1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/security/nss/lib/freebl/sha512.c Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,1598 @@
1.4 +/*
1.5 + * sha512.c - implementation of SHA224, SHA256, SHA384 and SHA512
1.6 + *
1.7 + * This Source Code Form is subject to the terms of the Mozilla Public
1.8 + * License, v. 2.0. If a copy of the MPL was not distributed with this
1.9 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
1.10 +
1.11 +#ifdef FREEBL_NO_DEPEND
1.12 +#include "stubs.h"
1.13 +#endif
1.14 +
1.15 +#include "prcpucfg.h"
1.16 +#if defined(NSS_X86) || defined(SHA_NO_LONG_LONG)
1.17 +#define NOUNROLL512 1
1.18 +#undef HAVE_LONG_LONG
1.19 +#endif
1.20 +#include "prtypes.h" /* for PRUintXX */
1.21 +#include "prlong.h"
1.22 +#include "secport.h" /* for PORT_XXX */
1.23 +#include "blapi.h"
1.24 +#include "sha256.h" /* for struct SHA256ContextStr */
1.25 +
1.26 +/* ============= Common constants and defines ======================= */
1.27 +
1.28 +#define W ctx->u.w
1.29 +#define B ctx->u.b
1.30 +#define H ctx->h
1.31 +
1.32 +#define SHR(x,n) (x >> n)
1.33 +#define SHL(x,n) (x << n)
1.34 +#define Ch(x,y,z) ((x & y) ^ (~x & z))
1.35 +#define Maj(x,y,z) ((x & y) ^ (x & z) ^ (y & z))
1.36 +#define SHA_MIN(a,b) (a < b ? a : b)
1.37 +
1.38 +/* Padding used with all flavors of SHA */
1.39 +static const PRUint8 pad[240] = {
1.40 +0x80,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
1.41 + 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
1.42 + /* compiler will fill the rest in with zeros */
1.43 +};
1.44 +
1.45 +/* ============= SHA256 implementation ================================== */
1.46 +
1.47 +/* SHA-256 constants, K256. */
1.48 +static const PRUint32 K256[64] = {
1.49 + 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5,
1.50 + 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
1.51 + 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,
1.52 + 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
1.53 + 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc,
1.54 + 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
1.55 + 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7,
1.56 + 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
1.57 + 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13,
1.58 + 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
1.59 + 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3,
1.60 + 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
1.61 + 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5,
1.62 + 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
1.63 + 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208,
1.64 + 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
1.65 +};
1.66 +
1.67 +/* SHA-256 initial hash values */
1.68 +static const PRUint32 H256[8] = {
1.69 + 0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a,
1.70 + 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19
1.71 +};
1.72 +
1.73 +#if (_MSC_VER >= 1300)
1.74 +#include <stdlib.h>
1.75 +#pragma intrinsic(_byteswap_ulong)
1.76 +#define SHA_HTONL(x) _byteswap_ulong(x)
1.77 +#define BYTESWAP4(x) x = SHA_HTONL(x)
1.78 +#elif defined(_MSC_VER) && defined(NSS_X86_OR_X64)
1.79 +#ifndef FORCEINLINE
1.80 +#if (_MSC_VER >= 1200)
1.81 +#define FORCEINLINE __forceinline
1.82 +#else
1.83 +#define FORCEINLINE __inline
1.84 +#endif
1.85 +#endif
1.86 +#define FASTCALL __fastcall
1.87 +
1.88 +static FORCEINLINE PRUint32 FASTCALL
1.89 +swap4b(PRUint32 dwd)
1.90 +{
1.91 + __asm {
1.92 + mov eax,dwd
1.93 + bswap eax
1.94 + }
1.95 +}
1.96 +
1.97 +#define SHA_HTONL(x) swap4b(x)
1.98 +#define BYTESWAP4(x) x = SHA_HTONL(x)
1.99 +
1.100 +#elif defined(__GNUC__) && defined(NSS_X86_OR_X64)
1.101 +static __inline__ PRUint32 swap4b(PRUint32 value)
1.102 +{
1.103 + __asm__("bswap %0" : "+r" (value));
1.104 + return (value);
1.105 +}
1.106 +#define SHA_HTONL(x) swap4b(x)
1.107 +#define BYTESWAP4(x) x = SHA_HTONL(x)
1.108 +
1.109 +#elif defined(__GNUC__) && (defined(__thumb2__) || \
1.110 + (!defined(__thumb__) && \
1.111 + (defined(__ARM_ARCH_6__) || \
1.112 + defined(__ARM_ARCH_6J__) || \
1.113 + defined(__ARM_ARCH_6K__) || \
1.114 + defined(__ARM_ARCH_6Z__) || \
1.115 + defined(__ARM_ARCH_6ZK__) || \
1.116 + defined(__ARM_ARCH_6T2__) || \
1.117 + defined(__ARM_ARCH_7__) || \
1.118 + defined(__ARM_ARCH_7A__) || \
1.119 + defined(__ARM_ARCH_7R__))))
1.120 +static __inline__ PRUint32 swap4b(PRUint32 value)
1.121 +{
1.122 + PRUint32 ret;
1.123 + __asm__("rev %0, %1" : "=r" (ret) : "r"(value));
1.124 + return ret;
1.125 +}
1.126 +#define SHA_HTONL(x) swap4b(x)
1.127 +#define BYTESWAP4(x) x = SHA_HTONL(x)
1.128 +
1.129 +#else
1.130 +#define SWAP4MASK 0x00FF00FF
1.131 +#define SHA_HTONL(x) (t1 = (x), t1 = (t1 << 16) | (t1 >> 16), \
1.132 + ((t1 & SWAP4MASK) << 8) | ((t1 >> 8) & SWAP4MASK))
1.133 +#define BYTESWAP4(x) x = SHA_HTONL(x)
1.134 +#endif
1.135 +
1.136 +#if defined(_MSC_VER)
1.137 +#pragma intrinsic (_lrotr, _lrotl)
1.138 +#define ROTR32(x,n) _lrotr(x,n)
1.139 +#define ROTL32(x,n) _lrotl(x,n)
1.140 +#else
1.141 +#define ROTR32(x,n) ((x >> n) | (x << ((8 * sizeof x) - n)))
1.142 +#define ROTL32(x,n) ((x << n) | (x >> ((8 * sizeof x) - n)))
1.143 +#endif
1.144 +
1.145 +/* Capitol Sigma and lower case sigma functions */
1.146 +#define S0(x) (ROTR32(x, 2) ^ ROTR32(x,13) ^ ROTR32(x,22))
1.147 +#define S1(x) (ROTR32(x, 6) ^ ROTR32(x,11) ^ ROTR32(x,25))
1.148 +#define s0(x) (t1 = x, ROTR32(t1, 7) ^ ROTR32(t1,18) ^ SHR(t1, 3))
1.149 +#define s1(x) (t2 = x, ROTR32(t2,17) ^ ROTR32(t2,19) ^ SHR(t2,10))
1.150 +
1.151 +SHA256Context *
1.152 +SHA256_NewContext(void)
1.153 +{
1.154 + SHA256Context *ctx = PORT_New(SHA256Context);
1.155 + return ctx;
1.156 +}
1.157 +
1.158 +void
1.159 +SHA256_DestroyContext(SHA256Context *ctx, PRBool freeit)
1.160 +{
1.161 + memset(ctx, 0, sizeof *ctx);
1.162 + if (freeit) {
1.163 + PORT_Free(ctx);
1.164 + }
1.165 +}
1.166 +
1.167 +void
1.168 +SHA256_Begin(SHA256Context *ctx)
1.169 +{
1.170 + memset(ctx, 0, sizeof *ctx);
1.171 + memcpy(H, H256, sizeof H256);
1.172 +}
1.173 +
1.174 +static void
1.175 +SHA256_Compress(SHA256Context *ctx)
1.176 +{
1.177 + {
1.178 + register PRUint32 t1, t2;
1.179 +
1.180 +#if defined(IS_LITTLE_ENDIAN)
1.181 + BYTESWAP4(W[0]);
1.182 + BYTESWAP4(W[1]);
1.183 + BYTESWAP4(W[2]);
1.184 + BYTESWAP4(W[3]);
1.185 + BYTESWAP4(W[4]);
1.186 + BYTESWAP4(W[5]);
1.187 + BYTESWAP4(W[6]);
1.188 + BYTESWAP4(W[7]);
1.189 + BYTESWAP4(W[8]);
1.190 + BYTESWAP4(W[9]);
1.191 + BYTESWAP4(W[10]);
1.192 + BYTESWAP4(W[11]);
1.193 + BYTESWAP4(W[12]);
1.194 + BYTESWAP4(W[13]);
1.195 + BYTESWAP4(W[14]);
1.196 + BYTESWAP4(W[15]);
1.197 +#endif
1.198 +
1.199 +#define INITW(t) W[t] = (s1(W[t-2]) + W[t-7] + s0(W[t-15]) + W[t-16])
1.200 +
1.201 + /* prepare the "message schedule" */
1.202 +#ifdef NOUNROLL256
1.203 + {
1.204 + int t;
1.205 + for (t = 16; t < 64; ++t) {
1.206 + INITW(t);
1.207 + }
1.208 + }
1.209 +#else
1.210 + INITW(16);
1.211 + INITW(17);
1.212 + INITW(18);
1.213 + INITW(19);
1.214 +
1.215 + INITW(20);
1.216 + INITW(21);
1.217 + INITW(22);
1.218 + INITW(23);
1.219 + INITW(24);
1.220 + INITW(25);
1.221 + INITW(26);
1.222 + INITW(27);
1.223 + INITW(28);
1.224 + INITW(29);
1.225 +
1.226 + INITW(30);
1.227 + INITW(31);
1.228 + INITW(32);
1.229 + INITW(33);
1.230 + INITW(34);
1.231 + INITW(35);
1.232 + INITW(36);
1.233 + INITW(37);
1.234 + INITW(38);
1.235 + INITW(39);
1.236 +
1.237 + INITW(40);
1.238 + INITW(41);
1.239 + INITW(42);
1.240 + INITW(43);
1.241 + INITW(44);
1.242 + INITW(45);
1.243 + INITW(46);
1.244 + INITW(47);
1.245 + INITW(48);
1.246 + INITW(49);
1.247 +
1.248 + INITW(50);
1.249 + INITW(51);
1.250 + INITW(52);
1.251 + INITW(53);
1.252 + INITW(54);
1.253 + INITW(55);
1.254 + INITW(56);
1.255 + INITW(57);
1.256 + INITW(58);
1.257 + INITW(59);
1.258 +
1.259 + INITW(60);
1.260 + INITW(61);
1.261 + INITW(62);
1.262 + INITW(63);
1.263 +
1.264 +#endif
1.265 +#undef INITW
1.266 + }
1.267 + {
1.268 + PRUint32 a, b, c, d, e, f, g, h;
1.269 +
1.270 + a = H[0];
1.271 + b = H[1];
1.272 + c = H[2];
1.273 + d = H[3];
1.274 + e = H[4];
1.275 + f = H[5];
1.276 + g = H[6];
1.277 + h = H[7];
1.278 +
1.279 +#define ROUND(n,a,b,c,d,e,f,g,h) \
1.280 + h += S1(e) + Ch(e,f,g) + K256[n] + W[n]; \
1.281 + d += h; \
1.282 + h += S0(a) + Maj(a,b,c);
1.283 +
1.284 +#ifdef NOUNROLL256
1.285 + {
1.286 + int t;
1.287 + for (t = 0; t < 64; t+= 8) {
1.288 + ROUND(t+0,a,b,c,d,e,f,g,h)
1.289 + ROUND(t+1,h,a,b,c,d,e,f,g)
1.290 + ROUND(t+2,g,h,a,b,c,d,e,f)
1.291 + ROUND(t+3,f,g,h,a,b,c,d,e)
1.292 + ROUND(t+4,e,f,g,h,a,b,c,d)
1.293 + ROUND(t+5,d,e,f,g,h,a,b,c)
1.294 + ROUND(t+6,c,d,e,f,g,h,a,b)
1.295 + ROUND(t+7,b,c,d,e,f,g,h,a)
1.296 + }
1.297 + }
1.298 +#else
1.299 + ROUND( 0,a,b,c,d,e,f,g,h)
1.300 + ROUND( 1,h,a,b,c,d,e,f,g)
1.301 + ROUND( 2,g,h,a,b,c,d,e,f)
1.302 + ROUND( 3,f,g,h,a,b,c,d,e)
1.303 + ROUND( 4,e,f,g,h,a,b,c,d)
1.304 + ROUND( 5,d,e,f,g,h,a,b,c)
1.305 + ROUND( 6,c,d,e,f,g,h,a,b)
1.306 + ROUND( 7,b,c,d,e,f,g,h,a)
1.307 +
1.308 + ROUND( 8,a,b,c,d,e,f,g,h)
1.309 + ROUND( 9,h,a,b,c,d,e,f,g)
1.310 + ROUND(10,g,h,a,b,c,d,e,f)
1.311 + ROUND(11,f,g,h,a,b,c,d,e)
1.312 + ROUND(12,e,f,g,h,a,b,c,d)
1.313 + ROUND(13,d,e,f,g,h,a,b,c)
1.314 + ROUND(14,c,d,e,f,g,h,a,b)
1.315 + ROUND(15,b,c,d,e,f,g,h,a)
1.316 +
1.317 + ROUND(16,a,b,c,d,e,f,g,h)
1.318 + ROUND(17,h,a,b,c,d,e,f,g)
1.319 + ROUND(18,g,h,a,b,c,d,e,f)
1.320 + ROUND(19,f,g,h,a,b,c,d,e)
1.321 + ROUND(20,e,f,g,h,a,b,c,d)
1.322 + ROUND(21,d,e,f,g,h,a,b,c)
1.323 + ROUND(22,c,d,e,f,g,h,a,b)
1.324 + ROUND(23,b,c,d,e,f,g,h,a)
1.325 +
1.326 + ROUND(24,a,b,c,d,e,f,g,h)
1.327 + ROUND(25,h,a,b,c,d,e,f,g)
1.328 + ROUND(26,g,h,a,b,c,d,e,f)
1.329 + ROUND(27,f,g,h,a,b,c,d,e)
1.330 + ROUND(28,e,f,g,h,a,b,c,d)
1.331 + ROUND(29,d,e,f,g,h,a,b,c)
1.332 + ROUND(30,c,d,e,f,g,h,a,b)
1.333 + ROUND(31,b,c,d,e,f,g,h,a)
1.334 +
1.335 + ROUND(32,a,b,c,d,e,f,g,h)
1.336 + ROUND(33,h,a,b,c,d,e,f,g)
1.337 + ROUND(34,g,h,a,b,c,d,e,f)
1.338 + ROUND(35,f,g,h,a,b,c,d,e)
1.339 + ROUND(36,e,f,g,h,a,b,c,d)
1.340 + ROUND(37,d,e,f,g,h,a,b,c)
1.341 + ROUND(38,c,d,e,f,g,h,a,b)
1.342 + ROUND(39,b,c,d,e,f,g,h,a)
1.343 +
1.344 + ROUND(40,a,b,c,d,e,f,g,h)
1.345 + ROUND(41,h,a,b,c,d,e,f,g)
1.346 + ROUND(42,g,h,a,b,c,d,e,f)
1.347 + ROUND(43,f,g,h,a,b,c,d,e)
1.348 + ROUND(44,e,f,g,h,a,b,c,d)
1.349 + ROUND(45,d,e,f,g,h,a,b,c)
1.350 + ROUND(46,c,d,e,f,g,h,a,b)
1.351 + ROUND(47,b,c,d,e,f,g,h,a)
1.352 +
1.353 + ROUND(48,a,b,c,d,e,f,g,h)
1.354 + ROUND(49,h,a,b,c,d,e,f,g)
1.355 + ROUND(50,g,h,a,b,c,d,e,f)
1.356 + ROUND(51,f,g,h,a,b,c,d,e)
1.357 + ROUND(52,e,f,g,h,a,b,c,d)
1.358 + ROUND(53,d,e,f,g,h,a,b,c)
1.359 + ROUND(54,c,d,e,f,g,h,a,b)
1.360 + ROUND(55,b,c,d,e,f,g,h,a)
1.361 +
1.362 + ROUND(56,a,b,c,d,e,f,g,h)
1.363 + ROUND(57,h,a,b,c,d,e,f,g)
1.364 + ROUND(58,g,h,a,b,c,d,e,f)
1.365 + ROUND(59,f,g,h,a,b,c,d,e)
1.366 + ROUND(60,e,f,g,h,a,b,c,d)
1.367 + ROUND(61,d,e,f,g,h,a,b,c)
1.368 + ROUND(62,c,d,e,f,g,h,a,b)
1.369 + ROUND(63,b,c,d,e,f,g,h,a)
1.370 +#endif
1.371 +
1.372 + H[0] += a;
1.373 + H[1] += b;
1.374 + H[2] += c;
1.375 + H[3] += d;
1.376 + H[4] += e;
1.377 + H[5] += f;
1.378 + H[6] += g;
1.379 + H[7] += h;
1.380 + }
1.381 +#undef ROUND
1.382 +}
1.383 +
1.384 +#undef s0
1.385 +#undef s1
1.386 +#undef S0
1.387 +#undef S1
1.388 +
1.389 +void
1.390 +SHA256_Update(SHA256Context *ctx, const unsigned char *input,
1.391 + unsigned int inputLen)
1.392 +{
1.393 + unsigned int inBuf = ctx->sizeLo & 0x3f;
1.394 + if (!inputLen)
1.395 + return;
1.396 +
1.397 + /* Add inputLen into the count of bytes processed, before processing */
1.398 + if ((ctx->sizeLo += inputLen) < inputLen)
1.399 + ctx->sizeHi++;
1.400 +
1.401 + /* if data already in buffer, attemp to fill rest of buffer */
1.402 + if (inBuf) {
1.403 + unsigned int todo = SHA256_BLOCK_LENGTH - inBuf;
1.404 + if (inputLen < todo)
1.405 + todo = inputLen;
1.406 + memcpy(B + inBuf, input, todo);
1.407 + input += todo;
1.408 + inputLen -= todo;
1.409 + if (inBuf + todo == SHA256_BLOCK_LENGTH)
1.410 + SHA256_Compress(ctx);
1.411 + }
1.412 +
1.413 + /* if enough data to fill one or more whole buffers, process them. */
1.414 + while (inputLen >= SHA256_BLOCK_LENGTH) {
1.415 + memcpy(B, input, SHA256_BLOCK_LENGTH);
1.416 + input += SHA256_BLOCK_LENGTH;
1.417 + inputLen -= SHA256_BLOCK_LENGTH;
1.418 + SHA256_Compress(ctx);
1.419 + }
1.420 + /* if data left over, fill it into buffer */
1.421 + if (inputLen)
1.422 + memcpy(B, input, inputLen);
1.423 +}
1.424 +
1.425 +void
1.426 +SHA256_End(SHA256Context *ctx, unsigned char *digest,
1.427 + unsigned int *digestLen, unsigned int maxDigestLen)
1.428 +{
1.429 + unsigned int inBuf = ctx->sizeLo & 0x3f;
1.430 + unsigned int padLen = (inBuf < 56) ? (56 - inBuf) : (56 + 64 - inBuf);
1.431 + PRUint32 hi, lo;
1.432 +#ifdef SWAP4MASK
1.433 + PRUint32 t1;
1.434 +#endif
1.435 +
1.436 + hi = (ctx->sizeHi << 3) | (ctx->sizeLo >> 29);
1.437 + lo = (ctx->sizeLo << 3);
1.438 +
1.439 + SHA256_Update(ctx, pad, padLen);
1.440 +
1.441 +#if defined(IS_LITTLE_ENDIAN)
1.442 + W[14] = SHA_HTONL(hi);
1.443 + W[15] = SHA_HTONL(lo);
1.444 +#else
1.445 + W[14] = hi;
1.446 + W[15] = lo;
1.447 +#endif
1.448 + SHA256_Compress(ctx);
1.449 +
1.450 + /* now output the answer */
1.451 +#if defined(IS_LITTLE_ENDIAN)
1.452 + BYTESWAP4(H[0]);
1.453 + BYTESWAP4(H[1]);
1.454 + BYTESWAP4(H[2]);
1.455 + BYTESWAP4(H[3]);
1.456 + BYTESWAP4(H[4]);
1.457 + BYTESWAP4(H[5]);
1.458 + BYTESWAP4(H[6]);
1.459 + BYTESWAP4(H[7]);
1.460 +#endif
1.461 + padLen = PR_MIN(SHA256_LENGTH, maxDigestLen);
1.462 + memcpy(digest, H, padLen);
1.463 + if (digestLen)
1.464 + *digestLen = padLen;
1.465 +}
1.466 +
1.467 +void
1.468 +SHA256_EndRaw(SHA256Context *ctx, unsigned char *digest,
1.469 + unsigned int *digestLen, unsigned int maxDigestLen)
1.470 +{
1.471 + PRUint32 h[8];
1.472 + unsigned int len;
1.473 +#ifdef SWAP4MASK
1.474 + PRUint32 t1;
1.475 +#endif
1.476 +
1.477 + memcpy(h, ctx->h, sizeof(h));
1.478 +
1.479 +#if defined(IS_LITTLE_ENDIAN)
1.480 + BYTESWAP4(h[0]);
1.481 + BYTESWAP4(h[1]);
1.482 + BYTESWAP4(h[2]);
1.483 + BYTESWAP4(h[3]);
1.484 + BYTESWAP4(h[4]);
1.485 + BYTESWAP4(h[5]);
1.486 + BYTESWAP4(h[6]);
1.487 + BYTESWAP4(h[7]);
1.488 +#endif
1.489 +
1.490 + len = PR_MIN(SHA256_LENGTH, maxDigestLen);
1.491 + memcpy(digest, h, len);
1.492 + if (digestLen)
1.493 + *digestLen = len;
1.494 +}
1.495 +
1.496 +SECStatus
1.497 +SHA256_HashBuf(unsigned char *dest, const unsigned char *src,
1.498 + PRUint32 src_length)
1.499 +{
1.500 + SHA256Context ctx;
1.501 + unsigned int outLen;
1.502 +
1.503 + SHA256_Begin(&ctx);
1.504 + SHA256_Update(&ctx, src, src_length);
1.505 + SHA256_End(&ctx, dest, &outLen, SHA256_LENGTH);
1.506 + memset(&ctx, 0, sizeof ctx);
1.507 +
1.508 + return SECSuccess;
1.509 +}
1.510 +
1.511 +
1.512 +SECStatus
1.513 +SHA256_Hash(unsigned char *dest, const char *src)
1.514 +{
1.515 + return SHA256_HashBuf(dest, (const unsigned char *)src, PORT_Strlen(src));
1.516 +}
1.517 +
1.518 +
1.519 +void SHA256_TraceState(SHA256Context *ctx) { }
1.520 +
1.521 +unsigned int
1.522 +SHA256_FlattenSize(SHA256Context *ctx)
1.523 +{
1.524 + return sizeof *ctx;
1.525 +}
1.526 +
1.527 +SECStatus
1.528 +SHA256_Flatten(SHA256Context *ctx,unsigned char *space)
1.529 +{
1.530 + PORT_Memcpy(space, ctx, sizeof *ctx);
1.531 + return SECSuccess;
1.532 +}
1.533 +
1.534 +SHA256Context *
1.535 +SHA256_Resurrect(unsigned char *space, void *arg)
1.536 +{
1.537 + SHA256Context *ctx = SHA256_NewContext();
1.538 + if (ctx)
1.539 + PORT_Memcpy(ctx, space, sizeof *ctx);
1.540 + return ctx;
1.541 +}
1.542 +
1.543 +void SHA256_Clone(SHA256Context *dest, SHA256Context *src)
1.544 +{
1.545 + memcpy(dest, src, sizeof *dest);
1.546 +}
1.547 +
1.548 +/* ============= SHA224 implementation ================================== */
1.549 +
1.550 +/* SHA-224 initial hash values */
1.551 +static const PRUint32 H224[8] = {
1.552 + 0xc1059ed8, 0x367cd507, 0x3070dd17, 0xf70e5939,
1.553 + 0xffc00b31, 0x68581511, 0x64f98fa7, 0xbefa4fa4
1.554 +};
1.555 +
1.556 +SHA224Context *
1.557 +SHA224_NewContext(void)
1.558 +{
1.559 + return SHA256_NewContext();
1.560 +}
1.561 +
1.562 +void
1.563 +SHA224_DestroyContext(SHA224Context *ctx, PRBool freeit)
1.564 +{
1.565 + SHA256_DestroyContext(ctx, freeit);
1.566 +}
1.567 +
1.568 +void
1.569 +SHA224_Begin(SHA224Context *ctx)
1.570 +{
1.571 + memset(ctx, 0, sizeof *ctx);
1.572 + memcpy(H, H224, sizeof H224);
1.573 +}
1.574 +
1.575 +void
1.576 +SHA224_Update(SHA224Context *ctx, const unsigned char *input,
1.577 + unsigned int inputLen)
1.578 +{
1.579 + SHA256_Update(ctx, input, inputLen);
1.580 +}
1.581 +
1.582 +void
1.583 +SHA224_End(SHA256Context *ctx, unsigned char *digest,
1.584 + unsigned int *digestLen, unsigned int maxDigestLen)
1.585 +{
1.586 + unsigned int maxLen = SHA_MIN(maxDigestLen, SHA224_LENGTH);
1.587 + SHA256_End(ctx, digest, digestLen, maxLen);
1.588 +}
1.589 +
1.590 +void
1.591 +SHA224_EndRaw(SHA256Context *ctx, unsigned char *digest,
1.592 + unsigned int *digestLen, unsigned int maxDigestLen)
1.593 +{
1.594 + unsigned int maxLen = SHA_MIN(maxDigestLen, SHA224_LENGTH);
1.595 + SHA256_EndRaw(ctx, digest, digestLen, maxLen);
1.596 +}
1.597 +
1.598 +SECStatus
1.599 +SHA224_HashBuf(unsigned char *dest, const unsigned char *src,
1.600 + PRUint32 src_length)
1.601 +{
1.602 + SHA256Context ctx;
1.603 + unsigned int outLen;
1.604 +
1.605 + SHA224_Begin(&ctx);
1.606 + SHA256_Update(&ctx, src, src_length);
1.607 + SHA256_End(&ctx, dest, &outLen, SHA224_LENGTH);
1.608 + memset(&ctx, 0, sizeof ctx);
1.609 +
1.610 + return SECSuccess;
1.611 +}
1.612 +
1.613 +SECStatus
1.614 +SHA224_Hash(unsigned char *dest, const char *src)
1.615 +{
1.616 + return SHA224_HashBuf(dest, (const unsigned char *)src, PORT_Strlen(src));
1.617 +}
1.618 +
1.619 +void SHA224_TraceState(SHA224Context *ctx) { }
1.620 +
1.621 +unsigned int
1.622 +SHA224_FlattenSize(SHA224Context *ctx)
1.623 +{
1.624 + return SHA256_FlattenSize(ctx);
1.625 +}
1.626 +
1.627 +SECStatus
1.628 +SHA224_Flatten(SHA224Context *ctx, unsigned char *space)
1.629 +{
1.630 + return SHA256_Flatten(ctx, space);
1.631 +}
1.632 +
1.633 +SHA224Context *
1.634 +SHA224_Resurrect(unsigned char *space, void *arg)
1.635 +{
1.636 + return SHA256_Resurrect(space, arg);
1.637 +}
1.638 +
1.639 +void SHA224_Clone(SHA224Context *dest, SHA224Context *src)
1.640 +{
1.641 + SHA256_Clone(dest, src);
1.642 +}
1.643 +
1.644 +
1.645 +/* ======= SHA512 and SHA384 common constants and defines ================= */
1.646 +
1.647 +/* common #defines for SHA512 and SHA384 */
1.648 +#if defined(HAVE_LONG_LONG)
1.649 +#if defined(_MSC_VER)
1.650 +#pragma intrinsic(_rotr64,_rotl64)
1.651 +#define ROTR64(x,n) _rotr64(x,n)
1.652 +#define ROTL64(x,n) _rotl64(x,n)
1.653 +#else
1.654 +#define ROTR64(x,n) ((x >> n) | (x << (64 - n)))
1.655 +#define ROTL64(x,n) ((x << n) | (x >> (64 - n)))
1.656 +#endif
1.657 +
1.658 +#define S0(x) (ROTR64(x,28) ^ ROTR64(x,34) ^ ROTR64(x,39))
1.659 +#define S1(x) (ROTR64(x,14) ^ ROTR64(x,18) ^ ROTR64(x,41))
1.660 +#define s0(x) (t1 = x, ROTR64(t1, 1) ^ ROTR64(t1, 8) ^ SHR(t1,7))
1.661 +#define s1(x) (t2 = x, ROTR64(t2,19) ^ ROTR64(t2,61) ^ SHR(t2,6))
1.662 +
1.663 +#if PR_BYTES_PER_LONG == 8
1.664 +#define ULLC(hi,lo) 0x ## hi ## lo ## UL
1.665 +#elif defined(_MSC_VER)
1.666 +#define ULLC(hi,lo) 0x ## hi ## lo ## ui64
1.667 +#else
1.668 +#define ULLC(hi,lo) 0x ## hi ## lo ## ULL
1.669 +#endif
1.670 +
1.671 +#if defined(_MSC_VER)
1.672 +#pragma intrinsic(_byteswap_uint64)
1.673 +#define SHA_HTONLL(x) _byteswap_uint64(x)
1.674 +
1.675 +#elif defined(__GNUC__) && (defined(__x86_64__) || defined(__x86_64))
1.676 +static __inline__ PRUint64 swap8b(PRUint64 value)
1.677 +{
1.678 + __asm__("bswapq %0" : "+r" (value));
1.679 + return (value);
1.680 +}
1.681 +#define SHA_HTONLL(x) swap8b(x)
1.682 +
1.683 +#else
1.684 +#define SHA_MASK16 ULLC(0000FFFF,0000FFFF)
1.685 +#define SHA_MASK8 ULLC(00FF00FF,00FF00FF)
1.686 +#define SHA_HTONLL(x) (t1 = x, \
1.687 + t1 = ((t1 & SHA_MASK8 ) << 8) | ((t1 >> 8) & SHA_MASK8 ), \
1.688 + t1 = ((t1 & SHA_MASK16) << 16) | ((t1 >> 16) & SHA_MASK16), \
1.689 + (t1 >> 32) | (t1 << 32))
1.690 +#endif
1.691 +#define BYTESWAP8(x) x = SHA_HTONLL(x)
1.692 +
1.693 +#else /* no long long */
1.694 +
1.695 +#if defined(IS_LITTLE_ENDIAN)
1.696 +#define ULLC(hi,lo) { 0x ## lo ## U, 0x ## hi ## U }
1.697 +#else
1.698 +#define ULLC(hi,lo) { 0x ## hi ## U, 0x ## lo ## U }
1.699 +#endif
1.700 +
1.701 +#define SHA_HTONLL(x) ( BYTESWAP4(x.lo), BYTESWAP4(x.hi), \
1.702 + x.hi ^= x.lo ^= x.hi ^= x.lo, x)
1.703 +#define BYTESWAP8(x) do { PRUint32 tmp; BYTESWAP4(x.lo); BYTESWAP4(x.hi); \
1.704 + tmp = x.lo; x.lo = x.hi; x.hi = tmp; } while (0)
1.705 +#endif
1.706 +
1.707 +/* SHA-384 and SHA-512 constants, K512. */
1.708 +static const PRUint64 K512[80] = {
1.709 +#if PR_BYTES_PER_LONG == 8
1.710 + 0x428a2f98d728ae22UL , 0x7137449123ef65cdUL ,
1.711 + 0xb5c0fbcfec4d3b2fUL , 0xe9b5dba58189dbbcUL ,
1.712 + 0x3956c25bf348b538UL , 0x59f111f1b605d019UL ,
1.713 + 0x923f82a4af194f9bUL , 0xab1c5ed5da6d8118UL ,
1.714 + 0xd807aa98a3030242UL , 0x12835b0145706fbeUL ,
1.715 + 0x243185be4ee4b28cUL , 0x550c7dc3d5ffb4e2UL ,
1.716 + 0x72be5d74f27b896fUL , 0x80deb1fe3b1696b1UL ,
1.717 + 0x9bdc06a725c71235UL , 0xc19bf174cf692694UL ,
1.718 + 0xe49b69c19ef14ad2UL , 0xefbe4786384f25e3UL ,
1.719 + 0x0fc19dc68b8cd5b5UL , 0x240ca1cc77ac9c65UL ,
1.720 + 0x2de92c6f592b0275UL , 0x4a7484aa6ea6e483UL ,
1.721 + 0x5cb0a9dcbd41fbd4UL , 0x76f988da831153b5UL ,
1.722 + 0x983e5152ee66dfabUL , 0xa831c66d2db43210UL ,
1.723 + 0xb00327c898fb213fUL , 0xbf597fc7beef0ee4UL ,
1.724 + 0xc6e00bf33da88fc2UL , 0xd5a79147930aa725UL ,
1.725 + 0x06ca6351e003826fUL , 0x142929670a0e6e70UL ,
1.726 + 0x27b70a8546d22ffcUL , 0x2e1b21385c26c926UL ,
1.727 + 0x4d2c6dfc5ac42aedUL , 0x53380d139d95b3dfUL ,
1.728 + 0x650a73548baf63deUL , 0x766a0abb3c77b2a8UL ,
1.729 + 0x81c2c92e47edaee6UL , 0x92722c851482353bUL ,
1.730 + 0xa2bfe8a14cf10364UL , 0xa81a664bbc423001UL ,
1.731 + 0xc24b8b70d0f89791UL , 0xc76c51a30654be30UL ,
1.732 + 0xd192e819d6ef5218UL , 0xd69906245565a910UL ,
1.733 + 0xf40e35855771202aUL , 0x106aa07032bbd1b8UL ,
1.734 + 0x19a4c116b8d2d0c8UL , 0x1e376c085141ab53UL ,
1.735 + 0x2748774cdf8eeb99UL , 0x34b0bcb5e19b48a8UL ,
1.736 + 0x391c0cb3c5c95a63UL , 0x4ed8aa4ae3418acbUL ,
1.737 + 0x5b9cca4f7763e373UL , 0x682e6ff3d6b2b8a3UL ,
1.738 + 0x748f82ee5defb2fcUL , 0x78a5636f43172f60UL ,
1.739 + 0x84c87814a1f0ab72UL , 0x8cc702081a6439ecUL ,
1.740 + 0x90befffa23631e28UL , 0xa4506cebde82bde9UL ,
1.741 + 0xbef9a3f7b2c67915UL , 0xc67178f2e372532bUL ,
1.742 + 0xca273eceea26619cUL , 0xd186b8c721c0c207UL ,
1.743 + 0xeada7dd6cde0eb1eUL , 0xf57d4f7fee6ed178UL ,
1.744 + 0x06f067aa72176fbaUL , 0x0a637dc5a2c898a6UL ,
1.745 + 0x113f9804bef90daeUL , 0x1b710b35131c471bUL ,
1.746 + 0x28db77f523047d84UL , 0x32caab7b40c72493UL ,
1.747 + 0x3c9ebe0a15c9bebcUL , 0x431d67c49c100d4cUL ,
1.748 + 0x4cc5d4becb3e42b6UL , 0x597f299cfc657e2aUL ,
1.749 + 0x5fcb6fab3ad6faecUL , 0x6c44198c4a475817UL
1.750 +#else
1.751 + ULLC(428a2f98,d728ae22), ULLC(71374491,23ef65cd),
1.752 + ULLC(b5c0fbcf,ec4d3b2f), ULLC(e9b5dba5,8189dbbc),
1.753 + ULLC(3956c25b,f348b538), ULLC(59f111f1,b605d019),
1.754 + ULLC(923f82a4,af194f9b), ULLC(ab1c5ed5,da6d8118),
1.755 + ULLC(d807aa98,a3030242), ULLC(12835b01,45706fbe),
1.756 + ULLC(243185be,4ee4b28c), ULLC(550c7dc3,d5ffb4e2),
1.757 + ULLC(72be5d74,f27b896f), ULLC(80deb1fe,3b1696b1),
1.758 + ULLC(9bdc06a7,25c71235), ULLC(c19bf174,cf692694),
1.759 + ULLC(e49b69c1,9ef14ad2), ULLC(efbe4786,384f25e3),
1.760 + ULLC(0fc19dc6,8b8cd5b5), ULLC(240ca1cc,77ac9c65),
1.761 + ULLC(2de92c6f,592b0275), ULLC(4a7484aa,6ea6e483),
1.762 + ULLC(5cb0a9dc,bd41fbd4), ULLC(76f988da,831153b5),
1.763 + ULLC(983e5152,ee66dfab), ULLC(a831c66d,2db43210),
1.764 + ULLC(b00327c8,98fb213f), ULLC(bf597fc7,beef0ee4),
1.765 + ULLC(c6e00bf3,3da88fc2), ULLC(d5a79147,930aa725),
1.766 + ULLC(06ca6351,e003826f), ULLC(14292967,0a0e6e70),
1.767 + ULLC(27b70a85,46d22ffc), ULLC(2e1b2138,5c26c926),
1.768 + ULLC(4d2c6dfc,5ac42aed), ULLC(53380d13,9d95b3df),
1.769 + ULLC(650a7354,8baf63de), ULLC(766a0abb,3c77b2a8),
1.770 + ULLC(81c2c92e,47edaee6), ULLC(92722c85,1482353b),
1.771 + ULLC(a2bfe8a1,4cf10364), ULLC(a81a664b,bc423001),
1.772 + ULLC(c24b8b70,d0f89791), ULLC(c76c51a3,0654be30),
1.773 + ULLC(d192e819,d6ef5218), ULLC(d6990624,5565a910),
1.774 + ULLC(f40e3585,5771202a), ULLC(106aa070,32bbd1b8),
1.775 + ULLC(19a4c116,b8d2d0c8), ULLC(1e376c08,5141ab53),
1.776 + ULLC(2748774c,df8eeb99), ULLC(34b0bcb5,e19b48a8),
1.777 + ULLC(391c0cb3,c5c95a63), ULLC(4ed8aa4a,e3418acb),
1.778 + ULLC(5b9cca4f,7763e373), ULLC(682e6ff3,d6b2b8a3),
1.779 + ULLC(748f82ee,5defb2fc), ULLC(78a5636f,43172f60),
1.780 + ULLC(84c87814,a1f0ab72), ULLC(8cc70208,1a6439ec),
1.781 + ULLC(90befffa,23631e28), ULLC(a4506ceb,de82bde9),
1.782 + ULLC(bef9a3f7,b2c67915), ULLC(c67178f2,e372532b),
1.783 + ULLC(ca273ece,ea26619c), ULLC(d186b8c7,21c0c207),
1.784 + ULLC(eada7dd6,cde0eb1e), ULLC(f57d4f7f,ee6ed178),
1.785 + ULLC(06f067aa,72176fba), ULLC(0a637dc5,a2c898a6),
1.786 + ULLC(113f9804,bef90dae), ULLC(1b710b35,131c471b),
1.787 + ULLC(28db77f5,23047d84), ULLC(32caab7b,40c72493),
1.788 + ULLC(3c9ebe0a,15c9bebc), ULLC(431d67c4,9c100d4c),
1.789 + ULLC(4cc5d4be,cb3e42b6), ULLC(597f299c,fc657e2a),
1.790 + ULLC(5fcb6fab,3ad6faec), ULLC(6c44198c,4a475817)
1.791 +#endif
1.792 +};
1.793 +
1.794 +struct SHA512ContextStr {
1.795 + union {
1.796 + PRUint64 w[80]; /* message schedule, input buffer, plus 64 words */
1.797 + PRUint32 l[160];
1.798 + PRUint8 b[640];
1.799 + } u;
1.800 + PRUint64 h[8]; /* 8 state variables */
1.801 + PRUint64 sizeLo; /* 64-bit count of hashed bytes. */
1.802 +};
1.803 +
1.804 +/* =========== SHA512 implementation ===================================== */
1.805 +
1.806 +/* SHA-512 initial hash values */
1.807 +static const PRUint64 H512[8] = {
1.808 +#if PR_BYTES_PER_LONG == 8
1.809 + 0x6a09e667f3bcc908UL , 0xbb67ae8584caa73bUL ,
1.810 + 0x3c6ef372fe94f82bUL , 0xa54ff53a5f1d36f1UL ,
1.811 + 0x510e527fade682d1UL , 0x9b05688c2b3e6c1fUL ,
1.812 + 0x1f83d9abfb41bd6bUL , 0x5be0cd19137e2179UL
1.813 +#else
1.814 + ULLC(6a09e667,f3bcc908), ULLC(bb67ae85,84caa73b),
1.815 + ULLC(3c6ef372,fe94f82b), ULLC(a54ff53a,5f1d36f1),
1.816 + ULLC(510e527f,ade682d1), ULLC(9b05688c,2b3e6c1f),
1.817 + ULLC(1f83d9ab,fb41bd6b), ULLC(5be0cd19,137e2179)
1.818 +#endif
1.819 +};
1.820 +
1.821 +
1.822 +SHA512Context *
1.823 +SHA512_NewContext(void)
1.824 +{
1.825 + SHA512Context *ctx = PORT_New(SHA512Context);
1.826 + return ctx;
1.827 +}
1.828 +
1.829 +void
1.830 +SHA512_DestroyContext(SHA512Context *ctx, PRBool freeit)
1.831 +{
1.832 + memset(ctx, 0, sizeof *ctx);
1.833 + if (freeit) {
1.834 + PORT_Free(ctx);
1.835 + }
1.836 +}
1.837 +
1.838 +void
1.839 +SHA512_Begin(SHA512Context *ctx)
1.840 +{
1.841 + memset(ctx, 0, sizeof *ctx);
1.842 + memcpy(H, H512, sizeof H512);
1.843 +}
1.844 +
1.845 +#if defined(SHA512_TRACE)
1.846 +#if defined(HAVE_LONG_LONG)
1.847 +#define DUMP(n,a,d,e,h) printf(" t = %2d, %s = %016lx, %s = %016lx\n", \
1.848 + n, #e, d, #a, h);
1.849 +#else
1.850 +#define DUMP(n,a,d,e,h) printf(" t = %2d, %s = %08x%08x, %s = %08x%08x\n", \
1.851 + n, #e, d.hi, d.lo, #a, h.hi, h.lo);
1.852 +#endif
1.853 +#else
1.854 +#define DUMP(n,a,d,e,h)
1.855 +#endif
1.856 +
1.857 +#if defined(HAVE_LONG_LONG)
1.858 +
1.859 +#define ADDTO(x,y) y += x
1.860 +
1.861 +#define INITW(t) W[t] = (s1(W[t-2]) + W[t-7] + s0(W[t-15]) + W[t-16])
1.862 +
1.863 +#define ROUND(n,a,b,c,d,e,f,g,h) \
1.864 + h += S1(e) + Ch(e,f,g) + K512[n] + W[n]; \
1.865 + d += h; \
1.866 + h += S0(a) + Maj(a,b,c); \
1.867 + DUMP(n,a,d,e,h)
1.868 +
1.869 +#else /* use only 32-bit variables, and don't unroll loops */
1.870 +
1.871 +#undef NOUNROLL512
1.872 +#define NOUNROLL512 1
1.873 +
1.874 +#define ADDTO(x,y) y.lo += x.lo; y.hi += x.hi + (x.lo > y.lo)
1.875 +
1.876 +#define ROTR64a(x,n,lo,hi) (x.lo >> n | x.hi << (32-n))
1.877 +#define ROTR64A(x,n,lo,hi) (x.lo << (64-n) | x.hi >> (n-32))
1.878 +#define SHR64a(x,n,lo,hi) (x.lo >> n | x.hi << (32-n))
1.879 +
1.880 +/* Capitol Sigma and lower case sigma functions */
1.881 +#define s0lo(x) (ROTR64a(x,1,lo,hi) ^ ROTR64a(x,8,lo,hi) ^ SHR64a(x,7,lo,hi))
1.882 +#define s0hi(x) (ROTR64a(x,1,hi,lo) ^ ROTR64a(x,8,hi,lo) ^ (x.hi >> 7))
1.883 +
1.884 +#define s1lo(x) (ROTR64a(x,19,lo,hi) ^ ROTR64A(x,61,lo,hi) ^ SHR64a(x,6,lo,hi))
1.885 +#define s1hi(x) (ROTR64a(x,19,hi,lo) ^ ROTR64A(x,61,hi,lo) ^ (x.hi >> 6))
1.886 +
1.887 +#define S0lo(x)(ROTR64a(x,28,lo,hi) ^ ROTR64A(x,34,lo,hi) ^ ROTR64A(x,39,lo,hi))
1.888 +#define S0hi(x)(ROTR64a(x,28,hi,lo) ^ ROTR64A(x,34,hi,lo) ^ ROTR64A(x,39,hi,lo))
1.889 +
1.890 +#define S1lo(x)(ROTR64a(x,14,lo,hi) ^ ROTR64a(x,18,lo,hi) ^ ROTR64A(x,41,lo,hi))
1.891 +#define S1hi(x)(ROTR64a(x,14,hi,lo) ^ ROTR64a(x,18,hi,lo) ^ ROTR64A(x,41,hi,lo))
1.892 +
1.893 +/* 32-bit versions of Ch and Maj */
1.894 +#define Chxx(x,y,z,lo) ((x.lo & y.lo) ^ (~x.lo & z.lo))
1.895 +#define Majx(x,y,z,lo) ((x.lo & y.lo) ^ (x.lo & z.lo) ^ (y.lo & z.lo))
1.896 +
1.897 +#define INITW(t) \
1.898 + do { \
1.899 + PRUint32 lo, tm; \
1.900 + PRUint32 cy = 0; \
1.901 + lo = s1lo(W[t-2]); \
1.902 + lo += (tm = W[t-7].lo); if (lo < tm) cy++; \
1.903 + lo += (tm = s0lo(W[t-15])); if (lo < tm) cy++; \
1.904 + lo += (tm = W[t-16].lo); if (lo < tm) cy++; \
1.905 + W[t].lo = lo; \
1.906 + W[t].hi = cy + s1hi(W[t-2]) + W[t-7].hi + s0hi(W[t-15]) + W[t-16].hi; \
1.907 + } while (0)
1.908 +
1.909 +#define ROUND(n,a,b,c,d,e,f,g,h) \
1.910 + { \
1.911 + PRUint32 lo, tm, cy; \
1.912 + lo = S1lo(e); \
1.913 + lo += (tm = Chxx(e,f,g,lo)); cy = (lo < tm); \
1.914 + lo += (tm = K512[n].lo); if (lo < tm) cy++; \
1.915 + lo += (tm = W[n].lo); if (lo < tm) cy++; \
1.916 + h.lo += lo; if (h.lo < lo) cy++; \
1.917 + h.hi += cy + S1hi(e) + Chxx(e,f,g,hi) + K512[n].hi + W[n].hi; \
1.918 + d.lo += h.lo; \
1.919 + d.hi += h.hi + (d.lo < h.lo); \
1.920 + lo = S0lo(a); \
1.921 + lo += (tm = Majx(a,b,c,lo)); cy = (lo < tm); \
1.922 + h.lo += lo; if (h.lo < lo) cy++; \
1.923 + h.hi += cy + S0hi(a) + Majx(a,b,c,hi); \
1.924 + DUMP(n,a,d,e,h) \
1.925 + }
1.926 +#endif
1.927 +
1.928 +static void
1.929 +SHA512_Compress(SHA512Context *ctx)
1.930 +{
1.931 +#if defined(IS_LITTLE_ENDIAN)
1.932 + {
1.933 +#if defined(HAVE_LONG_LONG)
1.934 + PRUint64 t1;
1.935 +#else
1.936 + PRUint32 t1;
1.937 +#endif
1.938 + BYTESWAP8(W[0]);
1.939 + BYTESWAP8(W[1]);
1.940 + BYTESWAP8(W[2]);
1.941 + BYTESWAP8(W[3]);
1.942 + BYTESWAP8(W[4]);
1.943 + BYTESWAP8(W[5]);
1.944 + BYTESWAP8(W[6]);
1.945 + BYTESWAP8(W[7]);
1.946 + BYTESWAP8(W[8]);
1.947 + BYTESWAP8(W[9]);
1.948 + BYTESWAP8(W[10]);
1.949 + BYTESWAP8(W[11]);
1.950 + BYTESWAP8(W[12]);
1.951 + BYTESWAP8(W[13]);
1.952 + BYTESWAP8(W[14]);
1.953 + BYTESWAP8(W[15]);
1.954 + }
1.955 +#endif
1.956 +
1.957 + {
1.958 + PRUint64 t1, t2;
1.959 +#ifdef NOUNROLL512
1.960 + {
1.961 + /* prepare the "message schedule" */
1.962 + int t;
1.963 + for (t = 16; t < 80; ++t) {
1.964 + INITW(t);
1.965 + }
1.966 + }
1.967 +#else
1.968 + INITW(16);
1.969 + INITW(17);
1.970 + INITW(18);
1.971 + INITW(19);
1.972 +
1.973 + INITW(20);
1.974 + INITW(21);
1.975 + INITW(22);
1.976 + INITW(23);
1.977 + INITW(24);
1.978 + INITW(25);
1.979 + INITW(26);
1.980 + INITW(27);
1.981 + INITW(28);
1.982 + INITW(29);
1.983 +
1.984 + INITW(30);
1.985 + INITW(31);
1.986 + INITW(32);
1.987 + INITW(33);
1.988 + INITW(34);
1.989 + INITW(35);
1.990 + INITW(36);
1.991 + INITW(37);
1.992 + INITW(38);
1.993 + INITW(39);
1.994 +
1.995 + INITW(40);
1.996 + INITW(41);
1.997 + INITW(42);
1.998 + INITW(43);
1.999 + INITW(44);
1.1000 + INITW(45);
1.1001 + INITW(46);
1.1002 + INITW(47);
1.1003 + INITW(48);
1.1004 + INITW(49);
1.1005 +
1.1006 + INITW(50);
1.1007 + INITW(51);
1.1008 + INITW(52);
1.1009 + INITW(53);
1.1010 + INITW(54);
1.1011 + INITW(55);
1.1012 + INITW(56);
1.1013 + INITW(57);
1.1014 + INITW(58);
1.1015 + INITW(59);
1.1016 +
1.1017 + INITW(60);
1.1018 + INITW(61);
1.1019 + INITW(62);
1.1020 + INITW(63);
1.1021 + INITW(64);
1.1022 + INITW(65);
1.1023 + INITW(66);
1.1024 + INITW(67);
1.1025 + INITW(68);
1.1026 + INITW(69);
1.1027 +
1.1028 + INITW(70);
1.1029 + INITW(71);
1.1030 + INITW(72);
1.1031 + INITW(73);
1.1032 + INITW(74);
1.1033 + INITW(75);
1.1034 + INITW(76);
1.1035 + INITW(77);
1.1036 + INITW(78);
1.1037 + INITW(79);
1.1038 +#endif
1.1039 + }
1.1040 +#ifdef SHA512_TRACE
1.1041 + {
1.1042 + int i;
1.1043 + for (i = 0; i < 80; ++i) {
1.1044 +#ifdef HAVE_LONG_LONG
1.1045 + printf("W[%2d] = %016lx\n", i, W[i]);
1.1046 +#else
1.1047 + printf("W[%2d] = %08x%08x\n", i, W[i].hi, W[i].lo);
1.1048 +#endif
1.1049 + }
1.1050 + }
1.1051 +#endif
1.1052 + {
1.1053 + PRUint64 a, b, c, d, e, f, g, h;
1.1054 +
1.1055 + a = H[0];
1.1056 + b = H[1];
1.1057 + c = H[2];
1.1058 + d = H[3];
1.1059 + e = H[4];
1.1060 + f = H[5];
1.1061 + g = H[6];
1.1062 + h = H[7];
1.1063 +
1.1064 +#ifdef NOUNROLL512
1.1065 + {
1.1066 + int t;
1.1067 + for (t = 0; t < 80; t+= 8) {
1.1068 + ROUND(t+0,a,b,c,d,e,f,g,h)
1.1069 + ROUND(t+1,h,a,b,c,d,e,f,g)
1.1070 + ROUND(t+2,g,h,a,b,c,d,e,f)
1.1071 + ROUND(t+3,f,g,h,a,b,c,d,e)
1.1072 + ROUND(t+4,e,f,g,h,a,b,c,d)
1.1073 + ROUND(t+5,d,e,f,g,h,a,b,c)
1.1074 + ROUND(t+6,c,d,e,f,g,h,a,b)
1.1075 + ROUND(t+7,b,c,d,e,f,g,h,a)
1.1076 + }
1.1077 + }
1.1078 +#else
1.1079 + ROUND( 0,a,b,c,d,e,f,g,h)
1.1080 + ROUND( 1,h,a,b,c,d,e,f,g)
1.1081 + ROUND( 2,g,h,a,b,c,d,e,f)
1.1082 + ROUND( 3,f,g,h,a,b,c,d,e)
1.1083 + ROUND( 4,e,f,g,h,a,b,c,d)
1.1084 + ROUND( 5,d,e,f,g,h,a,b,c)
1.1085 + ROUND( 6,c,d,e,f,g,h,a,b)
1.1086 + ROUND( 7,b,c,d,e,f,g,h,a)
1.1087 +
1.1088 + ROUND( 8,a,b,c,d,e,f,g,h)
1.1089 + ROUND( 9,h,a,b,c,d,e,f,g)
1.1090 + ROUND(10,g,h,a,b,c,d,e,f)
1.1091 + ROUND(11,f,g,h,a,b,c,d,e)
1.1092 + ROUND(12,e,f,g,h,a,b,c,d)
1.1093 + ROUND(13,d,e,f,g,h,a,b,c)
1.1094 + ROUND(14,c,d,e,f,g,h,a,b)
1.1095 + ROUND(15,b,c,d,e,f,g,h,a)
1.1096 +
1.1097 + ROUND(16,a,b,c,d,e,f,g,h)
1.1098 + ROUND(17,h,a,b,c,d,e,f,g)
1.1099 + ROUND(18,g,h,a,b,c,d,e,f)
1.1100 + ROUND(19,f,g,h,a,b,c,d,e)
1.1101 + ROUND(20,e,f,g,h,a,b,c,d)
1.1102 + ROUND(21,d,e,f,g,h,a,b,c)
1.1103 + ROUND(22,c,d,e,f,g,h,a,b)
1.1104 + ROUND(23,b,c,d,e,f,g,h,a)
1.1105 +
1.1106 + ROUND(24,a,b,c,d,e,f,g,h)
1.1107 + ROUND(25,h,a,b,c,d,e,f,g)
1.1108 + ROUND(26,g,h,a,b,c,d,e,f)
1.1109 + ROUND(27,f,g,h,a,b,c,d,e)
1.1110 + ROUND(28,e,f,g,h,a,b,c,d)
1.1111 + ROUND(29,d,e,f,g,h,a,b,c)
1.1112 + ROUND(30,c,d,e,f,g,h,a,b)
1.1113 + ROUND(31,b,c,d,e,f,g,h,a)
1.1114 +
1.1115 + ROUND(32,a,b,c,d,e,f,g,h)
1.1116 + ROUND(33,h,a,b,c,d,e,f,g)
1.1117 + ROUND(34,g,h,a,b,c,d,e,f)
1.1118 + ROUND(35,f,g,h,a,b,c,d,e)
1.1119 + ROUND(36,e,f,g,h,a,b,c,d)
1.1120 + ROUND(37,d,e,f,g,h,a,b,c)
1.1121 + ROUND(38,c,d,e,f,g,h,a,b)
1.1122 + ROUND(39,b,c,d,e,f,g,h,a)
1.1123 +
1.1124 + ROUND(40,a,b,c,d,e,f,g,h)
1.1125 + ROUND(41,h,a,b,c,d,e,f,g)
1.1126 + ROUND(42,g,h,a,b,c,d,e,f)
1.1127 + ROUND(43,f,g,h,a,b,c,d,e)
1.1128 + ROUND(44,e,f,g,h,a,b,c,d)
1.1129 + ROUND(45,d,e,f,g,h,a,b,c)
1.1130 + ROUND(46,c,d,e,f,g,h,a,b)
1.1131 + ROUND(47,b,c,d,e,f,g,h,a)
1.1132 +
1.1133 + ROUND(48,a,b,c,d,e,f,g,h)
1.1134 + ROUND(49,h,a,b,c,d,e,f,g)
1.1135 + ROUND(50,g,h,a,b,c,d,e,f)
1.1136 + ROUND(51,f,g,h,a,b,c,d,e)
1.1137 + ROUND(52,e,f,g,h,a,b,c,d)
1.1138 + ROUND(53,d,e,f,g,h,a,b,c)
1.1139 + ROUND(54,c,d,e,f,g,h,a,b)
1.1140 + ROUND(55,b,c,d,e,f,g,h,a)
1.1141 +
1.1142 + ROUND(56,a,b,c,d,e,f,g,h)
1.1143 + ROUND(57,h,a,b,c,d,e,f,g)
1.1144 + ROUND(58,g,h,a,b,c,d,e,f)
1.1145 + ROUND(59,f,g,h,a,b,c,d,e)
1.1146 + ROUND(60,e,f,g,h,a,b,c,d)
1.1147 + ROUND(61,d,e,f,g,h,a,b,c)
1.1148 + ROUND(62,c,d,e,f,g,h,a,b)
1.1149 + ROUND(63,b,c,d,e,f,g,h,a)
1.1150 +
1.1151 + ROUND(64,a,b,c,d,e,f,g,h)
1.1152 + ROUND(65,h,a,b,c,d,e,f,g)
1.1153 + ROUND(66,g,h,a,b,c,d,e,f)
1.1154 + ROUND(67,f,g,h,a,b,c,d,e)
1.1155 + ROUND(68,e,f,g,h,a,b,c,d)
1.1156 + ROUND(69,d,e,f,g,h,a,b,c)
1.1157 + ROUND(70,c,d,e,f,g,h,a,b)
1.1158 + ROUND(71,b,c,d,e,f,g,h,a)
1.1159 +
1.1160 + ROUND(72,a,b,c,d,e,f,g,h)
1.1161 + ROUND(73,h,a,b,c,d,e,f,g)
1.1162 + ROUND(74,g,h,a,b,c,d,e,f)
1.1163 + ROUND(75,f,g,h,a,b,c,d,e)
1.1164 + ROUND(76,e,f,g,h,a,b,c,d)
1.1165 + ROUND(77,d,e,f,g,h,a,b,c)
1.1166 + ROUND(78,c,d,e,f,g,h,a,b)
1.1167 + ROUND(79,b,c,d,e,f,g,h,a)
1.1168 +#endif
1.1169 +
1.1170 + ADDTO(a,H[0]);
1.1171 + ADDTO(b,H[1]);
1.1172 + ADDTO(c,H[2]);
1.1173 + ADDTO(d,H[3]);
1.1174 + ADDTO(e,H[4]);
1.1175 + ADDTO(f,H[5]);
1.1176 + ADDTO(g,H[6]);
1.1177 + ADDTO(h,H[7]);
1.1178 + }
1.1179 +}
1.1180 +
1.1181 +void
1.1182 +SHA512_Update(SHA512Context *ctx, const unsigned char *input,
1.1183 + unsigned int inputLen)
1.1184 +{
1.1185 + unsigned int inBuf;
1.1186 + if (!inputLen)
1.1187 + return;
1.1188 +
1.1189 +#if defined(HAVE_LONG_LONG)
1.1190 + inBuf = (unsigned int)ctx->sizeLo & 0x7f;
1.1191 + /* Add inputLen into the count of bytes processed, before processing */
1.1192 + ctx->sizeLo += inputLen;
1.1193 +#else
1.1194 + inBuf = (unsigned int)ctx->sizeLo.lo & 0x7f;
1.1195 + ctx->sizeLo.lo += inputLen;
1.1196 + if (ctx->sizeLo.lo < inputLen) ctx->sizeLo.hi++;
1.1197 +#endif
1.1198 +
1.1199 + /* if data already in buffer, attemp to fill rest of buffer */
1.1200 + if (inBuf) {
1.1201 + unsigned int todo = SHA512_BLOCK_LENGTH - inBuf;
1.1202 + if (inputLen < todo)
1.1203 + todo = inputLen;
1.1204 + memcpy(B + inBuf, input, todo);
1.1205 + input += todo;
1.1206 + inputLen -= todo;
1.1207 + if (inBuf + todo == SHA512_BLOCK_LENGTH)
1.1208 + SHA512_Compress(ctx);
1.1209 + }
1.1210 +
1.1211 + /* if enough data to fill one or more whole buffers, process them. */
1.1212 + while (inputLen >= SHA512_BLOCK_LENGTH) {
1.1213 + memcpy(B, input, SHA512_BLOCK_LENGTH);
1.1214 + input += SHA512_BLOCK_LENGTH;
1.1215 + inputLen -= SHA512_BLOCK_LENGTH;
1.1216 + SHA512_Compress(ctx);
1.1217 + }
1.1218 + /* if data left over, fill it into buffer */
1.1219 + if (inputLen)
1.1220 + memcpy(B, input, inputLen);
1.1221 +}
1.1222 +
1.1223 +void
1.1224 +SHA512_End(SHA512Context *ctx, unsigned char *digest,
1.1225 + unsigned int *digestLen, unsigned int maxDigestLen)
1.1226 +{
1.1227 +#if defined(HAVE_LONG_LONG)
1.1228 + unsigned int inBuf = (unsigned int)ctx->sizeLo & 0x7f;
1.1229 + PRUint64 t1;
1.1230 +#else
1.1231 + unsigned int inBuf = (unsigned int)ctx->sizeLo.lo & 0x7f;
1.1232 + PRUint32 t1;
1.1233 +#endif
1.1234 + unsigned int padLen = (inBuf < 112) ? (112 - inBuf) : (112 + 128 - inBuf);
1.1235 + PRUint64 lo;
1.1236 + LL_SHL(lo, ctx->sizeLo, 3);
1.1237 +
1.1238 + SHA512_Update(ctx, pad, padLen);
1.1239 +
1.1240 +#if defined(HAVE_LONG_LONG)
1.1241 + W[14] = 0;
1.1242 +#else
1.1243 + W[14].lo = 0;
1.1244 + W[14].hi = 0;
1.1245 +#endif
1.1246 +
1.1247 + W[15] = lo;
1.1248 +#if defined(IS_LITTLE_ENDIAN)
1.1249 + BYTESWAP8(W[15]);
1.1250 +#endif
1.1251 + SHA512_Compress(ctx);
1.1252 +
1.1253 + /* now output the answer */
1.1254 +#if defined(IS_LITTLE_ENDIAN)
1.1255 + BYTESWAP8(H[0]);
1.1256 + BYTESWAP8(H[1]);
1.1257 + BYTESWAP8(H[2]);
1.1258 + BYTESWAP8(H[3]);
1.1259 + BYTESWAP8(H[4]);
1.1260 + BYTESWAP8(H[5]);
1.1261 + BYTESWAP8(H[6]);
1.1262 + BYTESWAP8(H[7]);
1.1263 +#endif
1.1264 + padLen = PR_MIN(SHA512_LENGTH, maxDigestLen);
1.1265 + memcpy(digest, H, padLen);
1.1266 + if (digestLen)
1.1267 + *digestLen = padLen;
1.1268 +}
1.1269 +
1.1270 +void
1.1271 +SHA512_EndRaw(SHA512Context *ctx, unsigned char *digest,
1.1272 + unsigned int *digestLen, unsigned int maxDigestLen)
1.1273 +{
1.1274 +#if defined(HAVE_LONG_LONG)
1.1275 + PRUint64 t1;
1.1276 +#else
1.1277 + PRUint32 t1;
1.1278 +#endif
1.1279 + PRUint64 h[8];
1.1280 + unsigned int len;
1.1281 +
1.1282 + memcpy(h, ctx->h, sizeof(h));
1.1283 +
1.1284 +#if defined(IS_LITTLE_ENDIAN)
1.1285 + BYTESWAP8(h[0]);
1.1286 + BYTESWAP8(h[1]);
1.1287 + BYTESWAP8(h[2]);
1.1288 + BYTESWAP8(h[3]);
1.1289 + BYTESWAP8(h[4]);
1.1290 + BYTESWAP8(h[5]);
1.1291 + BYTESWAP8(h[6]);
1.1292 + BYTESWAP8(h[7]);
1.1293 +#endif
1.1294 + len = PR_MIN(SHA512_LENGTH, maxDigestLen);
1.1295 + memcpy(digest, h, len);
1.1296 + if (digestLen)
1.1297 + *digestLen = len;
1.1298 +}
1.1299 +
1.1300 +SECStatus
1.1301 +SHA512_HashBuf(unsigned char *dest, const unsigned char *src,
1.1302 + PRUint32 src_length)
1.1303 +{
1.1304 + SHA512Context ctx;
1.1305 + unsigned int outLen;
1.1306 +
1.1307 + SHA512_Begin(&ctx);
1.1308 + SHA512_Update(&ctx, src, src_length);
1.1309 + SHA512_End(&ctx, dest, &outLen, SHA512_LENGTH);
1.1310 + memset(&ctx, 0, sizeof ctx);
1.1311 +
1.1312 + return SECSuccess;
1.1313 +}
1.1314 +
1.1315 +
1.1316 +SECStatus
1.1317 +SHA512_Hash(unsigned char *dest, const char *src)
1.1318 +{
1.1319 + return SHA512_HashBuf(dest, (const unsigned char *)src, PORT_Strlen(src));
1.1320 +}
1.1321 +
1.1322 +
1.1323 +void SHA512_TraceState(SHA512Context *ctx) { }
1.1324 +
1.1325 +unsigned int
1.1326 +SHA512_FlattenSize(SHA512Context *ctx)
1.1327 +{
1.1328 + return sizeof *ctx;
1.1329 +}
1.1330 +
1.1331 +SECStatus
1.1332 +SHA512_Flatten(SHA512Context *ctx,unsigned char *space)
1.1333 +{
1.1334 + PORT_Memcpy(space, ctx, sizeof *ctx);
1.1335 + return SECSuccess;
1.1336 +}
1.1337 +
1.1338 +SHA512Context *
1.1339 +SHA512_Resurrect(unsigned char *space, void *arg)
1.1340 +{
1.1341 + SHA512Context *ctx = SHA512_NewContext();
1.1342 + if (ctx)
1.1343 + PORT_Memcpy(ctx, space, sizeof *ctx);
1.1344 + return ctx;
1.1345 +}
1.1346 +
1.1347 +void SHA512_Clone(SHA512Context *dest, SHA512Context *src)
1.1348 +{
1.1349 + memcpy(dest, src, sizeof *dest);
1.1350 +}
1.1351 +
1.1352 +/* ======================================================================= */
1.1353 +/* SHA384 uses a SHA512Context as the real context.
1.1354 +** The only differences between SHA384 an SHA512 are:
1.1355 +** a) the intialization values for the context, and
1.1356 +** b) the number of bytes of data produced as output.
1.1357 +*/
1.1358 +
1.1359 +/* SHA-384 initial hash values */
1.1360 +static const PRUint64 H384[8] = {
1.1361 +#if PR_BYTES_PER_LONG == 8
1.1362 + 0xcbbb9d5dc1059ed8UL , 0x629a292a367cd507UL ,
1.1363 + 0x9159015a3070dd17UL , 0x152fecd8f70e5939UL ,
1.1364 + 0x67332667ffc00b31UL , 0x8eb44a8768581511UL ,
1.1365 + 0xdb0c2e0d64f98fa7UL , 0x47b5481dbefa4fa4UL
1.1366 +#else
1.1367 + ULLC(cbbb9d5d,c1059ed8), ULLC(629a292a,367cd507),
1.1368 + ULLC(9159015a,3070dd17), ULLC(152fecd8,f70e5939),
1.1369 + ULLC(67332667,ffc00b31), ULLC(8eb44a87,68581511),
1.1370 + ULLC(db0c2e0d,64f98fa7), ULLC(47b5481d,befa4fa4)
1.1371 +#endif
1.1372 +};
1.1373 +
1.1374 +SHA384Context *
1.1375 +SHA384_NewContext(void)
1.1376 +{
1.1377 + return SHA512_NewContext();
1.1378 +}
1.1379 +
1.1380 +void
1.1381 +SHA384_DestroyContext(SHA384Context *ctx, PRBool freeit)
1.1382 +{
1.1383 + SHA512_DestroyContext(ctx, freeit);
1.1384 +}
1.1385 +
1.1386 +void
1.1387 +SHA384_Begin(SHA384Context *ctx)
1.1388 +{
1.1389 + memset(ctx, 0, sizeof *ctx);
1.1390 + memcpy(H, H384, sizeof H384);
1.1391 +}
1.1392 +
1.1393 +void
1.1394 +SHA384_Update(SHA384Context *ctx, const unsigned char *input,
1.1395 + unsigned int inputLen)
1.1396 +{
1.1397 + SHA512_Update(ctx, input, inputLen);
1.1398 +}
1.1399 +
1.1400 +void
1.1401 +SHA384_End(SHA384Context *ctx, unsigned char *digest,
1.1402 + unsigned int *digestLen, unsigned int maxDigestLen)
1.1403 +{
1.1404 + unsigned int maxLen = SHA_MIN(maxDigestLen, SHA384_LENGTH);
1.1405 + SHA512_End(ctx, digest, digestLen, maxLen);
1.1406 +}
1.1407 +
1.1408 +void
1.1409 +SHA384_EndRaw(SHA384Context *ctx, unsigned char *digest,
1.1410 + unsigned int *digestLen, unsigned int maxDigestLen)
1.1411 +{
1.1412 + unsigned int maxLen = SHA_MIN(maxDigestLen, SHA384_LENGTH);
1.1413 + SHA512_EndRaw(ctx, digest, digestLen, maxLen);
1.1414 +}
1.1415 +
1.1416 +SECStatus
1.1417 +SHA384_HashBuf(unsigned char *dest, const unsigned char *src,
1.1418 + PRUint32 src_length)
1.1419 +{
1.1420 + SHA512Context ctx;
1.1421 + unsigned int outLen;
1.1422 +
1.1423 + SHA384_Begin(&ctx);
1.1424 + SHA512_Update(&ctx, src, src_length);
1.1425 + SHA512_End(&ctx, dest, &outLen, SHA384_LENGTH);
1.1426 + memset(&ctx, 0, sizeof ctx);
1.1427 +
1.1428 + return SECSuccess;
1.1429 +}
1.1430 +
1.1431 +SECStatus
1.1432 +SHA384_Hash(unsigned char *dest, const char *src)
1.1433 +{
1.1434 + return SHA384_HashBuf(dest, (const unsigned char *)src, PORT_Strlen(src));
1.1435 +}
1.1436 +
1.1437 +void SHA384_TraceState(SHA384Context *ctx) { }
1.1438 +
1.1439 +unsigned int
1.1440 +SHA384_FlattenSize(SHA384Context *ctx)
1.1441 +{
1.1442 + return sizeof(SHA384Context);
1.1443 +}
1.1444 +
1.1445 +SECStatus
1.1446 +SHA384_Flatten(SHA384Context *ctx,unsigned char *space)
1.1447 +{
1.1448 + return SHA512_Flatten(ctx, space);
1.1449 +}
1.1450 +
1.1451 +SHA384Context *
1.1452 +SHA384_Resurrect(unsigned char *space, void *arg)
1.1453 +{
1.1454 + return SHA512_Resurrect(space, arg);
1.1455 +}
1.1456 +
1.1457 +void SHA384_Clone(SHA384Context *dest, SHA384Context *src)
1.1458 +{
1.1459 + memcpy(dest, src, sizeof *dest);
1.1460 +}
1.1461 +
1.1462 +/* ======================================================================= */
1.1463 +#ifdef SELFTEST
1.1464 +#include <stdio.h>
1.1465 +
1.1466 +static const char abc[] = { "abc" };
1.1467 +static const char abcdbc[] = {
1.1468 + "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
1.1469 +};
1.1470 +static const char abcdef[] = {
1.1471 + "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn"
1.1472 + "hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"
1.1473 +};
1.1474 +
1.1475 +void
1.1476 +dumpHash32(const unsigned char *buf, unsigned int bufLen)
1.1477 +{
1.1478 + unsigned int i;
1.1479 + for (i = 0; i < bufLen; i += 4) {
1.1480 + printf(" %02x%02x%02x%02x", buf[i], buf[i+1], buf[i+2], buf[i+3]);
1.1481 + }
1.1482 + printf("\n");
1.1483 +}
1.1484 +
1.1485 +void test256(void)
1.1486 +{
1.1487 + unsigned char outBuf[SHA256_LENGTH];
1.1488 +
1.1489 + printf("SHA256, input = %s\n", abc);
1.1490 + SHA256_Hash(outBuf, abc);
1.1491 + dumpHash32(outBuf, sizeof outBuf);
1.1492 +
1.1493 + printf("SHA256, input = %s\n", abcdbc);
1.1494 + SHA256_Hash(outBuf, abcdbc);
1.1495 + dumpHash32(outBuf, sizeof outBuf);
1.1496 +}
1.1497 +
1.1498 +void test224(void)
1.1499 +{
1.1500 + SHA224Context ctx;
1.1501 + unsigned char a1000times[1000];
1.1502 + unsigned int outLen;
1.1503 + unsigned char outBuf[SHA224_LENGTH];
1.1504 + int i;
1.1505 +
1.1506 + /* Test Vector 1 */
1.1507 + printf("SHA224, input = %s\n", abc);
1.1508 + SHA224_Hash(outBuf, abc);
1.1509 + dumpHash32(outBuf, sizeof outBuf);
1.1510 +
1.1511 + /* Test Vector 2 */
1.1512 + printf("SHA224, input = %s\n", abcdbc);
1.1513 + SHA224_Hash(outBuf, abcdbc);
1.1514 + dumpHash32(outBuf, sizeof outBuf);
1.1515 +
1.1516 + /* Test Vector 3 */
1.1517 +
1.1518 + /* to hash one million 'a's perform 1000
1.1519 + * sha224 updates on a buffer with 1000 'a's
1.1520 + */
1.1521 + memset(a1000times, 'a', 1000);
1.1522 + printf("SHA224, input = %s\n", "a one million times");
1.1523 + SHA224_Begin(&ctx);
1.1524 + for (i = 0; i < 1000; i++)
1.1525 + SHA224_Update(&ctx, a1000times, 1000);
1.1526 + SHA224_End(&ctx, outBuf, &outLen, SHA224_LENGTH);
1.1527 + dumpHash32(outBuf, sizeof outBuf);
1.1528 +}
1.1529 +
1.1530 +void
1.1531 +dumpHash64(const unsigned char *buf, unsigned int bufLen)
1.1532 +{
1.1533 + unsigned int i;
1.1534 + for (i = 0; i < bufLen; i += 8) {
1.1535 + if (i % 32 == 0)
1.1536 + printf("\n");
1.1537 + printf(" %02x%02x%02x%02x%02x%02x%02x%02x",
1.1538 + buf[i ], buf[i+1], buf[i+2], buf[i+3],
1.1539 + buf[i+4], buf[i+5], buf[i+6], buf[i+7]);
1.1540 + }
1.1541 + printf("\n");
1.1542 +}
1.1543 +
1.1544 +void test512(void)
1.1545 +{
1.1546 + unsigned char outBuf[SHA512_LENGTH];
1.1547 +
1.1548 + printf("SHA512, input = %s\n", abc);
1.1549 + SHA512_Hash(outBuf, abc);
1.1550 + dumpHash64(outBuf, sizeof outBuf);
1.1551 +
1.1552 + printf("SHA512, input = %s\n", abcdef);
1.1553 + SHA512_Hash(outBuf, abcdef);
1.1554 + dumpHash64(outBuf, sizeof outBuf);
1.1555 +}
1.1556 +
1.1557 +void time512(void)
1.1558 +{
1.1559 + unsigned char outBuf[SHA512_LENGTH];
1.1560 +
1.1561 + SHA512_Hash(outBuf, abc);
1.1562 + SHA512_Hash(outBuf, abcdef);
1.1563 +}
1.1564 +
1.1565 +void test384(void)
1.1566 +{
1.1567 + unsigned char outBuf[SHA384_LENGTH];
1.1568 +
1.1569 + printf("SHA384, input = %s\n", abc);
1.1570 + SHA384_Hash(outBuf, abc);
1.1571 + dumpHash64(outBuf, sizeof outBuf);
1.1572 +
1.1573 + printf("SHA384, input = %s\n", abcdef);
1.1574 + SHA384_Hash(outBuf, abcdef);
1.1575 + dumpHash64(outBuf, sizeof outBuf);
1.1576 +}
1.1577 +
1.1578 +int main (int argc, char *argv[], char *envp[])
1.1579 +{
1.1580 + int i = 1;
1.1581 + if (argc > 1) {
1.1582 + i = atoi(argv[1]);
1.1583 + }
1.1584 + if (i < 2) {
1.1585 + test224();
1.1586 + test256();
1.1587 + test384();
1.1588 + test512();
1.1589 + } else {
1.1590 + while (i-- > 0) {
1.1591 + time512();
1.1592 + }
1.1593 + printf("done\n");
1.1594 + }
1.1595 + return 0;
1.1596 +}
1.1597 +
1.1598 +void *PORT_Alloc(size_t len) { return malloc(len); }
1.1599 +void PORT_Free(void *ptr) { free(ptr); }
1.1600 +void PORT_ZFree(void *ptr, size_t len) { memset(ptr, 0, len); free(ptr); }
1.1601 +#endif
