); 00593 } 00594 /* Do second-to-last transform: */ 00595 SHA256_Transform(context, (sha2_word32*)context->buffer); 00596 00597 /* And set-up for the last transform: */ 00598 MEMSET_BZERO(context->buffer, SHA256_SHORT_BLOCK_LENGTH); 00599 } 00600 } else { 00601 /* Set-up for the last transform: */ 00602 MEMSET_BZERO(context->buffer, SHA256_SHORT_BLOCK_LENGTH); 00603 00604 /* Begin padding with a 1 bit: */ 00605 *context->buffer = 0x80; 00606 } 00607 /* Set the bit count: */ 00608 *(sha2_word64*)&context->buffer[SHA256_SHORT_BLOCK_LENGTH] = context->bitcount; 00609 00610 /* Final transform: */ 00611 SHA256_Transform(context, (sha2_word32*)context->buffer); 00612 00613 #if __BYTE_ORDER == __LITTLE_ENDIAN 00614 { 00615 /* Convert TO host byte order */ 00616 int j; 00617 for (j = 0; j < 8; j++) { 00618 REVERSE32(context->state[j],context->state[j]); 00619 *d++ = context->state[j]; 00620 } 00621 } 00622 #else 00623 MEMCPY_BCOPY(d, context->state, SHA256_DIGEST_LENGTH); 00624 #endif 00625 } 00626 00627 /* Clean up state data: */ 00628 MEMSET_BZERO(context, sizeof(context)); 00629 usedspace = 0; 00630 } 00631 00632 char *sat_SHA256_End(SHA256_CTX* context, char buffer[]) { 00633 sha2_byte digest[SHA256_DIGEST_LENGTH], *d = digest; 00634 int i; 00635 00636 /* Sanity check: */ 00637 /* assert(context != (SHA256_CTX*)0); */ 00638 00639 if (buffer != (char*)0) { 00640 sat_SHA256_Final(digest, context); 00641 00642 for (i = 0; i < SHA256_DIGEST_LENGTH; i++) { 00643 *buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4]; 00644 *buffer++ = sha2_hex_digits[*d & 0x0f]; 00645 d++; 00646 } 00647 *buffer = (char)0; 00648 } else { 00649 MEMSET_BZERO(context, sizeof(context)); 00650 } 00651 MEMSET_BZERO(digest, SHA256_DIGEST_LENGTH); 00652 return buffer; 00653 } 00654 00655 char* sat_SHA256_Data(const sha2_byte* data, size_t len, char digest[SHA256_DIGEST_STRING_LENGTH]) { 00656 SHA256_CTX context; 00657 00658 sat_SHA256_Init(&context); 00659 sat_SHA256_Update(&context, data, len); 00660 return sat_SHA256_End(&context, digest); 00661 } 00662 00663 00664 /*** SHA-512: *********************************************************/ 00665 void sat_SHA512_Init(SHA512_CTX* context) { 00666 if (context == (SHA512_CTX*)0) { 00667 return; 00668 } 00669 MEMCPY_BCOPY(context->state, sha512_initial_hash_value, SHA512_DIGEST_LENGTH); 00670 MEMSET_BZERO(context->buffer, SHA512_BLOCK_LENGTH); 00671 context->bitcount[0] = context->bitcount[1] = 0; 00672 } 00673 00674 #ifdef SHA2_UNROLL_TRANSFORM 00675 00676 /* Unrolled SHA-512 round macros: */ 00677 #if __BYTE_ORDER == __LITTLE_ENDIAN 00678 00679 #define ROUND512_0_TO_15(a,b,c,d,e,f,g,h) \ 00680 REVERSE64(*data++, W512[j]); \ 00681 T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + \ 00682 K512[j] + W512[j]; \ 00683 (d) += T1, \ 00684 (h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)), \ 00685 j++ 00686 00687 00688 #else /* __BYTE_ORDER == __LITTLE_ENDIAN */ 00689 00690 #define ROUND512_0_TO_15(a,b,c,d,e,f,g,h) \ 00691 T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + \ 00692 K512[j] + (W512[j] = *data++); \ 00693 (d) += T1; \ 00694 (h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)); \ 00695 j++ 00696 00697 #endif /* __BYTE_ORDER == __LITTLE_ENDIAN */ 00698 00699 #define ROUND512(a,b,c,d,e,f,g,h) \ 00700 s0 = W512[(j+1)&0x0f]; \ 00701 s0 = sigma0_512(s0); \ 00702 s1 = W512[(j+14)&0x0f]; \ 00703 s1 = sigma1_512(s1); \ 00704 T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + K512[j] + \ 00705 (W512[j&0x0f] += s1 + W512[(j+9)&0x0f] + s0); \ 00706 (d) += T1; \ 00707 (h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)); \ 00708 j++ 00709 00710 static void SHA512_Transform(SHA512_CTX* context, const sha2_word64* data) { 00711 sha2_word64 a, b, c, d, e, f, g, h, s0, s1; 00712 sha2_word64 T1, *W512 = (sha2_word64*)context->buffer; 00713 int j; 00714 00715 /* Initialize registers with the prev. intermediate value */ 00716 a = context->state[0]; 00717 b = context->state[1]; 00718 c = context->state[2]; 00719 d = context->state[3]; 00720 e = context->state[4]; 00721 f = context->state[5]; 00722 g = context->state[6]; 00723 h = context->state[7]; 00724 00725 j = 0; 00726 do { 00727 ROUND512_0_TO_15(a,b,c,d,e,f,g,h); 00728 ROUND512_0_TO_15(h,a,b,c,d,e,f,g); 00729 ROUND512_0_TO_15(g,h,a,b,c,d,e,f); 00730 ROUND512_0_TO_15(f,g,h,a,b,c,d,e); 00731 ROUND512_0_TO_15(e,f,g,h,a,b,c,d); 00732 ROUND512_0_TO_15(d,e,f,g,h,a,b,c); 00733 ROUND512_0_TO_15(c,d,e,f,g,h,a,b); 00734 ROUND512_0_TO_15(b,c,d,e,f,g,h,a); 00735 } while (j < 16); 00736 00737 /* Now for the remaining rounds up to 79: */ 00738 do { 00739 ROUND512(a,b,c,d,e,f,g,h); 00740 ROUND512(h,a,b,c,d,e,f,g); 00741 ROUND512(g,h,a,b,c,d,e,f); 00742 ROUND512(f,g,h,a,b,c,d,e); 00743 ROUND512(e,f,g,h,a,b,c,d); 00744 ROUND512(d,e,f,g,h,a,b,c); 00745 ROUND512(c,d,e,f,g,h,a,b); 00746 ROUND512(b,c,d,e,f,g,h,a); 00747 } while (j < 80); 00748 00749 /* Compute the current intermediate hash value */ 00750 context->state[0] += a; 00751 context->state[1] += b; 00752 context->state[2] += c; 00753 context->state[3] += d; 00754 context->state[4] += e; 00755 context->state[5] += f; 00756 context->state[6] += g; 00757 context->state[7] += h; 00758 00759 /* Clean up */ 00760 a = b = c = d = e = f = g = h = T1 = 0; 00761 } 00762 00763 #else /* SHA2_UNROLL_TRANSFORM */ 00764 00765 static void SHA512_Transform(SHA512_CTX* context, const sha2_word64* data) { 00766 sha2_word64 a, b, c, d, e, f, g, h, s0, s1; 00767 sha2_word64 T1, T2, *W512 = (sha2_word64*)context->buffer; 00768 int j; 00769 00770 /* Initialize registers with the prev. intermediate value */ 00771 a = context->state[0]; 00772 b = context->state[1]; 00773 c = context->state[2]; 00774 d = context->state[3]; 00775 e = context->state[4]; 00776 f = context->state[5]; 00777 g = context->state[6]; 00778 h = context->state[7]; 00779 00780 j = 0; 00781 do { 00782 #if __BYTE_ORDER == __LITTLE_ENDIAN 00783 /* Convert TO host byte order */ 00784 REVERSE64(*data++, W512[j]); 00785 /* Apply the SHA-512 compression function to update a..h */ 00786 T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + W512[j]; 00787 #else /* __BYTE_ORDER == __LITTLE_ENDIAN */ 00788 /* Apply the SHA-512 compression function to update a..h with copy */ 00789 T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + (W512[j] = *data++); 00790 #endif /* __BYTE_ORDER == __LITTLE_ENDIAN */ 00791 T2 = Sigma0_512(a) + Maj(a, b, c); 00792 h = g; 00793 g = f; 00794 f = e; 00795 e = d + T1; 00796 d = c; 00797 c = b; 00798 b = a; 00799 a = T1 + T2; 00800 00801 j++; 00802 } while (j < 16); 00803 00804 do { 00805 /* Part of the message block expansion: */ 00806 s0 = W512[(j+1)&0x0f]; 00807 s0 = sigma0_512(s0); 00808 s1 = W512[(j+14)&0x0f]; 00809 s1 = sigma1_512(s1); 00810 00811 /* Apply the SHA-512 compression function to update a..h */ 00812 T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + 00813 (W512[j&0x0f] += s1 + W512[(j+9)&0x0f] + s0); 00814 T2 = Sigma0_512(a) + Maj(a, b, c); 00815 h = g; 00816 g = f; 00817 f = e; 00818 e = d + T1; 00819 d = c; 00820 c = b; 00821 b = a; 00822 a = T1 + T2; 00823 00824 j++; 00825 } while (j < 80); 00826 00827 /* Compute the current intermediate hash value */ 00828 context->state[0] += a; 00829 context->state[1] += b; 00830 context->state[2] += c; 00831 context->state[3] += d; 00832 context->state[4] += e; 00833 context->state[5] += f; 00834 context->state[6] += g; 00835 context->state[7] += h; 00836 00837 /* Clean up */ 00838 a = b = c = d = e = f = g = h = T1 = T2 = 0; 00839 } 00840 00841 #endif /* SHA2_UNROLL_TRANSFORM */ 00842 00843 void sat_SHA512_Update(SHA512_CTX* context, const sha2_byte *data, size_t len) { 00844 unsigned int freespace, usedspace; 00845 00846 if (len == 0) { 00847 /* Calling with no data is valid - we do nothing */ 00848 return; 00849 } 00850 00851 /* Sanity check: */ 00852 /* assert(context != (SHA512_CTX*)0 && data != (sha2_byte*)0); */ 00853 00854 usedspace = (context->bitcount[0] >> 3) % SHA512_BLOCK_LENGTH; 00855 if (usedspace > 0) { 00856 /* Calculate how much free space is available in the buffer */ 00857 freespace = SHA512_BLOCK_LENGTH - usedspace; 00858 00859 if (len >= freespace) { 00860 /* Fill the buffer completely and process it */ 00861 MEMCPY_BCOPY(&context->buffer[usedspace], data, freespace); 00862 ADDINC128(context->bitcount, freespace << 3); 00863 len -= freespace; 00864 data += freespace; 00865 SHA512_Transform(context, (sha2_word64*)context->buffer); 00866 } else { 00867 /* The buffer is not yet full */ 00868 MEMCPY_BCOPY(&context->buffer[usedspace], data, len); 00869 ADDINC128(context->bitcount, len << 3); 00870 /* Clean up: */ 00871 usedspace = freespace = 0; 00872 return; 00873 } 00874 } 00875 while (len >= SHA512_BLOCK_LENGTH) { 00876 /* Process as many complete blocks as we can */ 00877 SHA512_Transform(context, (sha2_word64*)data); 00878 ADDINC128(context->bitcount, SHA512_BLOCK_LENGTH << 3); 00879 len -= SHA512_BLOCK_LENGTH; 00880 data += SHA512_BLOCK_LENGTH; 00881 } 00882 if (len > 0) { 00883 /* There's left-overs, so save 'em */ 00884 MEMCPY_BCOPY(context->buffer, data, len); 00885 ADDINC128(context->bitcount, len << 3); 00886 } 00887 /* Clean up: */ 00888 usedspace = freespace = 0; 00889 } 00890 00891 static void SHA512_Last(SHA512_CTX* context) { 00892 unsigned int usedspace; 00893 00894 usedspace = (context->bitcount[0] >> 3) % SHA512_BLOCK_LENGTH; 00895 #if __BYTE_ORDER == __LITTLE_ENDIAN 00896 /* Convert FROM host byte order */ 00897 REVERSE64(context->bitcount[0],context->bitcount[0]); 00898 REVERSE64(context->bitcount[1],context->bitcount[1]); 00899 #endif 00900 if (usedspace > 0) { 00901 /* Begin padding with a 1 bit: */ 00902 context->buffer[usedspace++] = 0x80; 00903 00904 if (usedspace <= SHA512_SHORT_BLOCK_LENGTH) { 00905 /* Set-up for the last transform: */ 00906 MEMSET_BZERO(&context->buffer[usedspace], SHA512_SHORT_BLOCK_LENGTH - usedspace); 00907 } else { 00908 if (usedspace < SHA512_BLOCK_LENGTH) { 00909 MEMSET_BZERO(&context->buffer[usedspace], SHA512_BLOCK_LENGTH - usedspace); 00910 } 00911 /* Do second-to-last transform: */ 00912 SHA512_Transform(context, (sha2_word64*)context->buffer); 00913 00914 /* And set-up for the last transform: */ 00915 MEMSET_BZERO(context->buffer, SHA512_BLOCK_LENGTH - 2); 00916 } 00917 } else { 00918 /* Prepare for final transform: */ 00919 MEMSET_BZERO(context->buffer, SHA512_SHORT_BLOCK_LENGTH); 00920 00921 /* Begin padding with a 1 bit: */ 00922 *context->buffer = 0x80; 00923 } 00924 /* Store the length of input data (in bits): */ 00925 *(sha2_word64*)&context->buffer[SHA512_SHORT_BLOCK_LENGTH] = context->bitcount[1]; 00926 *(sha2_word64*)&context->buffer[SHA512_SHORT_BLOCK_LENGTH+8] = context->bitcount[0]; 00927 00928 /* Final transform: */ 00929 SHA512_Transform(context, (sha2_word64*)context->buffer); 00930 } 00931 00932 void sat_SHA512_Final(sha2_byte digest[], SHA512_CTX* context) { 00933 sha2_word64 *d = (sha2_word64*)digest; 00934 00935 /* Sanity check: */ 00936 /* assert(context != (SHA512_CTX*)0); */ 00937 00938 /* If no digest buffer is passed, we don't bother doing this: */ 00939 if (digest != (sha2_byte*)0) { 00940 SHA512_Last(context); 00941 00942 /* Save the hash data for output: */ 00943 #if __BYTE_ORDER == __LITTLE_ENDIAN 00944 { 00945 /* Convert TO host byte order */ 00946 int j; 00947 for (j = 0; j < 8; j++) { 00948 REVERSE64(context->state[j],context->state[j]); 00949 *d++ = context->state[j]; 00950 } 00951 } 00952 #else 00953 MEMCPY_BCOPY(d, context->state, SHA512_DIGEST_LENGTH); 00954 #endif 00955 } 00956 00957 /* Zero out state data */ 00958 MEMSET_BZERO(context, sizeof(context)); 00959 } 00960 00961 char *sat_SHA512_End(SHA512_CTX* context, char buffer[]) { 00962 sha2_byte digest[SHA512_DIGEST_LENGTH], *d = digest; 00963 int i; 00964 00965 /* Sanity check: */ 00966 /* assert(context != (SHA512_CTX*)0); */ 00967 00968 if (buffer != (char*)0) { 00969 sat_SHA512_Final(digest, context); 00970 00971 for (i = 0; i < SHA512_DIGEST_LENGTH; i++) { 00972 *buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4]; 00973 *buffer++ = sha2_hex_digits[*d & 0x0f]; 00974 d++; 00975 } 00976 *buffer = (char)0; 00977 } else { 00978 MEMSET_BZERO(context, sizeof(context)); 00979 } 00980 MEMSET_BZERO(digest, SHA512_DIGEST_LENGTH); 00981 return buffer; 00982 } 00983 00984 char* sat_SHA512_Data(const sha2_byte* data, size_t len, char digest[SHA512_DIGEST_STRING_LENGTH]) { 00985 SHA512_CTX context; 00986 00987 sat_SHA512_Init(&context); 00988 sat_SHA512_Update(&context, data, len); 00989 return sat_SHA512_End(&context, digest); 00990 } 00991 00992 00993 /*** SHA-384: *********************************************************/ 00994 void sat_SHA384_Init(SHA384_CTX* context) { 00995 if (context == (SHA384_CTX*)0) { 00996 return; 00997 } 00998 MEMCPY_BCOPY(context->state, sha384_initial_hash_value, SHA512_DIGEST_LENGTH); 00999 MEMSET_BZERO(context->buffer, SHA384_BLOCK_LENGTH); 01000 context->bitcount[0] = context->bitcount[1] = 0; 01001 } 01002 01003 void sat_SHA384_Update(SHA384_CTX* context, const sha2_byte* data, size_t len) { 01004 sat_SHA512_Update((SHA512_CTX*)context, data, len); 01005 } 01006 01007 void sat_SHA384_Final(sha2_byte digest[], SHA384_CTX* context) { 01008 sha2_word64 *d = (sha2_word64*)digest; 01009 01010 /* Sanity check: */ 01011 /* assert(context != (SHA384_CTX*)0); */ 01012 01013 /* If no digest buffer is passed, we don't bother doing this: */ 01014 if (digest != (sha2_byte*)0) { 01015 SHA512_Last((SHA512_CTX*)context); 01016 01017 /* Save the hash data for output: */ 01018 #if __BYTE_ORDER == __LITTLE_ENDIAN 01019 { 01020 /* Convert TO host byte order */ 01021 int j; 01022 for (j = 0; j < 6; j++) { 01023 REVERSE64(context->state[j],context->state[j]); 01024 *d++ = context->state[j]; 01025 } 01026 } 01027 #else 01028 MEMCPY_BCOPY(d, context->state, SHA384_DIGEST_LENGTH); 01029 #endif 01030 } 01031 01032 /* Zero out state data */ 01033 MEMSET_BZERO(context, sizeof(context)); 01034 } 01035 01036 char *sat_SHA384_End(SHA384_CTX* context, char buffer[]) { 01037 sha2_byte digest[SHA384_DIGEST_LENGTH], *d = digest; 01038 int i; 01039 01040 /* Sanity check: */ 01041 /* assert(context != (SHA384_CTX*)0); */ 01042 01043 if (buffer != (char*)0) { 01044 sat_SHA384_Final(digest, context); 01045 01046 for (i = 0; i < SHA384_DIGEST_LENGTH; i++) { 01047 *buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4]; 01048 *buffer++ = sha2_hex_digits[*d & 0x0f]; 01049 d++; 01050 } 01051 *buffer = (char)0; 01052 } else { 01053 MEMSET_BZERO(context, sizeof(context)); 01054 } 01055 MEMSET_BZERO(digest, SHA384_DIGEST_LENGTH); 01056 return buffer; 01057 } 01058 01059 char* sat_SHA384_Data(const sha2_byte* data, size_t len, char digest[SHA384_DIGEST_STRING_LENGTH]) { 01060 SHA384_CTX context; 01061 01062 sat_SHA384_Init(&context); 01063 sat_SHA384_Update(&context, data, len); 01064 return sat_SHA384_End(&context, digest); 01065 }