1 /* $NetBSD: sha2.c,v 1.10 2015/07/08 17:28:59 christos Exp $ */
2
3 /*
4 * Copyright (C) 2005-2007, 2009, 2011, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
5 *
6 * Permission to use, copy, modify, and/or distribute this software for any
7 * purpose with or without fee is hereby granted, provided that the above
8 * copyright notice and this permission notice appear in all copies.
9 *
10 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
11 * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
12 * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
13 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
14 * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
15 * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
16 * PERFORMANCE OF THIS SOFTWARE.
17 */
18
19 /* Id */
20
21 /* $FreeBSD: src/sys/crypto/sha2/sha2.c,v 1.2.2.2 2002/03/05 08:36:47 ume Exp $ */
22 /* $KAME: sha2.c,v 1.8 2001/11/08 01:07:52 itojun Exp $ */
23
24 /*
25 * sha2.c
26 *
27 * Version 1.0.0beta1
28 *
29 * Written by Aaron D. Gifford <me@aarongifford.com>
30 *
31 * Copyright 2000 Aaron D. Gifford. All rights reserved.
32 *
33 * Redistribution and use in source and binary forms, with or without
34 * modification, are permitted provided that the following conditions
35 * are met:
36 * 1. Redistributions of source code must retain the above copyright
37 * notice, this list of conditions and the following disclaimer.
38 * 2. Redistributions in binary form must reproduce the above copyright
39 * notice, this list of conditions and the following disclaimer in the
40 * documentation and/or other materials provided with the distribution.
41 * 3. Neither the name of the copyright holder nor the names of contributors
42 * may be used to endorse or promote products derived from this software
43 * without specific prior written permission.
44 *
45 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) AND CONTRIBUTOR(S) ``AS IS'' AND
46 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
47 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
48 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR(S) OR CONTRIBUTOR(S) BE LIABLE
49 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
50 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
51 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
52 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
53 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
54 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
55 * SUCH DAMAGE.
56 *
57 */
58
59
60 #include <config.h>
61
62 #include <isc/assertions.h>
63 #include <isc/platform.h>
64 #include <isc/sha2.h>
65 #include <isc/string.h>
66 #include <isc/util.h>
67
68 #if PKCS11CRYPTO
69 #include <pk11/internal.h>
70 #include <pk11/pk11.h>
71 #endif
72
73 #ifdef ISC_PLATFORM_OPENSSLHASH
74
75 void
isc_sha224_init(isc_sha224_t * context)76 isc_sha224_init(isc_sha224_t *context) {
77 if (context == (isc_sha224_t *)0) {
78 return;
79 }
80 RUNTIME_CHECK(EVP_DigestInit(context, EVP_sha224()) == 1);
81 }
82
83 void
isc_sha224_invalidate(isc_sha224_t * context)84 isc_sha224_invalidate(isc_sha224_t *context) {
85 EVP_MD_CTX_cleanup(context);
86 }
87
88 void
isc_sha224_update(isc_sha224_t * context,const isc_uint8_t * data,size_t len)89 isc_sha224_update(isc_sha224_t *context, const isc_uint8_t* data, size_t len) {
90 if (len == 0U) {
91 /* Calling with no data is valid - we do nothing */
92 return;
93 }
94
95 /* Sanity check: */
96 REQUIRE(context != (isc_sha224_t *)0 && data != (isc_uint8_t*)0);
97
98 RUNTIME_CHECK(EVP_DigestUpdate(context,
99 (const void *) data, len) == 1);
100 }
101
102 void
isc_sha224_final(isc_uint8_t digest[],isc_sha224_t * context)103 isc_sha224_final(isc_uint8_t digest[], isc_sha224_t *context) {
104 /* Sanity check: */
105 REQUIRE(context != (isc_sha224_t *)0);
106
107 /* If no digest buffer is passed, we don't bother doing this: */
108 if (digest != (isc_uint8_t*)0) {
109 RUNTIME_CHECK(EVP_DigestFinal(context, digest, NULL) == 1);
110 } else {
111 EVP_MD_CTX_cleanup(context);
112 }
113 }
114
115 void
isc_sha256_init(isc_sha256_t * context)116 isc_sha256_init(isc_sha256_t *context) {
117 if (context == (isc_sha256_t *)0) {
118 return;
119 }
120 RUNTIME_CHECK(EVP_DigestInit(context, EVP_sha256()) == 1);
121 }
122
123 void
isc_sha256_invalidate(isc_sha256_t * context)124 isc_sha256_invalidate(isc_sha256_t *context) {
125 EVP_MD_CTX_cleanup(context);
126 }
127
128 void
isc_sha256_update(isc_sha256_t * context,const isc_uint8_t * data,size_t len)129 isc_sha256_update(isc_sha256_t *context, const isc_uint8_t *data, size_t len) {
130 if (len == 0U) {
131 /* Calling with no data is valid - we do nothing */
132 return;
133 }
134
135 /* Sanity check: */
136 REQUIRE(context != (isc_sha256_t *)0 && data != (isc_uint8_t*)0);
137
138 RUNTIME_CHECK(EVP_DigestUpdate(context,
139 (const void *) data, len) == 1);
140 }
141
142 void
isc_sha256_final(isc_uint8_t digest[],isc_sha256_t * context)143 isc_sha256_final(isc_uint8_t digest[], isc_sha256_t *context) {
144 /* Sanity check: */
145 REQUIRE(context != (isc_sha256_t *)0);
146
147 /* If no digest buffer is passed, we don't bother doing this: */
148 if (digest != (isc_uint8_t*)0) {
149 RUNTIME_CHECK(EVP_DigestFinal(context, digest, NULL) == 1);
150 } else {
151 EVP_MD_CTX_cleanup(context);
152 }
153 }
154
155 void
isc_sha512_init(isc_sha512_t * context)156 isc_sha512_init(isc_sha512_t *context) {
157 if (context == (isc_sha512_t *)0) {
158 return;
159 }
160 RUNTIME_CHECK(EVP_DigestInit(context, EVP_sha512()) == 1);
161 }
162
163 void
isc_sha512_invalidate(isc_sha512_t * context)164 isc_sha512_invalidate(isc_sha512_t *context) {
165 EVP_MD_CTX_cleanup(context);
166 }
167
isc_sha512_update(isc_sha512_t * context,const isc_uint8_t * data,size_t len)168 void isc_sha512_update(isc_sha512_t *context, const isc_uint8_t *data, size_t len) {
169 if (len == 0U) {
170 /* Calling with no data is valid - we do nothing */
171 return;
172 }
173
174 /* Sanity check: */
175 REQUIRE(context != (isc_sha512_t *)0 && data != (isc_uint8_t*)0);
176
177 RUNTIME_CHECK(EVP_DigestUpdate(context,
178 (const void *) data, len) == 1);
179 }
180
isc_sha512_final(isc_uint8_t digest[],isc_sha512_t * context)181 void isc_sha512_final(isc_uint8_t digest[], isc_sha512_t *context) {
182 /* Sanity check: */
183 REQUIRE(context != (isc_sha512_t *)0);
184
185 /* If no digest buffer is passed, we don't bother doing this: */
186 if (digest != (isc_uint8_t*)0) {
187 RUNTIME_CHECK(EVP_DigestFinal(context, digest, NULL) == 1);
188 } else {
189 EVP_MD_CTX_cleanup(context);
190 }
191 }
192
193 void
isc_sha384_init(isc_sha384_t * context)194 isc_sha384_init(isc_sha384_t *context) {
195 if (context == (isc_sha384_t *)0) {
196 return;
197 }
198 RUNTIME_CHECK(EVP_DigestInit(context, EVP_sha384()) == 1);
199 }
200
201 void
isc_sha384_invalidate(isc_sha384_t * context)202 isc_sha384_invalidate(isc_sha384_t *context) {
203 EVP_MD_CTX_cleanup(context);
204 }
205
206 void
isc_sha384_update(isc_sha384_t * context,const isc_uint8_t * data,size_t len)207 isc_sha384_update(isc_sha384_t *context, const isc_uint8_t* data, size_t len) {
208 if (len == 0U) {
209 /* Calling with no data is valid - we do nothing */
210 return;
211 }
212
213 /* Sanity check: */
214 REQUIRE(context != (isc_sha512_t *)0 && data != (isc_uint8_t*)0);
215
216 RUNTIME_CHECK(EVP_DigestUpdate(context,
217 (const void *) data, len) == 1);
218 }
219
220 void
isc_sha384_final(isc_uint8_t digest[],isc_sha384_t * context)221 isc_sha384_final(isc_uint8_t digest[], isc_sha384_t *context) {
222 /* Sanity check: */
223 REQUIRE(context != (isc_sha384_t *)0);
224
225 /* If no digest buffer is passed, we don't bother doing this: */
226 if (digest != (isc_uint8_t*)0) {
227 RUNTIME_CHECK(EVP_DigestFinal(context, digest, NULL) == 1);
228 } else {
229 EVP_MD_CTX_cleanup(context);
230 }
231 }
232
233 #elif PKCS11CRYPTO
234
235 void
isc_sha224_init(isc_sha224_t * context)236 isc_sha224_init(isc_sha224_t *context) {
237 CK_RV rv;
238 CK_MECHANISM mech = { CKM_SHA224, NULL, 0 };
239
240 if (context == (isc_sha224_t *)0) {
241 return;
242 }
243 RUNTIME_CHECK(pk11_get_session(context, OP_DIGEST, ISC_TRUE, ISC_FALSE,
244 ISC_FALSE, NULL, 0) == ISC_R_SUCCESS);
245 PK11_FATALCHECK(pkcs_C_DigestInit, (context->session, &mech));
246 }
247
248 void
isc_sha224_invalidate(isc_sha224_t * context)249 isc_sha224_invalidate(isc_sha224_t *context) {
250 CK_BYTE garbage[ISC_SHA224_DIGESTLENGTH];
251 CK_ULONG len = ISC_SHA224_DIGESTLENGTH;
252
253 if (context->handle == NULL)
254 return;
255 (void) pkcs_C_DigestFinal(context->session, garbage, &len);
256 memset(garbage, 0, sizeof(garbage));
257 pk11_return_session(context);
258 }
259
260 void
isc_sha224_update(isc_sha224_t * context,const isc_uint8_t * data,size_t len)261 isc_sha224_update(isc_sha224_t *context, const isc_uint8_t* data, size_t len) {
262 CK_RV rv;
263 CK_BYTE_PTR pPart;
264
265 if (len == 0U) {
266 /* Calling with no data is valid - we do nothing */
267 return;
268 }
269
270 /* Sanity check: */
271 REQUIRE(context != (isc_sha224_t *)0 && data != (isc_uint8_t*)0);
272
273 DE_CONST(data, pPart);
274 PK11_FATALCHECK(pkcs_C_DigestUpdate,
275 (context->session, pPart, (CK_ULONG) len));
276 }
277
278 void
isc_sha224_final(isc_uint8_t digest[],isc_sha224_t * context)279 isc_sha224_final(isc_uint8_t digest[], isc_sha224_t *context) {
280 CK_RV rv;
281 CK_ULONG len = ISC_SHA224_DIGESTLENGTH;
282
283 /* Sanity check: */
284 REQUIRE(context != (isc_sha224_t *)0);
285
286 /* If no digest buffer is passed, we don't bother doing this: */
287 if (digest != (isc_uint8_t*)0) {
288 PK11_FATALCHECK(pkcs_C_DigestFinal,
289 (context->session,
290 (CK_BYTE_PTR) digest,
291 &len));
292 } else {
293 CK_BYTE garbage[ISC_SHA224_DIGESTLENGTH];
294
295 (void) pkcs_C_DigestFinal(context->session, garbage, &len);
296 memset(garbage, 0, sizeof(garbage));
297 }
298 pk11_return_session(context);
299 }
300
301 void
isc_sha256_init(isc_sha256_t * context)302 isc_sha256_init(isc_sha256_t *context) {
303 CK_RV rv;
304 CK_MECHANISM mech = { CKM_SHA256, NULL, 0 };
305
306 if (context == (isc_sha256_t *)0) {
307 return;
308 }
309 RUNTIME_CHECK(pk11_get_session(context, OP_DIGEST, ISC_TRUE, ISC_FALSE,
310 ISC_FALSE, NULL, 0) == ISC_R_SUCCESS);
311 PK11_FATALCHECK(pkcs_C_DigestInit, (context->session, &mech));
312 }
313
314 void
isc_sha256_invalidate(isc_sha256_t * context)315 isc_sha256_invalidate(isc_sha256_t *context) {
316 CK_BYTE garbage[ISC_SHA256_DIGESTLENGTH];
317 CK_ULONG len = ISC_SHA256_DIGESTLENGTH;
318
319 if (context->handle == NULL)
320 return;
321 (void) pkcs_C_DigestFinal(context->session, garbage, &len);
322 memset(garbage, 0, sizeof(garbage));
323 pk11_return_session(context);
324 }
325
326 void
isc_sha256_update(isc_sha256_t * context,const isc_uint8_t * data,size_t len)327 isc_sha256_update(isc_sha256_t *context, const isc_uint8_t* data, size_t len) {
328 CK_RV rv;
329 CK_BYTE_PTR pPart;
330
331 if (len == 0U) {
332 /* Calling with no data is valid - we do nothing */
333 return;
334 }
335
336 /* Sanity check: */
337 REQUIRE(context != (isc_sha256_t *)0 && data != (isc_uint8_t*)0);
338
339 DE_CONST(data, pPart);
340 PK11_FATALCHECK(pkcs_C_DigestUpdate,
341 (context->session, pPart, (CK_ULONG) len));
342 }
343
344 void
isc_sha256_final(isc_uint8_t digest[],isc_sha256_t * context)345 isc_sha256_final(isc_uint8_t digest[], isc_sha256_t *context) {
346 CK_RV rv;
347 CK_ULONG len = ISC_SHA256_DIGESTLENGTH;
348
349 /* Sanity check: */
350 REQUIRE(context != (isc_sha256_t *)0);
351
352 /* If no digest buffer is passed, we don't bother doing this: */
353 if (digest != (isc_uint8_t*)0) {
354 PK11_FATALCHECK(pkcs_C_DigestFinal,
355 (context->session,
356 (CK_BYTE_PTR) digest,
357 &len));
358 } else {
359 CK_BYTE garbage[ISC_SHA256_DIGESTLENGTH];
360
361 (void) pkcs_C_DigestFinal(context->session, garbage, &len);
362 memset(garbage, 0, sizeof(garbage));
363 }
364 pk11_return_session(context);
365 }
366
367 void
isc_sha512_init(isc_sha512_t * context)368 isc_sha512_init(isc_sha512_t *context) {
369 CK_RV rv;
370 CK_MECHANISM mech = { CKM_SHA512, NULL, 0 };
371
372 if (context == (isc_sha512_t *)0) {
373 return;
374 }
375 RUNTIME_CHECK(pk11_get_session(context, OP_DIGEST, ISC_TRUE, ISC_FALSE,
376 ISC_FALSE, NULL, 0) == ISC_R_SUCCESS);
377 PK11_FATALCHECK(pkcs_C_DigestInit, (context->session, &mech));
378 }
379
380 void
isc_sha512_invalidate(isc_sha512_t * context)381 isc_sha512_invalidate(isc_sha512_t *context) {
382 CK_BYTE garbage[ISC_SHA512_DIGESTLENGTH];
383 CK_ULONG len = ISC_SHA512_DIGESTLENGTH;
384
385 if (context->handle == NULL)
386 return;
387 (void) pkcs_C_DigestFinal(context->session, garbage, &len);
388 memset(garbage, 0, sizeof(garbage));
389 pk11_return_session(context);
390 }
391
392 void
isc_sha512_update(isc_sha512_t * context,const isc_uint8_t * data,size_t len)393 isc_sha512_update(isc_sha512_t *context, const isc_uint8_t* data, size_t len) {
394 CK_RV rv;
395 CK_BYTE_PTR pPart;
396
397 if (len == 0U) {
398 /* Calling with no data is valid - we do nothing */
399 return;
400 }
401
402 /* Sanity check: */
403 REQUIRE(context != (isc_sha512_t *)0 && data != (isc_uint8_t*)0);
404
405 DE_CONST(data, pPart);
406 PK11_FATALCHECK(pkcs_C_DigestUpdate,
407 (context->session, pPart, (CK_ULONG) len));
408 }
409
410 void
isc_sha512_final(isc_uint8_t digest[],isc_sha512_t * context)411 isc_sha512_final(isc_uint8_t digest[], isc_sha512_t *context) {
412 CK_RV rv;
413 CK_ULONG len = ISC_SHA512_DIGESTLENGTH;
414
415 /* Sanity check: */
416 REQUIRE(context != (isc_sha512_t *)0);
417
418 /* If no digest buffer is passed, we don't bother doing this: */
419 if (digest != (isc_uint8_t*)0) {
420 PK11_FATALCHECK(pkcs_C_DigestFinal,
421 (context->session,
422 (CK_BYTE_PTR) digest,
423 &len));
424 } else {
425 CK_BYTE garbage[ISC_SHA512_DIGESTLENGTH];
426
427 (void) pkcs_C_DigestFinal(context->session, garbage, &len);
428 memset(garbage, 0, sizeof(garbage));
429 }
430 pk11_return_session(context);
431 }
432
433 void
isc_sha384_init(isc_sha384_t * context)434 isc_sha384_init(isc_sha384_t *context) {
435 CK_RV rv;
436 CK_MECHANISM mech = { CKM_SHA384, NULL, 0 };
437
438 if (context == (isc_sha384_t *)0) {
439 return;
440 }
441 RUNTIME_CHECK(pk11_get_session(context, OP_DIGEST, ISC_TRUE, ISC_FALSE,
442 ISC_FALSE, NULL, 0) == ISC_R_SUCCESS);
443 PK11_FATALCHECK(pkcs_C_DigestInit, (context->session, &mech));
444 }
445
446 void
isc_sha384_invalidate(isc_sha384_t * context)447 isc_sha384_invalidate(isc_sha384_t *context) {
448 CK_BYTE garbage[ISC_SHA384_DIGESTLENGTH];
449 CK_ULONG len = ISC_SHA384_DIGESTLENGTH;
450
451 if (context->handle == NULL)
452 return;
453 (void) pkcs_C_DigestFinal(context->session, garbage, &len);
454 memset(garbage, 0, sizeof(garbage));
455 pk11_return_session(context);
456 }
457
458 void
isc_sha384_update(isc_sha384_t * context,const isc_uint8_t * data,size_t len)459 isc_sha384_update(isc_sha384_t *context, const isc_uint8_t* data, size_t len) {
460 CK_RV rv;
461 CK_BYTE_PTR pPart;
462
463 if (len == 0U) {
464 /* Calling with no data is valid - we do nothing */
465 return;
466 }
467
468 /* Sanity check: */
469 REQUIRE(context != (isc_sha384_t *)0 && data != (isc_uint8_t*)0);
470
471 DE_CONST(data, pPart);
472 PK11_FATALCHECK(pkcs_C_DigestUpdate,
473 (context->session, pPart, (CK_ULONG) len));
474 }
475
476 void
isc_sha384_final(isc_uint8_t digest[],isc_sha384_t * context)477 isc_sha384_final(isc_uint8_t digest[], isc_sha384_t *context) {
478 CK_RV rv;
479 CK_ULONG len = ISC_SHA384_DIGESTLENGTH;
480
481 /* Sanity check: */
482 REQUIRE(context != (isc_sha384_t *)0);
483
484 /* If no digest buffer is passed, we don't bother doing this: */
485 if (digest != (isc_uint8_t*)0) {
486 PK11_FATALCHECK(pkcs_C_DigestFinal,
487 (context->session,
488 (CK_BYTE_PTR) digest,
489 &len));
490 } else {
491 CK_BYTE garbage[ISC_SHA384_DIGESTLENGTH];
492
493 (void) pkcs_C_DigestFinal(context->session, garbage, &len);
494 memset(garbage, 0, sizeof(garbage));
495 }
496 pk11_return_session(context);
497 }
498
499 #else
500
501 /*
502 * UNROLLED TRANSFORM LOOP NOTE:
503 * You can define SHA2_UNROLL_TRANSFORM to use the unrolled transform
504 * loop version for the hash transform rounds (defined using macros
505 * later in this file). Either define on the command line, for example:
506 *
507 * cc -DISC_SHA2_UNROLL_TRANSFORM -o sha2 sha2.c sha2prog.c
508 *
509 * or define below:
510 *
511 * \#define ISC_SHA2_UNROLL_TRANSFORM
512 *
513 */
514
515 /*** SHA-256/384/512 Machine Architecture Definitions *****************/
516 /*
517 * BYTE_ORDER NOTE:
518 *
519 * Please make sure that your system defines BYTE_ORDER. If your
520 * architecture is little-endian, make sure it also defines
521 * LITTLE_ENDIAN and that the two (BYTE_ORDER and LITTLE_ENDIAN) are
522 * equivalent.
523 *
524 * If your system does not define the above, then you can do so by
525 * hand like this:
526 *
527 * \#define LITTLE_ENDIAN 1234
528 * \#define BIG_ENDIAN 4321
529 *
530 * And for little-endian machines, add:
531 *
532 * \#define BYTE_ORDER LITTLE_ENDIAN
533 *
534 * Or for big-endian machines:
535 *
536 * \#define BYTE_ORDER BIG_ENDIAN
537 *
538 * The FreeBSD machine this was written on defines BYTE_ORDER
539 * appropriately by including <sys/types.h> (which in turn includes
540 * <machine/endian.h> where the appropriate definitions are actually
541 * made).
542 */
543 #if !defined(BYTE_ORDER) || (BYTE_ORDER != LITTLE_ENDIAN && BYTE_ORDER != BIG_ENDIAN)
544 #ifndef BYTE_ORDER
545 #ifndef BIG_ENDIAN
546 #define BIG_ENDIAN 4321
547 #endif
548 #ifndef LITTLE_ENDIAN
549 #define LITTLE_ENDIAN 1234
550 #endif
551 #ifdef WORDS_BIGENDIAN
552 #define BYTE_ORDER BIG_ENDIAN
553 #else
554 #define BYTE_ORDER LITTLE_ENDIAN
555 #endif
556 #else
557 #error Define BYTE_ORDER to be equal to either LITTLE_ENDIAN or BIG_ENDIAN
558 #endif
559 #endif
560
561 /*** SHA-256/384/512 Various Length Definitions ***********************/
562 /* NOTE: Most of these are in sha2.h */
563 #define ISC_SHA256_SHORT_BLOCK_LENGTH (ISC_SHA256_BLOCK_LENGTH - 8)
564 #define ISC_SHA384_SHORT_BLOCK_LENGTH (ISC_SHA384_BLOCK_LENGTH - 16)
565 #define ISC_SHA512_SHORT_BLOCK_LENGTH (ISC_SHA512_BLOCK_LENGTH - 16)
566
567
568 /*** ENDIAN REVERSAL MACROS *******************************************/
569 #if BYTE_ORDER == LITTLE_ENDIAN
570 #define REVERSE32(w,x) { \
571 isc_uint32_t tmp = (w); \
572 tmp = (tmp >> 16) | (tmp << 16); \
573 (x) = ((tmp & 0xff00ff00UL) >> 8) | ((tmp & 0x00ff00ffUL) << 8); \
574 }
575 #ifdef WIN32
576 #define REVERSE64(w,x) { \
577 isc_uint64_t tmp = (w); \
578 tmp = (tmp >> 32) | (tmp << 32); \
579 tmp = ((tmp & 0xff00ff00ff00ff00UL) >> 8) | \
580 ((tmp & 0x00ff00ff00ff00ffUL) << 8); \
581 (x) = ((tmp & 0xffff0000ffff0000UL) >> 16) | \
582 ((tmp & 0x0000ffff0000ffffUL) << 16); \
583 }
584 #else
585 #define REVERSE64(w,x) { \
586 isc_uint64_t tmp = (w); \
587 tmp = (tmp >> 32) | (tmp << 32); \
588 tmp = ((tmp & 0xff00ff00ff00ff00ULL) >> 8) | \
589 ((tmp & 0x00ff00ff00ff00ffULL) << 8); \
590 (x) = ((tmp & 0xffff0000ffff0000ULL) >> 16) | \
591 ((tmp & 0x0000ffff0000ffffULL) << 16); \
592 }
593 #endif
594 #endif /* BYTE_ORDER == LITTLE_ENDIAN */
595
596 /*
597 * Macro for incrementally adding the unsigned 64-bit integer n to the
598 * unsigned 128-bit integer (represented using a two-element array of
599 * 64-bit words):
600 */
601 #define ADDINC128(w,n) { \
602 (w)[0] += (isc_uint64_t)(n); \
603 if ((w)[0] < (n)) { \
604 (w)[1]++; \
605 } \
606 }
607
608 /*** THE SIX LOGICAL FUNCTIONS ****************************************/
609 /*
610 * Bit shifting and rotation (used by the six SHA-XYZ logical functions:
611 *
612 * NOTE: The naming of R and S appears backwards here (R is a SHIFT and
613 * S is a ROTATION) because the SHA-256/384/512 description document
614 * (see http://csrc.nist.gov/cryptval/shs/sha256-384-512.pdf) uses this
615 * same "backwards" definition.
616 */
617 /* Shift-right (used in SHA-256, SHA-384, and SHA-512): */
618 #define R(b,x) ((x) >> (b))
619 /* 32-bit Rotate-right (used in SHA-256): */
620 #define S32(b,x) (((x) >> (b)) | ((x) << (32 - (b))))
621 /* 64-bit Rotate-right (used in SHA-384 and SHA-512): */
622 #define S64(b,x) (((x) >> (b)) | ((x) << (64 - (b))))
623
624 /* Two of six logical functions used in SHA-256, SHA-384, and SHA-512: */
625 #define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z)))
626 #define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
627
628 /* Four of six logical functions used in SHA-256: */
629 #define Sigma0_256(x) (S32(2, (x)) ^ S32(13, (x)) ^ S32(22, (x)))
630 #define Sigma1_256(x) (S32(6, (x)) ^ S32(11, (x)) ^ S32(25, (x)))
631 #define sigma0_256(x) (S32(7, (x)) ^ S32(18, (x)) ^ R(3 , (x)))
632 #define sigma1_256(x) (S32(17, (x)) ^ S32(19, (x)) ^ R(10, (x)))
633
634 /* Four of six logical functions used in SHA-384 and SHA-512: */
635 #define Sigma0_512(x) (S64(28, (x)) ^ S64(34, (x)) ^ S64(39, (x)))
636 #define Sigma1_512(x) (S64(14, (x)) ^ S64(18, (x)) ^ S64(41, (x)))
637 #define sigma0_512(x) (S64( 1, (x)) ^ S64( 8, (x)) ^ R( 7, (x)))
638 #define sigma1_512(x) (S64(19, (x)) ^ S64(61, (x)) ^ R( 6, (x)))
639
640 /*** INTERNAL FUNCTION PROTOTYPES *************************************/
641 /* NOTE: These should not be accessed directly from outside this
642 * library -- they are intended for private internal visibility/use
643 * only.
644 */
645 void isc_sha512_last(isc_sha512_t *);
646 void isc_sha256_transform(isc_sha256_t *, const isc_uint32_t*);
647 void isc_sha512_transform(isc_sha512_t *, const isc_uint64_t*);
648
649
650 /*** SHA-XYZ INITIAL HASH VALUES AND CONSTANTS ************************/
651 /* Hash constant words K for SHA-224 and SHA-256: */
652 static const isc_uint32_t K256[64] = {
653 0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL,
654 0x3956c25bUL, 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL,
655 0xd807aa98UL, 0x12835b01UL, 0x243185beUL, 0x550c7dc3UL,
656 0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL, 0xc19bf174UL,
657 0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL,
658 0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL,
659 0x983e5152UL, 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL,
660 0xc6e00bf3UL, 0xd5a79147UL, 0x06ca6351UL, 0x14292967UL,
661 0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL, 0x53380d13UL,
662 0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL,
663 0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL,
664 0xd192e819UL, 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL,
665 0x19a4c116UL, 0x1e376c08UL, 0x2748774cUL, 0x34b0bcb5UL,
666 0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL, 0x682e6ff3UL,
667 0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL,
668 0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL
669 };
670
671 /* Initial hash value H for SHA-224: */
672 static const isc_uint32_t sha224_initial_hash_value[8] = {
673 0xc1059ed8UL,
674 0x367cd507UL,
675 0x3070dd17UL,
676 0xf70e5939UL,
677 0xffc00b31UL,
678 0x68581511UL,
679 0x64f98fa7UL,
680 0xbefa4fa4UL
681 };
682
683 /* Initial hash value H for SHA-256: */
684 static const isc_uint32_t sha256_initial_hash_value[8] = {
685 0x6a09e667UL,
686 0xbb67ae85UL,
687 0x3c6ef372UL,
688 0xa54ff53aUL,
689 0x510e527fUL,
690 0x9b05688cUL,
691 0x1f83d9abUL,
692 0x5be0cd19UL
693 };
694
695 #ifdef WIN32
696 /* Hash constant words K for SHA-384 and SHA-512: */
697 static const isc_uint64_t K512[80] = {
698 0x428a2f98d728ae22UL, 0x7137449123ef65cdUL,
699 0xb5c0fbcfec4d3b2fUL, 0xe9b5dba58189dbbcUL,
700 0x3956c25bf348b538UL, 0x59f111f1b605d019UL,
701 0x923f82a4af194f9bUL, 0xab1c5ed5da6d8118UL,
702 0xd807aa98a3030242UL, 0x12835b0145706fbeUL,
703 0x243185be4ee4b28cUL, 0x550c7dc3d5ffb4e2UL,
704 0x72be5d74f27b896fUL, 0x80deb1fe3b1696b1UL,
705 0x9bdc06a725c71235UL, 0xc19bf174cf692694UL,
706 0xe49b69c19ef14ad2UL, 0xefbe4786384f25e3UL,
707 0x0fc19dc68b8cd5b5UL, 0x240ca1cc77ac9c65UL,
708 0x2de92c6f592b0275UL, 0x4a7484aa6ea6e483UL,
709 0x5cb0a9dcbd41fbd4UL, 0x76f988da831153b5UL,
710 0x983e5152ee66dfabUL, 0xa831c66d2db43210UL,
711 0xb00327c898fb213fUL, 0xbf597fc7beef0ee4UL,
712 0xc6e00bf33da88fc2UL, 0xd5a79147930aa725UL,
713 0x06ca6351e003826fUL, 0x142929670a0e6e70UL,
714 0x27b70a8546d22ffcUL, 0x2e1b21385c26c926UL,
715 0x4d2c6dfc5ac42aedUL, 0x53380d139d95b3dfUL,
716 0x650a73548baf63deUL, 0x766a0abb3c77b2a8UL,
717 0x81c2c92e47edaee6UL, 0x92722c851482353bUL,
718 0xa2bfe8a14cf10364UL, 0xa81a664bbc423001UL,
719 0xc24b8b70d0f89791UL, 0xc76c51a30654be30UL,
720 0xd192e819d6ef5218UL, 0xd69906245565a910UL,
721 0xf40e35855771202aUL, 0x106aa07032bbd1b8UL,
722 0x19a4c116b8d2d0c8UL, 0x1e376c085141ab53UL,
723 0x2748774cdf8eeb99UL, 0x34b0bcb5e19b48a8UL,
724 0x391c0cb3c5c95a63UL, 0x4ed8aa4ae3418acbUL,
725 0x5b9cca4f7763e373UL, 0x682e6ff3d6b2b8a3UL,
726 0x748f82ee5defb2fcUL, 0x78a5636f43172f60UL,
727 0x84c87814a1f0ab72UL, 0x8cc702081a6439ecUL,
728 0x90befffa23631e28UL, 0xa4506cebde82bde9UL,
729 0xbef9a3f7b2c67915UL, 0xc67178f2e372532bUL,
730 0xca273eceea26619cUL, 0xd186b8c721c0c207UL,
731 0xeada7dd6cde0eb1eUL, 0xf57d4f7fee6ed178UL,
732 0x06f067aa72176fbaUL, 0x0a637dc5a2c898a6UL,
733 0x113f9804bef90daeUL, 0x1b710b35131c471bUL,
734 0x28db77f523047d84UL, 0x32caab7b40c72493UL,
735 0x3c9ebe0a15c9bebcUL, 0x431d67c49c100d4cUL,
736 0x4cc5d4becb3e42b6UL, 0x597f299cfc657e2aUL,
737 0x5fcb6fab3ad6faecUL, 0x6c44198c4a475817UL
738 };
739
740 /* Initial hash value H for SHA-384: */
741 static const isc_uint64_t sha384_initial_hash_value[8] = {
742 0xcbbb9d5dc1059ed8UL,
743 0x629a292a367cd507UL,
744 0x9159015a3070dd17UL,
745 0x152fecd8f70e5939UL,
746 0x67332667ffc00b31UL,
747 0x8eb44a8768581511UL,
748 0xdb0c2e0d64f98fa7UL,
749 0x47b5481dbefa4fa4UL
750 };
751
752 /* Initial hash value H for SHA-512: */
753 static const isc_uint64_t sha512_initial_hash_value[8] = {
754 0x6a09e667f3bcc908U,
755 0xbb67ae8584caa73bUL,
756 0x3c6ef372fe94f82bUL,
757 0xa54ff53a5f1d36f1UL,
758 0x510e527fade682d1UL,
759 0x9b05688c2b3e6c1fUL,
760 0x1f83d9abfb41bd6bUL,
761 0x5be0cd19137e2179UL
762 };
763 #else
764 /* Hash constant words K for SHA-384 and SHA-512: */
765 static const isc_uint64_t K512[80] = {
766 0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL,
767 0xb5c0fbcfec4d3b2fULL, 0xe9b5dba58189dbbcULL,
768 0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL,
769 0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL,
770 0xd807aa98a3030242ULL, 0x12835b0145706fbeULL,
771 0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL,
772 0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL,
773 0x9bdc06a725c71235ULL, 0xc19bf174cf692694ULL,
774 0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL,
775 0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL,
776 0x2de92c6f592b0275ULL, 0x4a7484aa6ea6e483ULL,
777 0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL,
778 0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL,
779 0xb00327c898fb213fULL, 0xbf597fc7beef0ee4ULL,
780 0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL,
781 0x06ca6351e003826fULL, 0x142929670a0e6e70ULL,
782 0x27b70a8546d22ffcULL, 0x2e1b21385c26c926ULL,
783 0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL,
784 0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL,
785 0x81c2c92e47edaee6ULL, 0x92722c851482353bULL,
786 0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL,
787 0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL,
788 0xd192e819d6ef5218ULL, 0xd69906245565a910ULL,
789 0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL,
790 0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL,
791 0x2748774cdf8eeb99ULL, 0x34b0bcb5e19b48a8ULL,
792 0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL,
793 0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL,
794 0x748f82ee5defb2fcULL, 0x78a5636f43172f60ULL,
795 0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL,
796 0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL,
797 0xbef9a3f7b2c67915ULL, 0xc67178f2e372532bULL,
798 0xca273eceea26619cULL, 0xd186b8c721c0c207ULL,
799 0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL,
800 0x06f067aa72176fbaULL, 0x0a637dc5a2c898a6ULL,
801 0x113f9804bef90daeULL, 0x1b710b35131c471bULL,
802 0x28db77f523047d84ULL, 0x32caab7b40c72493ULL,
803 0x3c9ebe0a15c9bebcULL, 0x431d67c49c100d4cULL,
804 0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL,
805 0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL
806 };
807
808 /* Initial hash value H for SHA-384: */
809 static const isc_uint64_t sha384_initial_hash_value[8] = {
810 0xcbbb9d5dc1059ed8ULL,
811 0x629a292a367cd507ULL,
812 0x9159015a3070dd17ULL,
813 0x152fecd8f70e5939ULL,
814 0x67332667ffc00b31ULL,
815 0x8eb44a8768581511ULL,
816 0xdb0c2e0d64f98fa7ULL,
817 0x47b5481dbefa4fa4ULL
818 };
819
820 /* Initial hash value H for SHA-512: */
821 static const isc_uint64_t sha512_initial_hash_value[8] = {
822 0x6a09e667f3bcc908ULL,
823 0xbb67ae8584caa73bULL,
824 0x3c6ef372fe94f82bULL,
825 0xa54ff53a5f1d36f1ULL,
826 0x510e527fade682d1ULL,
827 0x9b05688c2b3e6c1fULL,
828 0x1f83d9abfb41bd6bULL,
829 0x5be0cd19137e2179ULL
830 };
831 #endif
832
833
834 /*** SHA-224: *********************************************************/
835 void
isc_sha224_init(isc_sha224_t * context)836 isc_sha224_init(isc_sha224_t *context) {
837 if (context == (isc_sha256_t *)0) {
838 return;
839 }
840 memmove(context->state, sha224_initial_hash_value,
841 ISC_SHA256_DIGESTLENGTH);
842 memset(context->buffer, 0, ISC_SHA256_BLOCK_LENGTH);
843 context->bitcount = 0;
844 }
845
846 void
isc_sha224_invalidate(isc_sha224_t * context)847 isc_sha224_invalidate(isc_sha224_t *context) {
848 memset(context, 0, sizeof(isc_sha224_t));
849 }
850
851 void
isc_sha224_update(isc_sha224_t * context,const isc_uint8_t * data,size_t len)852 isc_sha224_update(isc_sha224_t *context, const isc_uint8_t* data, size_t len) {
853 isc_sha256_update((isc_sha256_t *)context, data, len);
854 }
855
856 void
isc_sha224_final(isc_uint8_t digest[],isc_sha224_t * context)857 isc_sha224_final(isc_uint8_t digest[], isc_sha224_t *context) {
858 isc_uint8_t sha256_digest[ISC_SHA256_DIGESTLENGTH];
859 isc_sha256_final(sha256_digest, (isc_sha256_t *)context);
860 memmove(digest, sha256_digest, ISC_SHA224_DIGESTLENGTH);
861 memset(sha256_digest, 0, ISC_SHA256_DIGESTLENGTH);
862 }
863
864 /*** SHA-256: *********************************************************/
865 void
isc_sha256_init(isc_sha256_t * context)866 isc_sha256_init(isc_sha256_t *context) {
867 if (context == (isc_sha256_t *)0) {
868 return;
869 }
870 memmove(context->state, sha256_initial_hash_value,
871 ISC_SHA256_DIGESTLENGTH);
872 memset(context->buffer, 0, ISC_SHA256_BLOCK_LENGTH);
873 context->bitcount = 0;
874 }
875
876 void
isc_sha256_invalidate(isc_sha256_t * context)877 isc_sha256_invalidate(isc_sha256_t *context) {
878 memset(context, 0, sizeof(isc_sha256_t));
879 }
880
881 #ifdef ISC_SHA2_UNROLL_TRANSFORM
882
883 /* Unrolled SHA-256 round macros: */
884
885 #if BYTE_ORDER == LITTLE_ENDIAN
886
887 #define ROUND256_0_TO_15(a,b,c,d,e,f,g,h) \
888 REVERSE32(*data++, W256[j]); \
889 T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + \
890 K256[j] + W256[j]; \
891 (d) += T1; \
892 (h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \
893 j++
894
895
896 #else /* BYTE_ORDER == LITTLE_ENDIAN */
897
898 #define ROUND256_0_TO_15(a,b,c,d,e,f,g,h) \
899 T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + \
900 K256[j] + (W256[j] = *data++); \
901 (d) += T1; \
902 (h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \
903 j++
904
905 #endif /* BYTE_ORDER == LITTLE_ENDIAN */
906
907 #define ROUND256(a,b,c,d,e,f,g,h) \
908 s0 = W256[(j+1)&0x0f]; \
909 s0 = sigma0_256(s0); \
910 s1 = W256[(j+14)&0x0f]; \
911 s1 = sigma1_256(s1); \
912 T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + K256[j] + \
913 (W256[j&0x0f] += s1 + W256[(j+9)&0x0f] + s0); \
914 (d) += T1; \
915 (h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \
916 j++
917
isc_sha256_transform(isc_sha256_t * context,const isc_uint32_t * data)918 void isc_sha256_transform(isc_sha256_t *context, const isc_uint32_t* data) {
919 isc_uint32_t a, b, c, d, e, f, g, h, s0, s1;
920 isc_uint32_t T1, *W256;
921 int j;
922
923 W256 = (isc_uint32_t*)context->buffer;
924
925 /* Initialize registers with the prev. intermediate value */
926 a = context->state[0];
927 b = context->state[1];
928 c = context->state[2];
929 d = context->state[3];
930 e = context->state[4];
931 f = context->state[5];
932 g = context->state[6];
933 h = context->state[7];
934
935 j = 0;
936 do {
937 /* Rounds 0 to 15 (unrolled): */
938 ROUND256_0_TO_15(a,b,c,d,e,f,g,h);
939 ROUND256_0_TO_15(h,a,b,c,d,e,f,g);
940 ROUND256_0_TO_15(g,h,a,b,c,d,e,f);
941 ROUND256_0_TO_15(f,g,h,a,b,c,d,e);
942 ROUND256_0_TO_15(e,f,g,h,a,b,c,d);
943 ROUND256_0_TO_15(d,e,f,g,h,a,b,c);
944 ROUND256_0_TO_15(c,d,e,f,g,h,a,b);
945 ROUND256_0_TO_15(b,c,d,e,f,g,h,a);
946 } while (j < 16);
947
948 /* Now for the remaining rounds to 64: */
949 do {
950 ROUND256(a,b,c,d,e,f,g,h);
951 ROUND256(h,a,b,c,d,e,f,g);
952 ROUND256(g,h,a,b,c,d,e,f);
953 ROUND256(f,g,h,a,b,c,d,e);
954 ROUND256(e,f,g,h,a,b,c,d);
955 ROUND256(d,e,f,g,h,a,b,c);
956 ROUND256(c,d,e,f,g,h,a,b);
957 ROUND256(b,c,d,e,f,g,h,a);
958 } while (j < 64);
959
960 /* Compute the current intermediate hash value */
961 context->state[0] += a;
962 context->state[1] += b;
963 context->state[2] += c;
964 context->state[3] += d;
965 context->state[4] += e;
966 context->state[5] += f;
967 context->state[6] += g;
968 context->state[7] += h;
969
970 /* Clean up */
971 a = b = c = d = e = f = g = h = T1 = 0;
972 /* Avoid compiler warnings */
973 POST(a); POST(b); POST(c); POST(d); POST(e); POST(f);
974 POST(g); POST(h); POST(T1);
975 }
976
977 #else /* ISC_SHA2_UNROLL_TRANSFORM */
978
979 void
isc_sha256_transform(isc_sha256_t * context,const isc_uint32_t * data)980 isc_sha256_transform(isc_sha256_t *context, const isc_uint32_t* data) {
981 isc_uint32_t a, b, c, d, e, f, g, h, s0, s1;
982 isc_uint32_t T1, T2, *W256;
983 int j;
984
985 W256 = (isc_uint32_t*)context->buffer;
986
987 /* Initialize registers with the prev. intermediate value */
988 a = context->state[0];
989 b = context->state[1];
990 c = context->state[2];
991 d = context->state[3];
992 e = context->state[4];
993 f = context->state[5];
994 g = context->state[6];
995 h = context->state[7];
996
997 j = 0;
998 do {
999 #if BYTE_ORDER == LITTLE_ENDIAN
1000 /* Copy data while converting to host byte order */
1001 REVERSE32(*data++,W256[j]);
1002 /* Apply the SHA-256 compression function to update a..h */
1003 T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + W256[j];
1004 #else /* BYTE_ORDER == LITTLE_ENDIAN */
1005 /* Apply the SHA-256 compression function to update a..h with copy */
1006 T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + (W256[j] = *data++);
1007 #endif /* BYTE_ORDER == LITTLE_ENDIAN */
1008 T2 = Sigma0_256(a) + Maj(a, b, c);
1009 h = g;
1010 g = f;
1011 f = e;
1012 e = d + T1;
1013 d = c;
1014 c = b;
1015 b = a;
1016 a = T1 + T2;
1017
1018 j++;
1019 } while (j < 16);
1020
1021 do {
1022 /* Part of the message block expansion: */
1023 s0 = W256[(j+1)&0x0f];
1024 s0 = sigma0_256(s0);
1025 s1 = W256[(j+14)&0x0f];
1026 s1 = sigma1_256(s1);
1027
1028 /* Apply the SHA-256 compression function to update a..h */
1029 T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] +
1030 (W256[j&0x0f] += s1 + W256[(j+9)&0x0f] + s0);
1031 T2 = Sigma0_256(a) + Maj(a, b, c);
1032 h = g;
1033 g = f;
1034 f = e;
1035 e = d + T1;
1036 d = c;
1037 c = b;
1038 b = a;
1039 a = T1 + T2;
1040
1041 j++;
1042 } while (j < 64);
1043
1044 /* Compute the current intermediate hash value */
1045 context->state[0] += a;
1046 context->state[1] += b;
1047 context->state[2] += c;
1048 context->state[3] += d;
1049 context->state[4] += e;
1050 context->state[5] += f;
1051 context->state[6] += g;
1052 context->state[7] += h;
1053
1054 /* Clean up */
1055 a = b = c = d = e = f = g = h = T1 = T2 = 0;
1056 /* Avoid compiler warnings */
1057 POST(a); POST(b); POST(c); POST(d); POST(e); POST(f);
1058 POST(g); POST(h); POST(T1); POST(T2);
1059 }
1060
1061 #endif /* ISC_SHA2_UNROLL_TRANSFORM */
1062
1063 void
isc_sha256_update(isc_sha256_t * context,const isc_uint8_t * data,size_t len)1064 isc_sha256_update(isc_sha256_t *context, const isc_uint8_t *data, size_t len) {
1065 unsigned int freespace, usedspace;
1066
1067 if (len == 0U) {
1068 /* Calling with no data is valid - we do nothing */
1069 return;
1070 }
1071
1072 /* Sanity check: */
1073 REQUIRE(context != (isc_sha256_t *)0 && data != (isc_uint8_t*)0);
1074
1075 usedspace = (unsigned int)((context->bitcount >> 3) %
1076 ISC_SHA256_BLOCK_LENGTH);
1077 if (usedspace > 0) {
1078 /* Calculate how much free space is available in the buffer */
1079 freespace = ISC_SHA256_BLOCK_LENGTH - usedspace;
1080
1081 if (len >= freespace) {
1082 /* Fill the buffer completely and process it */
1083 memmove(&context->buffer[usedspace], data, freespace);
1084 context->bitcount += freespace << 3;
1085 len -= freespace;
1086 data += freespace;
1087 isc_sha256_transform(context,
1088 (isc_uint32_t*)context->buffer);
1089 } else {
1090 /* The buffer is not yet full */
1091 memmove(&context->buffer[usedspace], data, len);
1092 context->bitcount += len << 3;
1093 /* Clean up: */
1094 usedspace = freespace = 0;
1095 /* Avoid compiler warnings: */
1096 POST(usedspace); POST(freespace);
1097 return;
1098 }
1099 }
1100 while (len >= ISC_SHA256_BLOCK_LENGTH) {
1101 /* Process as many complete blocks as we can */
1102 memmove(context->buffer, data, ISC_SHA256_BLOCK_LENGTH);
1103 isc_sha256_transform(context, (isc_uint32_t*)context->buffer);
1104 context->bitcount += ISC_SHA256_BLOCK_LENGTH << 3;
1105 len -= ISC_SHA256_BLOCK_LENGTH;
1106 data += ISC_SHA256_BLOCK_LENGTH;
1107 }
1108 if (len > 0U) {
1109 /* There's left-overs, so save 'em */
1110 memmove(context->buffer, data, len);
1111 context->bitcount += len << 3;
1112 }
1113 /* Clean up: */
1114 usedspace = freespace = 0;
1115 /* Avoid compiler warnings: */
1116 POST(usedspace); POST(freespace);
1117 }
1118
1119 void
isc_sha256_final(isc_uint8_t digest[],isc_sha256_t * context)1120 isc_sha256_final(isc_uint8_t digest[], isc_sha256_t *context) {
1121 isc_uint32_t *d = (isc_uint32_t*)digest;
1122 unsigned int usedspace;
1123
1124 /* Sanity check: */
1125 REQUIRE(context != (isc_sha256_t *)0);
1126
1127 /* If no digest buffer is passed, we don't bother doing this: */
1128 if (digest != (isc_uint8_t*)0) {
1129 usedspace = (unsigned int)((context->bitcount >> 3) %
1130 ISC_SHA256_BLOCK_LENGTH);
1131 #if BYTE_ORDER == LITTLE_ENDIAN
1132 /* Convert FROM host byte order */
1133 REVERSE64(context->bitcount,context->bitcount);
1134 #endif
1135 if (usedspace > 0) {
1136 /* Begin padding with a 1 bit: */
1137 context->buffer[usedspace++] = 0x80;
1138
1139 if (usedspace <= ISC_SHA256_SHORT_BLOCK_LENGTH) {
1140 /* Set-up for the last transform: */
1141 memset(&context->buffer[usedspace], 0,
1142 ISC_SHA256_SHORT_BLOCK_LENGTH - usedspace);
1143 } else {
1144 if (usedspace < ISC_SHA256_BLOCK_LENGTH) {
1145 memset(&context->buffer[usedspace], 0,
1146 ISC_SHA256_BLOCK_LENGTH -
1147 usedspace);
1148 }
1149 /* Do second-to-last transform: */
1150 isc_sha256_transform(context,
1151 (isc_uint32_t*)context->buffer);
1152
1153 /* And set-up for the last transform: */
1154 memset(context->buffer, 0,
1155 ISC_SHA256_SHORT_BLOCK_LENGTH);
1156 }
1157 } else {
1158 /* Set-up for the last transform: */
1159 memset(context->buffer, 0, ISC_SHA256_SHORT_BLOCK_LENGTH);
1160
1161 /* Begin padding with a 1 bit: */
1162 *context->buffer = 0x80;
1163 }
1164 /* Set the bit count: */
1165 memcpy(&context->buffer[ISC_SHA256_SHORT_BLOCK_LENGTH],
1166 &context->bitcount, sizeof(isc_uint64_t));
1167
1168 /* Final transform: */
1169 isc_sha256_transform(context, (isc_uint32_t*)context->buffer);
1170
1171 #if BYTE_ORDER == LITTLE_ENDIAN
1172 {
1173 /* Convert TO host byte order */
1174 int j;
1175 for (j = 0; j < 8; j++) {
1176 REVERSE32(context->state[j],context->state[j]);
1177 *d++ = context->state[j];
1178 }
1179 }
1180 #else
1181 memmove(d, context->state, ISC_SHA256_DIGESTLENGTH);
1182 #endif
1183 }
1184
1185 /* Clean up state data: */
1186 memset(context, 0, sizeof(*context));
1187 usedspace = 0;
1188 POST(usedspace);
1189 }
1190
1191 /*** SHA-512: *********************************************************/
1192 void
isc_sha512_init(isc_sha512_t * context)1193 isc_sha512_init(isc_sha512_t *context) {
1194 if (context == (isc_sha512_t *)0) {
1195 return;
1196 }
1197 memmove(context->state, sha512_initial_hash_value,
1198 ISC_SHA512_DIGESTLENGTH);
1199 memset(context->buffer, 0, ISC_SHA512_BLOCK_LENGTH);
1200 context->bitcount[0] = context->bitcount[1] = 0;
1201 }
1202
1203 void
isc_sha512_invalidate(isc_sha512_t * context)1204 isc_sha512_invalidate(isc_sha512_t *context) {
1205 memset(context, 0, sizeof(isc_sha512_t));
1206 }
1207
1208 #ifdef ISC_SHA2_UNROLL_TRANSFORM
1209
1210 /* Unrolled SHA-512 round macros: */
1211 #if BYTE_ORDER == LITTLE_ENDIAN
1212
1213 #define ROUND512_0_TO_15(a,b,c,d,e,f,g,h) \
1214 REVERSE64(*data++, W512[j]); \
1215 T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + \
1216 K512[j] + W512[j]; \
1217 (d) += T1, \
1218 (h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)), \
1219 j++
1220
1221
1222 #else /* BYTE_ORDER == LITTLE_ENDIAN */
1223
1224 #define ROUND512_0_TO_15(a,b,c,d,e,f,g,h) \
1225 T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + \
1226 K512[j] + (W512[j] = *data++); \
1227 (d) += T1; \
1228 (h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)); \
1229 j++
1230
1231 #endif /* BYTE_ORDER == LITTLE_ENDIAN */
1232
1233 #define ROUND512(a,b,c,d,e,f,g,h) \
1234 s0 = W512[(j+1)&0x0f]; \
1235 s0 = sigma0_512(s0); \
1236 s1 = W512[(j+14)&0x0f]; \
1237 s1 = sigma1_512(s1); \
1238 T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + K512[j] + \
1239 (W512[j&0x0f] += s1 + W512[(j+9)&0x0f] + s0); \
1240 (d) += T1; \
1241 (h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)); \
1242 j++
1243
isc_sha512_transform(isc_sha512_t * context,const isc_uint64_t * data)1244 void isc_sha512_transform(isc_sha512_t *context, const isc_uint64_t* data) {
1245 isc_uint64_t a, b, c, d, e, f, g, h, s0, s1;
1246 isc_uint64_t T1, *W512 = (isc_uint64_t*)context->buffer;
1247 int j;
1248
1249 /* Initialize registers with the prev. intermediate value */
1250 a = context->state[0];
1251 b = context->state[1];
1252 c = context->state[2];
1253 d = context->state[3];
1254 e = context->state[4];
1255 f = context->state[5];
1256 g = context->state[6];
1257 h = context->state[7];
1258
1259 j = 0;
1260 do {
1261 ROUND512_0_TO_15(a,b,c,d,e,f,g,h);
1262 ROUND512_0_TO_15(h,a,b,c,d,e,f,g);
1263 ROUND512_0_TO_15(g,h,a,b,c,d,e,f);
1264 ROUND512_0_TO_15(f,g,h,a,b,c,d,e);
1265 ROUND512_0_TO_15(e,f,g,h,a,b,c,d);
1266 ROUND512_0_TO_15(d,e,f,g,h,a,b,c);
1267 ROUND512_0_TO_15(c,d,e,f,g,h,a,b);
1268 ROUND512_0_TO_15(b,c,d,e,f,g,h,a);
1269 } while (j < 16);
1270
1271 /* Now for the remaining rounds up to 79: */
1272 do {
1273 ROUND512(a,b,c,d,e,f,g,h);
1274 ROUND512(h,a,b,c,d,e,f,g);
1275 ROUND512(g,h,a,b,c,d,e,f);
1276 ROUND512(f,g,h,a,b,c,d,e);
1277 ROUND512(e,f,g,h,a,b,c,d);
1278 ROUND512(d,e,f,g,h,a,b,c);
1279 ROUND512(c,d,e,f,g,h,a,b);
1280 ROUND512(b,c,d,e,f,g,h,a);
1281 } while (j < 80);
1282
1283 /* Compute the current intermediate hash value */
1284 context->state[0] += a;
1285 context->state[1] += b;
1286 context->state[2] += c;
1287 context->state[3] += d;
1288 context->state[4] += e;
1289 context->state[5] += f;
1290 context->state[6] += g;
1291 context->state[7] += h;
1292
1293 /* Clean up */
1294 a = b = c = d = e = f = g = h = T1 = 0;
1295 /* Avoid compiler warnings */
1296 POST(a); POST(b); POST(c); POST(d); POST(e); POST(f);
1297 POST(g); POST(h); POST(T1);
1298 }
1299
1300 #else /* ISC_SHA2_UNROLL_TRANSFORM */
1301
1302 void
isc_sha512_transform(isc_sha512_t * context,const isc_uint64_t * data)1303 isc_sha512_transform(isc_sha512_t *context, const isc_uint64_t* data) {
1304 isc_uint64_t a, b, c, d, e, f, g, h, s0, s1;
1305 isc_uint64_t T1, T2, *W512 = (isc_uint64_t*)context->buffer;
1306 int j;
1307
1308 /* Initialize registers with the prev. intermediate value */
1309 a = context->state[0];
1310 b = context->state[1];
1311 c = context->state[2];
1312 d = context->state[3];
1313 e = context->state[4];
1314 f = context->state[5];
1315 g = context->state[6];
1316 h = context->state[7];
1317
1318 j = 0;
1319 do {
1320 #if BYTE_ORDER == LITTLE_ENDIAN
1321 /* Convert TO host byte order */
1322 REVERSE64(*data++, W512[j]);
1323 /* Apply the SHA-512 compression function to update a..h */
1324 T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + W512[j];
1325 #else /* BYTE_ORDER == LITTLE_ENDIAN */
1326 /* Apply the SHA-512 compression function to update a..h with copy */
1327 T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + (W512[j] = *data++);
1328 #endif /* BYTE_ORDER == LITTLE_ENDIAN */
1329 T2 = Sigma0_512(a) + Maj(a, b, c);
1330 h = g;
1331 g = f;
1332 f = e;
1333 e = d + T1;
1334 d = c;
1335 c = b;
1336 b = a;
1337 a = T1 + T2;
1338
1339 j++;
1340 } while (j < 16);
1341
1342 do {
1343 /* Part of the message block expansion: */
1344 s0 = W512[(j+1)&0x0f];
1345 s0 = sigma0_512(s0);
1346 s1 = W512[(j+14)&0x0f];
1347 s1 = sigma1_512(s1);
1348
1349 /* Apply the SHA-512 compression function to update a..h */
1350 T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] +
1351 (W512[j&0x0f] += s1 + W512[(j+9)&0x0f] + s0);
1352 T2 = Sigma0_512(a) + Maj(a, b, c);
1353 h = g;
1354 g = f;
1355 f = e;
1356 e = d + T1;
1357 d = c;
1358 c = b;
1359 b = a;
1360 a = T1 + T2;
1361
1362 j++;
1363 } while (j < 80);
1364
1365 /* Compute the current intermediate hash value */
1366 context->state[0] += a;
1367 context->state[1] += b;
1368 context->state[2] += c;
1369 context->state[3] += d;
1370 context->state[4] += e;
1371 context->state[5] += f;
1372 context->state[6] += g;
1373 context->state[7] += h;
1374
1375 /* Clean up */
1376 a = b = c = d = e = f = g = h = T1 = T2 = 0;
1377 /* Avoid compiler warnings */
1378 POST(a); POST(b); POST(c); POST(d); POST(e); POST(f);
1379 POST(g); POST(h); POST(T1); POST(T2);
1380 }
1381
1382 #endif /* ISC_SHA2_UNROLL_TRANSFORM */
1383
isc_sha512_update(isc_sha512_t * context,const isc_uint8_t * data,size_t len)1384 void isc_sha512_update(isc_sha512_t *context, const isc_uint8_t *data, size_t len) {
1385 unsigned int freespace, usedspace;
1386
1387 if (len == 0U) {
1388 /* Calling with no data is valid - we do nothing */
1389 return;
1390 }
1391
1392 /* Sanity check: */
1393 REQUIRE(context != (isc_sha512_t *)0 && data != (isc_uint8_t*)0);
1394
1395 usedspace = (unsigned int)((context->bitcount[0] >> 3) %
1396 ISC_SHA512_BLOCK_LENGTH);
1397 if (usedspace > 0) {
1398 /* Calculate how much free space is available in the buffer */
1399 freespace = ISC_SHA512_BLOCK_LENGTH - usedspace;
1400
1401 if (len >= freespace) {
1402 /* Fill the buffer completely and process it */
1403 memmove(&context->buffer[usedspace], data, freespace);
1404 ADDINC128(context->bitcount, freespace << 3);
1405 len -= freespace;
1406 data += freespace;
1407 isc_sha512_transform(context,
1408 (isc_uint64_t*)context->buffer);
1409 } else {
1410 /* The buffer is not yet full */
1411 memmove(&context->buffer[usedspace], data, len);
1412 ADDINC128(context->bitcount, len << 3);
1413 /* Clean up: */
1414 usedspace = freespace = 0;
1415 /* Avoid compiler warnings: */
1416 POST(usedspace); POST(freespace);
1417 return;
1418 }
1419 }
1420 while (len >= ISC_SHA512_BLOCK_LENGTH) {
1421 /* Process as many complete blocks as we can */
1422 memmove(context->buffer, data, ISC_SHA512_BLOCK_LENGTH);
1423 isc_sha512_transform(context, (isc_uint64_t*)context->buffer);
1424 ADDINC128(context->bitcount, ISC_SHA512_BLOCK_LENGTH << 3);
1425 len -= ISC_SHA512_BLOCK_LENGTH;
1426 data += ISC_SHA512_BLOCK_LENGTH;
1427 }
1428 if (len > 0U) {
1429 /* There's left-overs, so save 'em */
1430 memmove(context->buffer, data, len);
1431 ADDINC128(context->bitcount, len << 3);
1432 }
1433 /* Clean up: */
1434 usedspace = freespace = 0;
1435 /* Avoid compiler warnings: */
1436 POST(usedspace); POST(freespace);
1437 }
1438
isc_sha512_last(isc_sha512_t * context)1439 void isc_sha512_last(isc_sha512_t *context) {
1440 unsigned int usedspace;
1441
1442 usedspace = (unsigned int)((context->bitcount[0] >> 3) %
1443 ISC_SHA512_BLOCK_LENGTH);
1444 #if BYTE_ORDER == LITTLE_ENDIAN
1445 /* Convert FROM host byte order */
1446 REVERSE64(context->bitcount[0],context->bitcount[0]);
1447 REVERSE64(context->bitcount[1],context->bitcount[1]);
1448 #endif
1449 if (usedspace > 0) {
1450 /* Begin padding with a 1 bit: */
1451 context->buffer[usedspace++] = 0x80;
1452
1453 if (usedspace <= ISC_SHA512_SHORT_BLOCK_LENGTH) {
1454 /* Set-up for the last transform: */
1455 memset(&context->buffer[usedspace], 0,
1456 ISC_SHA512_SHORT_BLOCK_LENGTH - usedspace);
1457 } else {
1458 if (usedspace < ISC_SHA512_BLOCK_LENGTH) {
1459 memset(&context->buffer[usedspace], 0,
1460 ISC_SHA512_BLOCK_LENGTH - usedspace);
1461 }
1462 /* Do second-to-last transform: */
1463 isc_sha512_transform(context,
1464 (isc_uint64_t*)context->buffer);
1465
1466 /* And set-up for the last transform: */
1467 memset(context->buffer, 0, ISC_SHA512_BLOCK_LENGTH - 2);
1468 }
1469 } else {
1470 /* Prepare for final transform: */
1471 memset(context->buffer, 0, ISC_SHA512_SHORT_BLOCK_LENGTH);
1472
1473 /* Begin padding with a 1 bit: */
1474 *context->buffer = 0x80;
1475 }
1476 /* Store the length of input data (in bits): */
1477 memcpy(&context->buffer[ISC_SHA512_SHORT_BLOCK_LENGTH+8],
1478 &context->bitcount[0], sizeof(isc_uint64_t));
1479
1480 /* Final transform: */
1481 isc_sha512_transform(context, (isc_uint64_t*)context->buffer);
1482 }
1483
isc_sha512_final(isc_uint8_t digest[],isc_sha512_t * context)1484 void isc_sha512_final(isc_uint8_t digest[], isc_sha512_t *context) {
1485 isc_uint64_t *d = (isc_uint64_t*)digest;
1486
1487 /* Sanity check: */
1488 REQUIRE(context != (isc_sha512_t *)0);
1489
1490 /* If no digest buffer is passed, we don't bother doing this: */
1491 if (digest != (isc_uint8_t*)0) {
1492 isc_sha512_last(context);
1493
1494 /* Save the hash data for output: */
1495 #if BYTE_ORDER == LITTLE_ENDIAN
1496 {
1497 /* Convert TO host byte order */
1498 int j;
1499 for (j = 0; j < 8; j++) {
1500 REVERSE64(context->state[j],context->state[j]);
1501 *d++ = context->state[j];
1502 }
1503 }
1504 #else
1505 memmove(d, context->state, ISC_SHA512_DIGESTLENGTH);
1506 #endif
1507 }
1508
1509 /* Zero out state data */
1510 memset(context, 0, sizeof(*context));
1511 }
1512
1513
1514 /*** SHA-384: *********************************************************/
1515 void
isc_sha384_init(isc_sha384_t * context)1516 isc_sha384_init(isc_sha384_t *context) {
1517 if (context == (isc_sha384_t *)0) {
1518 return;
1519 }
1520 memmove(context->state, sha384_initial_hash_value,
1521 ISC_SHA512_DIGESTLENGTH);
1522 memset(context->buffer, 0, ISC_SHA384_BLOCK_LENGTH);
1523 context->bitcount[0] = context->bitcount[1] = 0;
1524 }
1525
1526 void
isc_sha384_invalidate(isc_sha384_t * context)1527 isc_sha384_invalidate(isc_sha384_t *context) {
1528 memset(context, 0, sizeof(isc_sha384_t));
1529 }
1530
1531 void
isc_sha384_update(isc_sha384_t * context,const isc_uint8_t * data,size_t len)1532 isc_sha384_update(isc_sha384_t *context, const isc_uint8_t* data, size_t len) {
1533 isc_sha512_update((isc_sha512_t *)context, data, len);
1534 }
1535
1536 void
isc_sha384_final(isc_uint8_t digest[],isc_sha384_t * context)1537 isc_sha384_final(isc_uint8_t digest[], isc_sha384_t *context) {
1538 isc_uint64_t *d = (isc_uint64_t*)digest;
1539
1540 /* Sanity check: */
1541 REQUIRE(context != (isc_sha384_t *)0);
1542
1543 /* If no digest buffer is passed, we don't bother doing this: */
1544 if (digest != (isc_uint8_t*)0) {
1545 isc_sha512_last((isc_sha512_t *)context);
1546
1547 /* Save the hash data for output: */
1548 #if BYTE_ORDER == LITTLE_ENDIAN
1549 {
1550 /* Convert TO host byte order */
1551 int j;
1552 for (j = 0; j < 6; j++) {
1553 REVERSE64(context->state[j],context->state[j]);
1554 *d++ = context->state[j];
1555 }
1556 }
1557 #else
1558 memmove(d, context->state, ISC_SHA384_DIGESTLENGTH);
1559 #endif
1560 }
1561
1562 /* Zero out state data */
1563 memset(context, 0, sizeof(*context));
1564 }
1565 #endif /* !ISC_PLATFORM_OPENSSLHASH */
1566
1567 /*
1568 * Constant used by SHA256/384/512_End() functions for converting the
1569 * digest to a readable hexadecimal character string:
1570 */
1571 static const char *sha2_hex_digits = "0123456789abcdef";
1572
1573 char *
isc_sha224_end(isc_sha224_t * context,char buffer[])1574 isc_sha224_end(isc_sha224_t *context, char buffer[]) {
1575 isc_uint8_t digest[ISC_SHA224_DIGESTLENGTH], *d = digest;
1576 unsigned int i;
1577
1578 /* Sanity check: */
1579 REQUIRE(context != (isc_sha224_t *)0);
1580
1581 if (buffer != (char*)0) {
1582 isc_sha224_final(digest, context);
1583
1584 for (i = 0; i < ISC_SHA224_DIGESTLENGTH; i++) {
1585 *buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4];
1586 *buffer++ = sha2_hex_digits[*d & 0x0f];
1587 d++;
1588 }
1589 *buffer = (char)0;
1590 } else {
1591 #ifdef ISC_PLATFORM_OPENSSLHASH
1592 EVP_MD_CTX_cleanup(context);
1593 #elif PKCS11CRYPTO
1594 pk11_return_session(context);
1595 #else
1596 memset(context, 0, sizeof(*context));
1597 #endif
1598 }
1599 memset(digest, 0, ISC_SHA224_DIGESTLENGTH);
1600 return buffer;
1601 }
1602
1603 char *
isc_sha224_data(const isc_uint8_t * data,size_t len,char digest[ISC_SHA224_DIGESTSTRINGLENGTH])1604 isc_sha224_data(const isc_uint8_t *data, size_t len,
1605 char digest[ISC_SHA224_DIGESTSTRINGLENGTH])
1606 {
1607 isc_sha224_t context;
1608
1609 isc_sha224_init(&context);
1610 isc_sha224_update(&context, data, len);
1611 return (isc_sha224_end(&context, digest));
1612 }
1613
1614 char *
isc_sha256_end(isc_sha256_t * context,char buffer[])1615 isc_sha256_end(isc_sha256_t *context, char buffer[]) {
1616 isc_uint8_t digest[ISC_SHA256_DIGESTLENGTH], *d = digest;
1617 unsigned int i;
1618
1619 /* Sanity check: */
1620 REQUIRE(context != (isc_sha256_t *)0);
1621
1622 if (buffer != (char*)0) {
1623 isc_sha256_final(digest, context);
1624
1625 for (i = 0; i < ISC_SHA256_DIGESTLENGTH; i++) {
1626 *buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4];
1627 *buffer++ = sha2_hex_digits[*d & 0x0f];
1628 d++;
1629 }
1630 *buffer = (char)0;
1631 } else {
1632 #ifdef ISC_PLATFORM_OPENSSLHASH
1633 EVP_MD_CTX_cleanup(context);
1634 #elif PKCS11CRYPTO
1635 pk11_return_session(context);
1636 #else
1637 memset(context, 0, sizeof(*context));
1638 #endif
1639 }
1640 memset(digest, 0, ISC_SHA256_DIGESTLENGTH);
1641 return buffer;
1642 }
1643
1644 char *
isc_sha256_data(const isc_uint8_t * data,size_t len,char digest[ISC_SHA256_DIGESTSTRINGLENGTH])1645 isc_sha256_data(const isc_uint8_t* data, size_t len,
1646 char digest[ISC_SHA256_DIGESTSTRINGLENGTH])
1647 {
1648 isc_sha256_t context;
1649
1650 isc_sha256_init(&context);
1651 isc_sha256_update(&context, data, len);
1652 return (isc_sha256_end(&context, digest));
1653 }
1654
1655 char *
isc_sha512_end(isc_sha512_t * context,char buffer[])1656 isc_sha512_end(isc_sha512_t *context, char buffer[]) {
1657 isc_uint8_t digest[ISC_SHA512_DIGESTLENGTH], *d = digest;
1658 unsigned int i;
1659
1660 /* Sanity check: */
1661 REQUIRE(context != (isc_sha512_t *)0);
1662
1663 if (buffer != (char*)0) {
1664 isc_sha512_final(digest, context);
1665
1666 for (i = 0; i < ISC_SHA512_DIGESTLENGTH; i++) {
1667 *buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4];
1668 *buffer++ = sha2_hex_digits[*d & 0x0f];
1669 d++;
1670 }
1671 *buffer = (char)0;
1672 } else {
1673 #ifdef ISC_PLATFORM_OPENSSLHASH
1674 EVP_MD_CTX_cleanup(context);
1675 #elif PKCS11CRYPTO
1676 pk11_return_session(context);
1677 #else
1678 memset(context, 0, sizeof(*context));
1679 #endif
1680 }
1681 memset(digest, 0, ISC_SHA512_DIGESTLENGTH);
1682 return buffer;
1683 }
1684
1685 char *
isc_sha512_data(const isc_uint8_t * data,size_t len,char digest[ISC_SHA512_DIGESTSTRINGLENGTH])1686 isc_sha512_data(const isc_uint8_t *data, size_t len,
1687 char digest[ISC_SHA512_DIGESTSTRINGLENGTH])
1688 {
1689 isc_sha512_t context;
1690
1691 isc_sha512_init(&context);
1692 isc_sha512_update(&context, data, len);
1693 return (isc_sha512_end(&context, digest));
1694 }
1695
1696 char *
isc_sha384_end(isc_sha384_t * context,char buffer[])1697 isc_sha384_end(isc_sha384_t *context, char buffer[]) {
1698 isc_uint8_t digest[ISC_SHA384_DIGESTLENGTH], *d = digest;
1699 unsigned int i;
1700
1701 /* Sanity check: */
1702 REQUIRE(context != (isc_sha384_t *)0);
1703
1704 if (buffer != (char*)0) {
1705 isc_sha384_final(digest, context);
1706
1707 for (i = 0; i < ISC_SHA384_DIGESTLENGTH; i++) {
1708 *buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4];
1709 *buffer++ = sha2_hex_digits[*d & 0x0f];
1710 d++;
1711 }
1712 *buffer = (char)0;
1713 } else {
1714 #ifdef ISC_PLATFORM_OPENSSLHASH
1715 EVP_MD_CTX_cleanup(context);
1716 #elif PKCS11CRYPTO
1717 pk11_return_session(context);
1718 #else
1719 memset(context, 0, sizeof(*context));
1720 #endif
1721 }
1722 memset(digest, 0, ISC_SHA384_DIGESTLENGTH);
1723 return buffer;
1724 }
1725
1726 char *
isc_sha384_data(const isc_uint8_t * data,size_t len,char digest[ISC_SHA384_DIGESTSTRINGLENGTH])1727 isc_sha384_data(const isc_uint8_t *data, size_t len,
1728 char digest[ISC_SHA384_DIGESTSTRINGLENGTH])
1729 {
1730 isc_sha384_t context;
1731
1732 isc_sha384_init(&context);
1733 isc_sha384_update(&context, data, len);
1734 return (isc_sha384_end(&context, digest));
1735 }
1736