91 #if !defined(BYTE_ORDER) || (BYTE_ORDER != LITTLE_ENDIAN && BYTE_ORDER != BIG_ENDIAN)
92 #error Define BYTE_ORDER to be equal to either LITTLE_ENDIAN or BIG_ENDIAN
109 #ifdef SHA2_USE_INTTYPES_H
126 #define SHA256_SHORT_BLOCK_LENGTH (SHA256_BLOCK_LENGTH - 8)
127 #define SHA384_SHORT_BLOCK_LENGTH (SHA384_BLOCK_LENGTH - 16)
128 #define SHA512_SHORT_BLOCK_LENGTH (SHA512_BLOCK_LENGTH - 16)
131 #if (defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L)) || defined(__GNUC__) || defined(_HPUX_SOURCE) || defined(__IBMC__)
132 #define ULL(number) number##ULL
134 #define ULL(number) (uint64_t)(number)
137 #if BYTE_ORDER == LITTLE_ENDIAN
138 #define REVERSE32(w,x) { \
139 sha2_word32 tmp = (w); \
140 tmp = (tmp >> 16) | (tmp << 16); \
141 (x) = ((tmp & (sha2_word32)0xff00ff00UL) >> 8) | ((tmp & (sha2_word32)0x00ff00ffUL) << 8); \
143 #define REVERSE64(w,x) { \
144 sha2_word64 tmp = (w); \
145 tmp = (tmp >> 32) | (tmp << 32); \
146 tmp = ((tmp & ULL(0xff00ff00ff00ff00)) >> 8) | \
147 ((tmp & ULL(0x00ff00ff00ff00ff)) << 8); \
148 (x) = ((tmp & ULL(0xffff0000ffff0000)) >> 16) | \
149 ((tmp & ULL(0x0000ffff0000ffff)) << 16); \
158 #define ADDINC128(w,n) { \
159 (w)[0] += (sha2_word64)(n); \
160 if ((w)[0] < (n)) { \
174 #if !defined(SHA2_USE_MEMSET_MEMCPY) && !defined(SHA2_USE_BZERO_BCOPY)
176 #define SHA2_USE_MEMSET_MEMCPY 1
178 #if defined(SHA2_USE_MEMSET_MEMCPY) && defined(SHA2_USE_BZERO_BCOPY)
180 #error Define either SHA2_USE_MEMSET_MEMCPY or SHA2_USE_BZERO_BCOPY, not both!
183 #ifdef SHA2_USE_MEMSET_MEMCPY
184 #define MEMSET_BZERO(p,l) memset((p), 0, (l))
185 #define MEMCPY_BCOPY(d,s,l) memcpy((d), (s), (l))
187 #ifdef SHA2_USE_BZERO_BCOPY
188 #define MEMSET_BZERO(p,l) bzero((p), (l))
189 #define MEMCPY_BCOPY(d,s,l) bcopy((s), (d), (l))
203 #define R(b,x) ((x) >> (b))
205 #define S32(b,x) (((x) >> (b)) | ((x) << (32 - (b))))
207 #define S64(b,x) (((x) >> (b)) | ((x) << (64 - (b))))
210 #define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z)))
211 #define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
214 #define Sigma0_256(x) (S32(2, (x)) ^ S32(13, (x)) ^ S32(22, (x)))
215 #define Sigma1_256(x) (S32(6, (x)) ^ S32(11, (x)) ^ S32(25, (x)))
216 #define sigma0_256(x) (S32(7, (x)) ^ S32(18, (x)) ^ R(3 , (x)))
217 #define sigma1_256(x) (S32(17, (x)) ^ S32(19, (x)) ^ R(10, (x)))
220 #define Sigma0_512(x) (S64(28, (x)) ^ S64(34, (x)) ^ S64(39, (x)))
221 #define Sigma1_512(x) (S64(14, (x)) ^ S64(18, (x)) ^ S64(41, (x)))
222 #define sigma0_512(x) (S64( 1, (x)) ^ S64( 8, (x)) ^ R( 7, (x)))
223 #define sigma1_512(x) (S64(19, (x)) ^ S64(61, (x)) ^ R( 6, (x)))
238 0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL,
239 0x3956c25bUL, 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL,
240 0xd807aa98UL, 0x12835b01UL, 0x243185beUL, 0x550c7dc3UL,
241 0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL, 0xc19bf174UL,
242 0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL,
243 0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL,
244 0x983e5152UL, 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL,
245 0xc6e00bf3UL, 0xd5a79147UL, 0x06ca6351UL, 0x14292967UL,
246 0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL, 0x53380d13UL,
247 0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL,
248 0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL,
249 0xd192e819UL, 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL,
250 0x19a4c116UL, 0x1e376c08UL, 0x2748774cUL, 0x34b0bcb5UL,
251 0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL, 0x682e6ff3UL,
252 0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL,
253 0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL
270 ULL(0x428a2f98d728ae22),
ULL(0x7137449123ef65cd),
271 ULL(0xb5c0fbcfec4d3b2f),
ULL(0xe9b5dba58189dbbc),
272 ULL(0x3956c25bf348b538),
ULL(0x59f111f1b605d019),
273 ULL(0x923f82a4af194f9b),
ULL(0xab1c5ed5da6d8118),
274 ULL(0xd807aa98a3030242),
ULL(0x12835b0145706fbe),
275 ULL(0x243185be4ee4b28c),
ULL(0x550c7dc3d5ffb4e2),
276 ULL(0x72be5d74f27b896f),
ULL(0x80deb1fe3b1696b1),
277 ULL(0x9bdc06a725c71235),
ULL(0xc19bf174cf692694),
278 ULL(0xe49b69c19ef14ad2),
ULL(0xefbe4786384f25e3),
279 ULL(0x0fc19dc68b8cd5b5),
ULL(0x240ca1cc77ac9c65),
280 ULL(0x2de92c6f592b0275),
ULL(0x4a7484aa6ea6e483),
281 ULL(0x5cb0a9dcbd41fbd4),
ULL(0x76f988da831153b5),
282 ULL(0x983e5152ee66dfab),
ULL(0xa831c66d2db43210),
283 ULL(0xb00327c898fb213f),
ULL(0xbf597fc7beef0ee4),
284 ULL(0xc6e00bf33da88fc2),
ULL(0xd5a79147930aa725),
285 ULL(0x06ca6351e003826f),
ULL(0x142929670a0e6e70),
286 ULL(0x27b70a8546d22ffc),
ULL(0x2e1b21385c26c926),
287 ULL(0x4d2c6dfc5ac42aed),
ULL(0x53380d139d95b3df),
288 ULL(0x650a73548baf63de),
ULL(0x766a0abb3c77b2a8),
289 ULL(0x81c2c92e47edaee6),
ULL(0x92722c851482353b),
290 ULL(0xa2bfe8a14cf10364),
ULL(0xa81a664bbc423001),
291 ULL(0xc24b8b70d0f89791),
ULL(0xc76c51a30654be30),
292 ULL(0xd192e819d6ef5218),
ULL(0xd69906245565a910),
293 ULL(0xf40e35855771202a),
ULL(0x106aa07032bbd1b8),
294 ULL(0x19a4c116b8d2d0c8),
ULL(0x1e376c085141ab53),
295 ULL(0x2748774cdf8eeb99),
ULL(0x34b0bcb5e19b48a8),
296 ULL(0x391c0cb3c5c95a63),
ULL(0x4ed8aa4ae3418acb),
297 ULL(0x5b9cca4f7763e373),
ULL(0x682e6ff3d6b2b8a3),
298 ULL(0x748f82ee5defb2fc),
ULL(0x78a5636f43172f60),
299 ULL(0x84c87814a1f0ab72),
ULL(0x8cc702081a6439ec),
300 ULL(0x90befffa23631e28),
ULL(0xa4506cebde82bde9),
301 ULL(0xbef9a3f7b2c67915),
ULL(0xc67178f2e372532b),
302 ULL(0xca273eceea26619c),
ULL(0xd186b8c721c0c207),
303 ULL(0xeada7dd6cde0eb1e),
ULL(0xf57d4f7fee6ed178),
304 ULL(0x06f067aa72176fba),
ULL(0x0a637dc5a2c898a6),
305 ULL(0x113f9804bef90dae),
ULL(0x1b710b35131c471b),
306 ULL(0x28db77f523047d84),
ULL(0x32caab7b40c72493),
307 ULL(0x3c9ebe0a15c9bebc),
ULL(0x431d67c49c100d4c),
308 ULL(0x4cc5d4becb3e42b6),
ULL(0x597f299cfc657e2a),
309 ULL(0x5fcb6fab3ad6faec),
ULL(0x6c44198c4a475817)
314 ULL(0xcbbb9d5dc1059ed8),
315 ULL(0x629a292a367cd507),
316 ULL(0x9159015a3070dd17),
317 ULL(0x152fecd8f70e5939),
318 ULL(0x67332667ffc00b31),
319 ULL(0x8eb44a8768581511),
320 ULL(0xdb0c2e0d64f98fa7),
321 ULL(0x47b5481dbefa4fa4)
326 ULL(0x6a09e667f3bcc908),
327 ULL(0xbb67ae8584caa73b),
328 ULL(0x3c6ef372fe94f82b),
329 ULL(0xa54ff53a5f1d36f1),
330 ULL(0x510e527fade682d1),
331 ULL(0x9b05688c2b3e6c1f),
332 ULL(0x1f83d9abfb41bd6b),
333 ULL(0x5be0cd19137e2179)
353 #ifdef SHA2_UNROLL_TRANSFORM
357 #if BYTE_ORDER == LITTLE_ENDIAN
359 #define ROUND256_0_TO_15(a,b,c,d,e,f,g,h) \
360 REVERSE32(*data++, W256[j]); \
361 T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + \
364 (h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \
370 #define ROUND256_0_TO_15(a,b,c,d,e,f,g,h) \
371 T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + \
372 K256[j] + (W256[j] = *data++); \
374 (h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \
379 #define ROUND256(a,b,c,d,e,f,g,h) \
380 s0 = W256[(j+1)&0x0f]; \
381 s0 = sigma0_256(s0); \
382 s1 = W256[(j+14)&0x0f]; \
383 s1 = sigma1_256(s1); \
384 T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + K256[j] + \
385 (W256[j&0x0f] += s1 + W256[(j+9)&0x0f] + s0); \
387 (h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \
398 a = context->
state[0];
399 b = context->
state[1];
400 c = context->
state[2];
401 d = context->
state[3];
402 e = context->
state[4];
403 f = context->
state[5];
404 g = context->
state[6];
405 h = context->
state[7];
410 ROUND256_0_TO_15(a,b,c,d,e,f,g,h);
411 ROUND256_0_TO_15(h,a,b,c,d,e,f,g);
412 ROUND256_0_TO_15(g,h,a,b,c,d,e,f);
413 ROUND256_0_TO_15(f,g,h,a,b,c,d,e);
414 ROUND256_0_TO_15(e,f,g,h,a,b,c,d);
415 ROUND256_0_TO_15(d,e,f,g,h,a,b,c);
416 ROUND256_0_TO_15(c,d,e,f,g,h,a,b);
417 ROUND256_0_TO_15(b,c,d,e,f,g,h,a);
422 ROUND256(a,b,c,d,e,f,g,h);
423 ROUND256(h,a,b,c,d,e,f,g);
424 ROUND256(g,h,a,b,c,d,e,f);
425 ROUND256(f,g,h,a,b,c,d,e);
426 ROUND256(e,f,g,h,a,b,c,d);
427 ROUND256(d,e,f,g,h,a,b,c);
428 ROUND256(c,d,e,f,g,h,a,b);
429 ROUND256(b,c,d,e,f,g,h,a);
433 context->
state[0] += a;
434 context->
state[1] += b;
436 context->
state[3] += d;
437 context->
state[4] += e;
439 context->
state[6] += g;
440 context->
state[7] += h;
443 a = b = c = d = e = f = g = h = T1 = 0;
456 a = context->
state[0];
457 b = context->
state[1];
458 c = context->
state[2];
459 d = context->
state[3];
460 e = context->
state[4];
461 f = context->
state[5];
462 g = context->
state[6];
463 h = context->
state[7];
491 s0 = W256[(j+1)&0x0f];
493 s1 = W256[(j+14)&0x0f];
498 (W256[j&0x0f] += s1 + W256[(j+9)&0x0f] + s0);
513 context->
state[0] += a;
514 context->
state[1] += b;
516 context->
state[3] += d;
517 context->
state[4] += e;
519 context->
state[6] += g;
520 context->
state[7] += h;
523 a = b = c = d = e = f = g = h = T1 =
T2 = 0;
529 unsigned int freespace, usedspace;
544 if (len >= freespace) {
547 context->
bitcount += freespace << 3;
556 usedspace = freespace = 0;
574 usedspace = freespace = 0;
579 unsigned int usedspace;
587 #if BYTE_ORDER == LITTLE_ENDIAN
593 context->
buffer[usedspace++] = 0x80;
621 #if BYTE_ORDER == LITTLE_ENDIAN
625 for (j = 0; j < 8; j++) {
627 *d++ = context->
state[j];
647 if (buffer != (
char*)0) {
681 #ifdef SHA2_UNROLL_TRANSFORM
684 #if BYTE_ORDER == LITTLE_ENDIAN
686 #define ROUND512_0_TO_15(a,b,c,d,e,f,g,h) \
687 REVERSE64(*data++, W512[j]); \
688 T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + \
691 (h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)), \
697 #define ROUND512_0_TO_15(a,b,c,d,e,f,g,h) \
698 T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + \
699 K512[j] + (W512[j] = *data++); \
701 (h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)); \
706 #define ROUND512(a,b,c,d,e,f,g,h) \
707 s0 = W512[(j+1)&0x0f]; \
708 s0 = sigma0_512(s0); \
709 s1 = W512[(j+14)&0x0f]; \
710 s1 = sigma1_512(s1); \
711 T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + K512[j] + \
712 (W512[j&0x0f] += s1 + W512[(j+9)&0x0f] + s0); \
714 (h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)); \
723 a = context->
state[0];
724 b = context->
state[1];
725 c = context->
state[2];
726 d = context->
state[3];
727 e = context->
state[4];
728 f = context->
state[5];
729 g = context->
state[6];
730 h = context->
state[7];
734 ROUND512_0_TO_15(a,b,c,d,e,f,g,h);
735 ROUND512_0_TO_15(h,a,b,c,d,e,f,g);
736 ROUND512_0_TO_15(g,h,a,b,c,d,e,f);
737 ROUND512_0_TO_15(f,g,h,a,b,c,d,e);
738 ROUND512_0_TO_15(e,f,g,h,a,b,c,d);
739 ROUND512_0_TO_15(d,e,f,g,h,a,b,c);
740 ROUND512_0_TO_15(c,d,e,f,g,h,a,b);
741 ROUND512_0_TO_15(b,c,d,e,f,g,h,a);
746 ROUND512(a,b,c,d,e,f,g,h);
747 ROUND512(h,a,b,c,d,e,f,g);
748 ROUND512(g,h,a,b,c,d,e,f);
749 ROUND512(f,g,h,a,b,c,d,e);
750 ROUND512(e,f,g,h,a,b,c,d);
751 ROUND512(d,e,f,g,h,a,b,c);
752 ROUND512(c,d,e,f,g,h,a,b);
753 ROUND512(b,c,d,e,f,g,h,a);
757 context->
state[0] += a;
758 context->
state[1] += b;
760 context->
state[3] += d;
761 context->
state[4] += e;
763 context->
state[6] += g;
764 context->
state[7] += h;
767 a = b = c = d = e = f = g = h = T1 = 0;
778 a = context->
state[0];
779 b = context->
state[1];
780 c = context->
state[2];
781 d = context->
state[3];
782 e = context->
state[4];
783 f = context->
state[5];
784 g = context->
state[6];
785 h = context->
state[7];
813 s0 = W512[(j+1)&0x0f];
815 s1 = W512[(j+14)&0x0f];
820 (W512[j&0x0f] += s1 + W512[(j+9)&0x0f] + s0);
835 context->
state[0] += a;
836 context->
state[1] += b;
838 context->
state[3] += d;
839 context->
state[4] += e;
841 context->
state[6] += g;
842 context->
state[7] += h;
845 a = b = c = d = e = f = g = h = T1 =
T2 = 0;
851 unsigned int freespace, usedspace;
866 if (len >= freespace) {
878 usedspace = freespace = 0;
896 usedspace = freespace = 0;
900 unsigned int usedspace;
903 #if BYTE_ORDER == LITTLE_ENDIAN
910 context->
buffer[usedspace++] = 0x80;
951 #if BYTE_ORDER == LITTLE_ENDIAN
955 for (j = 0; j < 8; j++) {
957 *d++ = context->
state[j];
976 if (buffer != (
char*)0) {
1025 #if BYTE_ORDER == LITTLE_ENDIAN
1029 for (j = 0; j < 6; j++) {
1031 *d++ = context->
state[j];
1050 if (buffer != (
char*)0) {
void SHA256_Init(SHA256_CTX *context)
#define SHA256_DIGEST_STRING_LENGTH
#define SHA384_BLOCK_LENGTH
static const sha2_word64 sha512_initial_hash_value[8]
char * SHA384_End(SHA384_CTX *context, char buffer[])
#define SHA256_BLOCK_LENGTH
static const sha2_word32 K256[64]
void SHA256_Update(SHA256_CTX *context, const sha2_byte *data, size_t len)
uint8_t buffer[SHA512_BLOCK_LENGTH]
void SHA512_Transform(SHA512_CTX *, const sha2_word64 *)
char * SHA512_End(SHA512_CTX *context, char buffer[])
char * SHA256_End(SHA256_CTX *context, char buffer[])
static const sha2_word64 K512[80]
unsigned long long uint64_t
void SHA512_Last(SHA512_CTX *)
#define MEMCPY_BCOPY(d, s, l)
void SHA512_Final(sha2_byte digest[], SHA512_CTX *context)
#define MEMSET_BZERO(p, l)
void SHA384_Init(SHA384_CTX *context)
#define SHA384_DIGEST_LENGTH
void SHA384_Final(sha2_byte digest[], SHA384_CTX *context)
static const sha2_word32 sha256_initial_hash_value[8]
static const char * sha2_hex_digits
void SHA256_Final(sha2_byte digest[], SHA256_CTX *context)
char * SHA256_Data(const sha2_byte *data, size_t len, char digest[SHA256_DIGEST_STRING_LENGTH])
void SHA512_Init(SHA512_CTX *context)
void SHA384_Update(SHA384_CTX *context, const sha2_byte *data, size_t len)
char * SHA384_Data(const sha2_byte *data, size_t len, char digest[SHA384_DIGEST_STRING_LENGTH])
static const sha2_word64 sha384_initial_hash_value[8]
#define SHA256_DIGEST_LENGTH
#define SHA512_SHORT_BLOCK_LENGTH
void SHA512_Update(SHA512_CTX *context, const sha2_byte *data, size_t len)
#define SHA384_DIGEST_STRING_LENGTH
#define assert(condition)
#define SHA512_DIGEST_LENGTH
#define SHA512_BLOCK_LENGTH
#define SHA256_SHORT_BLOCK_LENGTH
void SHA256_Transform(SHA256_CTX *, const sha2_word32 *)
uint8_t buffer[SHA256_BLOCK_LENGTH]
char * SHA512_Data(const sha2_byte *data, size_t len, char digest[SHA512_DIGEST_STRING_LENGTH])
#define SHA512_DIGEST_STRING_LENGTH