sha2.c File Reference

#include <string.h>
#include <stdint.h>
#include "sha2.h"
#include "btc/hash.h"

Go to the source code of this file.

Macros
#define	LITTLE_ENDIAN   1234
#define	BIG_ENDIAN   4321
#define	BYTE_ORDER   LITTLE_ENDIAN
#define	SHA256_SHORT_BLOCK_LENGTH   (SHA256_BLOCK_LENGTH - 8)
#define	SHA512_SHORT_BLOCK_LENGTH   (SHA512_BLOCK_LENGTH - 16)
#define	REVERSE32(w, x)
#define	REVERSE64(w, x)
#define	ADDINC128(w, n)
#define	MEMSET_BZERO(p, l)   memset((p), 0, (l))
#define	MEMCPY_BCOPY(d, s, l)   memcpy((d), (s), (l))
#define	R(b, x)   ((x) >> (b))
#define	S32(b, x)   (((x) >> (b)) | ((x) << (32 - (b))))
#define	S64(b, x)   (((x) >> (b)) | ((x) << (64 - (b))))
#define	Ch(x, y, z)   (((x) & (y)) ^ ((~(x)) & (z)))
#define	Maj(x, y, z)   (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
#define	Sigma0_256(x)   (S32(2, (x)) ^ S32(13, (x)) ^ S32(22, (x)))
#define	Sigma1_256(x)   (S32(6, (x)) ^ S32(11, (x)) ^ S32(25, (x)))
#define	sigma0_256(x)   (S32(7, (x)) ^ S32(18, (x)) ^ R(3, (x)))
#define	sigma1_256(x)   (S32(17, (x)) ^ S32(19, (x)) ^ R(10, (x)))
#define	Sigma0_512(x)   (S64(28, (x)) ^ S64(34, (x)) ^ S64(39, (x)))
#define	Sigma1_512(x)   (S64(14, (x)) ^ S64(18, (x)) ^ S64(41, (x)))
#define	sigma0_512(x)   (S64(1, (x)) ^ S64(8, (x)) ^ R(7, (x)))
#define	sigma1_512(x)   (S64(19, (x)) ^ S64(61, (x)) ^ R(6, (x)))

Typedefs
typedef uint8_t	sha2_byte
typedef uint32_t	sha2_word32
typedef uint64_t	sha2_word64

Functions
void	sha512_Last (SHA512_CTX *)
void	sha256_Transform (SHA256_CTX *, const sha2_word32 *)
void	sha512_Transform (SHA512_CTX *, const sha2_word64 *)
void	sha256_Init (SHA256_CTX *context)
void	sha256_Update (SHA256_CTX *context, const sha2_byte *data, size_t len)
void	sha256_Final (sha2_byte digest[], SHA256_CTX *context)
void	sha256_Raw (const sha2_byte *data, size_t len, uint8_t digest[SHA256_DIGEST_LENGTH])
void	sha512_Init (SHA512_CTX *context)
void	sha512_Update (SHA512_CTX *context, const sha2_byte *data, size_t len)
void	sha512_Final (sha2_byte digest[], SHA512_CTX *context)
void	sha512_Raw (const sha2_byte *data, size_t len, uint8_t digest[SHA512_DIGEST_LENGTH])
void	hmac_sha256 (const uint8_t *key, const uint32_t keylen, const uint8_t *msg, const uint32_t msglen, uint8_t *hmac)
void	hmac_sha512 (const uint8_t *key, const uint32_t keylen, const uint8_t *msg, const uint32_t msglen, uint8_t *hmac)
void	btc_hash (const unsigned char *datain, size_t length, uint256 hashout)
void	btc_hash_sngl_sha256 (const unsigned char *datain, size_t length, uint256 hashout)

Variables
static const sha2_word32	K256 [64]
static const sha2_word32	sha256_initial_hash_value [8]
static const sha2_word64	K512 [80]
static const sha2_word64	sha512_initial_hash_value [8]

Macro Definition Documentation

#define ADDINC128	(		w,
			n
	)

Value:

{                               \
        (w)[0] += (sha2_word64)(n); \
        if ((w)[0] < (n)) {         \
            (w)[1]++;               \
        }                           \
    }

Definition at line 132 of file sha2.c.

Referenced by sha512_Update().

#define BIG_ENDIAN   4321

Definition at line 89 of file sha2.c.

#define BYTE_ORDER   LITTLE_ENDIAN

Definition at line 93 of file sha2.c.

Referenced by sha256_Transform(), and sha512_Transform().

#define Ch	(		x,
			y,
			z
	)		(((x) & (y)) ^ ((~(x)) & (z)))

Definition at line 160 of file sha2.c.

Referenced by sha256_Transform(), and sha512_Transform().

#define LITTLE_ENDIAN   1234

Copyright (c) 2000-2001 Aaron D. Gifford Copyright (c) 2013 Pavol Rusnak Copyright (c) 2015 Jonas Schnelli All rights reserved.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
3. Neither the name of the copyright holder nor the names of contributors may be used to endorse or promote products derived from this software without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTOR(S) ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

Definition at line 88 of file sha2.c.

Referenced by sha256_Transform(), and sha512_Transform().

#define Maj	(		x,
			y,
			z
	)		(((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))

Definition at line 161 of file sha2.c.

Referenced by sha256_Transform(), and sha512_Transform().

#define MEMCPY_BCOPY	(		d,
			s,
			l
	)		memcpy((d), (s), (l))

Definition at line 141 of file sha2.c.

Referenced by sha256_Final(), sha256_Init(), sha256_Update(), sha512_Final(), sha512_Init(), and sha512_Update().

#define MEMSET_BZERO	(		p,
			l
	)		memset((p), 0, (l))

Definition at line 140 of file sha2.c.

Referenced by sha256_Final(), sha256_Init(), sha512_Final(), sha512_Init(), and sha512_Last().

#define R	(		b,
			x
	)		((x) >> (b))

Definition at line 153 of file sha2.c.

#define REVERSE32	(		w,
			x
	)

Value:

{                                                                    \
        sha2_word32 tmp = (w);                                           \
        tmp = (tmp >> 16) | (tmp << 16);                                 \
        (x) = ((tmp & 0xff00ff00UL) >> 8) | ((tmp & 0x00ff00ffUL) << 8); \
    }

Definition at line 112 of file sha2.c.

Referenced by sha256_Final(), and sha256_Transform().

#define REVERSE64	(		w,
			x
	)

Value:

{                                                                                        \
        sha2_word64 tmp = (w);                                                               \
        tmp = (tmp >> 32) | (tmp << 32);                                                     \
        tmp = ((tmp & 0xff00ff00ff00ff00ULL) >> 8) | ((tmp & 0x00ff00ff00ff00ffULL) << 8);   \
        (x) = ((tmp & 0xffff0000ffff0000ULL) >> 16) | ((tmp & 0x0000ffff0000ffffULL) << 16); \
    }

Definition at line 118 of file sha2.c.

Referenced by sha256_Final(), sha512_Final(), sha512_Last(), and sha512_Transform().

#define S32	(		b,
			x
	)		(((x) >> (b)) | ((x) << (32 - (b))))

Definition at line 155 of file sha2.c.

#define S64	(		b,
			x
	)		(((x) >> (b)) | ((x) << (64 - (b))))

Definition at line 157 of file sha2.c.

#define SHA256_SHORT_BLOCK_LENGTH   (SHA256_BLOCK_LENGTH - 8)

Definition at line 106 of file sha2.c.

Referenced by sha256_Final().

#define SHA512_SHORT_BLOCK_LENGTH   (SHA512_BLOCK_LENGTH - 16)

Definition at line 107 of file sha2.c.

Referenced by sha512_Last().

#define Sigma0_256

(

x

)

(S32(2, (x)) ^ S32(13, (x)) ^ S32(22, (x)))

Definition at line 164 of file sha2.c.

Referenced by sha256_Transform().

#define sigma0_256

(

x

)

(S32(7, (x)) ^ S32(18, (x)) ^ R(3, (x)))

Definition at line 166 of file sha2.c.

#define Sigma0_512

(

x

)

(S64(28, (x)) ^ S64(34, (x)) ^ S64(39, (x)))

Definition at line 170 of file sha2.c.

Referenced by sha512_Transform().

#define sigma0_512

(

x

)

(S64(1, (x)) ^ S64(8, (x)) ^ R(7, (x)))

Definition at line 172 of file sha2.c.

#define Sigma1_256

(

x

)

(S32(6, (x)) ^ S32(11, (x)) ^ S32(25, (x)))

Definition at line 165 of file sha2.c.

Referenced by sha256_Transform().

#define sigma1_256

(

x

)

(S32(17, (x)) ^ S32(19, (x)) ^ R(10, (x)))

Definition at line 167 of file sha2.c.

#define Sigma1_512

(

x

)

(S64(14, (x)) ^ S64(18, (x)) ^ S64(41, (x)))

Definition at line 171 of file sha2.c.

Referenced by sha512_Transform().

#define sigma1_512

(

x

)

(S64(19, (x)) ^ S64(61, (x)) ^ R(6, (x)))

Definition at line 173 of file sha2.c.

Typedef Documentation

typedef uint8_t sha2_byte

Definition at line 100 of file sha2.c.

typedef uint32_t sha2_word32

Definition at line 101 of file sha2.c.

typedef uint64_t sha2_word64

Definition at line 102 of file sha2.c.

Function Documentation

void btc_hash	(	const unsigned char *	datain,
		size_t	length,
		uint256	hashout
	)

Definition at line 1026 of file sha2.c.

References sha256_Raw().

Referenced by btc_privkey_verify_pubkey().

{
    //bitcoin double sha256 hash
    sha256_Raw((const uint8_t*)datain, length, hashout);
    sha256_Raw(hashout, 32, hashout);
}

void btc_hash_sngl_sha256	(	const unsigned char *	datain,
		size_t	length,
		uint256	hashout
	)

Definition at line 1033 of file sha2.c.

References sha256_Raw().

{
    sha256_Raw((const uint8_t*)datain, length, hashout);
}

void hmac_sha256	(	const uint8_t *	key,
		const uint32_t	keylen,
		const uint8_t *	msg,
		const uint32_t	msglen,
		uint8_t *	hmac
	)

Definition at line 966 of file sha2.c.

References SHA256_BLOCK_LENGTH, SHA256_DIGEST_LENGTH, sha256_Final(), sha256_Init(), sha256_Raw(), and sha256_Update().

{
    int i;
    uint8_t buf[SHA256_BLOCK_LENGTH], o_key_pad[SHA256_BLOCK_LENGTH],
        i_key_pad[SHA256_BLOCK_LENGTH];
    SHA256_CTX ctx;

    memset(buf, 0, SHA256_BLOCK_LENGTH);
    if (keylen > SHA256_BLOCK_LENGTH) {
        sha256_Raw(key, keylen, buf);
    } else {
        memcpy(buf, key, keylen);
    }

    for (i = 0; i < SHA256_BLOCK_LENGTH; i++) {
        o_key_pad[i] = buf[i] ^ 0x5c;
        i_key_pad[i] = buf[i] ^ 0x36;
    }

    sha256_Init(&ctx);
    sha256_Update(&ctx, i_key_pad, SHA256_BLOCK_LENGTH);
    sha256_Update(&ctx, msg, msglen);
    sha256_Final(buf, &ctx);

    sha256_Init(&ctx);
    sha256_Update(&ctx, o_key_pad, SHA256_BLOCK_LENGTH);
    sha256_Update(&ctx, buf, SHA256_DIGEST_LENGTH);
    sha256_Final(hmac, &ctx);
}

void hmac_sha512	(	const uint8_t *	key,
		const uint32_t	keylen,
		const uint8_t *	msg,
		const uint32_t	msglen,
		uint8_t *	hmac
	)

Definition at line 996 of file sha2.c.

References SHA512_BLOCK_LENGTH, SHA512_DIGEST_LENGTH, sha512_Final(), sha512_Init(), sha512_Raw(), and sha512_Update().

Referenced by btc_hdnode_from_seed(), btc_hdnode_private_ckd(), and btc_hdnode_public_ckd().

{
    int i;
    uint8_t buf[SHA512_BLOCK_LENGTH], o_key_pad[SHA512_BLOCK_LENGTH],
        i_key_pad[SHA512_BLOCK_LENGTH];
    SHA512_CTX ctx;

    memset(buf, 0, SHA512_BLOCK_LENGTH);
    if (keylen > SHA512_BLOCK_LENGTH) {
        sha512_Raw(key, keylen, buf);
    } else {
        memcpy(buf, key, keylen);
    }

    for (i = 0; i < SHA512_BLOCK_LENGTH; i++) {
        o_key_pad[i] = buf[i] ^ 0x5c;
        i_key_pad[i] = buf[i] ^ 0x36;
    }

    sha512_Init(&ctx);
    sha512_Update(&ctx, i_key_pad, SHA512_BLOCK_LENGTH);
    sha512_Update(&ctx, msg, msglen);
    sha512_Final(buf, &ctx);

    sha512_Init(&ctx);
    sha512_Update(&ctx, o_key_pad, SHA512_BLOCK_LENGTH);
    sha512_Update(&ctx, buf, SHA512_DIGEST_LENGTH);
    sha512_Final(hmac, &ctx);
}

void sha256_Final	(	sha2_byte	digest[],
		SHA256_CTX *	context
	)

Definition at line 590 of file sha2.c.

References _SHA256_CTX::bitcount, _SHA256_CTX::buffer, MEMCPY_BCOPY, MEMSET_BZERO, REVERSE32, REVERSE64, SHA256_BLOCK_LENGTH, SHA256_DIGEST_LENGTH, SHA256_SHORT_BLOCK_LENGTH, sha256_Transform(), and _SHA256_CTX::state.

Referenced by hmac_sha256(), and sha256_Raw().

{
    sha2_word32* d = (sha2_word32*)digest;
    unsigned int usedspace;

    /* If no digest buffer is passed, we don't bother doing this: */
    if (digest != (sha2_byte*)0) {
        usedspace = (context->bitcount >> 3) % SHA256_BLOCK_LENGTH;
#if BYTE_ORDER == LITTLE_ENDIAN
        /* Convert FROM host byte order */
        REVERSE64(context->bitcount, context->bitcount);
#endif
        if (usedspace > 0) {
            /* Begin padding with a 1 bit: */
            context->buffer[usedspace++] = 0x80;

            if (usedspace <= SHA256_SHORT_BLOCK_LENGTH) {
                /* Set-up for the last transform: */
                MEMSET_BZERO(&context->buffer[usedspace], SHA256_SHORT_BLOCK_LENGTH - usedspace);
            } else {
                if (usedspace < SHA256_BLOCK_LENGTH) {
                    MEMSET_BZERO(&context->buffer[usedspace], SHA256_BLOCK_LENGTH - usedspace);
                }
                /* Do second-to-last transform: */
                sha256_Transform(context, (sha2_word32*)context->buffer);

                /* And set-up for the last transform: */
                MEMSET_BZERO(context->buffer, SHA256_SHORT_BLOCK_LENGTH);
            }
        } else {
            /* Set-up for the last transform: */
            MEMSET_BZERO(context->buffer, SHA256_SHORT_BLOCK_LENGTH);

            /* Begin padding with a 1 bit: */
            *context->buffer = 0x80;
        }
        /* Set the bit count: */
        sha2_word64* t = (sha2_word64*)&context->buffer[SHA256_SHORT_BLOCK_LENGTH];
        *t = context->bitcount;

        /* Final transform: */
        sha256_Transform(context, (sha2_word32*)context->buffer);

#if BYTE_ORDER == LITTLE_ENDIAN
        {
            /* Convert TO host byte order */
            int j;
            for (j = 0; j < 8; j++) {
                REVERSE32(context->state[j], context->state[j]);
                *d++ = context->state[j];
            }
        }
#else
        MEMCPY_BCOPY(d, context->state, SHA256_DIGEST_LENGTH);
#endif
    }

    /* Clean up state data: */
    MEMSET_BZERO(context, sizeof(SHA256_CTX));
    usedspace = 0;
}

void sha256_Init

(

SHA256_CTX *

context

)

Definition at line 360 of file sha2.c.

References _SHA256_CTX::bitcount, _SHA256_CTX::buffer, MEMCPY_BCOPY, MEMSET_BZERO, SHA256_BLOCK_LENGTH, SHA256_DIGEST_LENGTH, sha256_initial_hash_value, and _SHA256_CTX::state.

Referenced by hmac_sha256(), and sha256_Raw().

{
    if (context == (SHA256_CTX*)0) {
        return;
    }
    MEMCPY_BCOPY(context->state, sha256_initial_hash_value, SHA256_DIGEST_LENGTH);
    MEMSET_BZERO(context->buffer, SHA256_BLOCK_LENGTH);
    context->bitcount = 0;
}

void sha256_Raw	(	const sha2_byte *	data,
		size_t	len,
		uint8_t	digest[SHA256_DIGEST_LENGTH]
	)

Definition at line 652 of file sha2.c.

References sha256_Final(), sha256_Init(), and sha256_Update().

Referenced by btc_b58check(), btc_base58_encode_check(), btc_hash(), btc_hash_sngl_sha256(), btc_hdnode_private_ckd(), btc_hdnode_public_ckd(), btc_tx_hash(), btc_tx_sighash(), and hmac_sha256().

{
    SHA256_CTX context;
    sha256_Init(&context);
    sha256_Update(&context, data, len);
    sha256_Final(digest, &context);
}

void sha256_Transform	(	SHA256_CTX *	context,
		const sha2_word32 *	data
	)

Definition at line 463 of file sha2.c.

References _SHA256_CTX::buffer, BYTE_ORDER, Ch, K256, LITTLE_ENDIAN, Maj, REVERSE32, Sigma0_256, Sigma1_256, and _SHA256_CTX::state.

Referenced by sha256_Final(), and sha256_Update().

{
    sha2_word32 a, b, c, d, e, f, g, h, s0, s1;
    sha2_word32 T1, T2, *W256;
    int j;

    W256 = (sha2_word32*)context->buffer;

    /* Initialize registers with the prev. intermediate value */
    a = context->state[0];
    b = context->state[1];
    c = context->state[2];
    d = context->state[3];
    e = context->state[4];
    f = context->state[5];
    g = context->state[6];
    h = context->state[7];

    j = 0;
    do {
#if BYTE_ORDER == LITTLE_ENDIAN
        /* Copy data while converting to host byte order */
        REVERSE32(*data++, W256[j]);
        /* Apply the SHA-256 compression function to update a..h */
        T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + W256[j];
#else  /* BYTE_ORDER == LITTLE_ENDIAN */
        /* Apply the SHA-256 compression function to update a..h with copy */
        T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + (W256[j] = *data++);
#endif /* BYTE_ORDER == LITTLE_ENDIAN */
        T2 = Sigma0_256(a) + Maj(a, b, c);
        h = g;
        g = f;
        f = e;
        e = d + T1;
        d = c;
        c = b;
        b = a;
        a = T1 + T2;

        j++;
    } while (j < 16);

    do {
        /* Part of the message block expansion: */
        s0 = W256[(j + 1) & 0x0f];
        s0 = sigma0_256(s0);
        s1 = W256[(j + 14) & 0x0f];
        s1 = sigma1_256(s1);

        /* Apply the SHA-256 compression function to update a..h */
        T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] +
             (W256[j & 0x0f] += s1 + W256[(j + 9) & 0x0f] + s0);
        T2 = Sigma0_256(a) + Maj(a, b, c);
        h = g;
        g = f;
        f = e;
        e = d + T1;
        d = c;
        c = b;
        b = a;
        a = T1 + T2;

        j++;
    } while (j < 64);

    /* Compute the current intermediate hash value */
    context->state[0] += a;
    context->state[1] += b;
    context->state[2] += c;
    context->state[3] += d;
    context->state[4] += e;
    context->state[5] += f;
    context->state[6] += g;
    context->state[7] += h;

    /* Clean up */
    a = b = c = d = e = f = g = h = T1 = T2 = 0;
}

void sha256_Update	(	SHA256_CTX *	context,
		const sha2_byte *	data,
		size_t	len
	)

Definition at line 544 of file sha2.c.

References _SHA256_CTX::bitcount, _SHA256_CTX::buffer, MEMCPY_BCOPY, SHA256_BLOCK_LENGTH, and sha256_Transform().

Referenced by hmac_sha256(), and sha256_Raw().

{
    unsigned int freespace, usedspace;

    if (len == 0) {
        /* Calling with no data is valid - we do nothing */
        return;
    }

    usedspace = (context->bitcount >> 3) % SHA256_BLOCK_LENGTH;
    if (usedspace > 0) {
        /* Calculate how much free space is available in the buffer */
        freespace = SHA256_BLOCK_LENGTH - usedspace;

        if (len >= freespace) {
            /* Fill the buffer completely and process it */
            MEMCPY_BCOPY(&context->buffer[usedspace], data, freespace);
            context->bitcount += freespace << 3;
            len -= freespace;
            data += freespace;
            sha256_Transform(context, (sha2_word32*)context->buffer);
        } else {
            /* The buffer is not yet full */
            MEMCPY_BCOPY(&context->buffer[usedspace], data, len);
            context->bitcount += len << 3;
            /* Clean up: */
            usedspace = freespace = 0;
            return;
        }
    }
    while (len >= SHA256_BLOCK_LENGTH) {
        /* Process as many complete blocks as we can */
        sha256_Transform(context, (const sha2_word32*)data);
        context->bitcount += SHA256_BLOCK_LENGTH << 3;
        len -= SHA256_BLOCK_LENGTH;
        data += SHA256_BLOCK_LENGTH;
    }
    if (len > 0) {
        /* There's left-overs, so save 'em */
        MEMCPY_BCOPY(context->buffer, data, len);
        context->bitcount += len << 3;
    }
    /* Clean up: */
    usedspace = freespace = 0;
}

void sha512_Final	(	sha2_byte	digest[],
		SHA512_CTX *	context
	)

Definition at line 931 of file sha2.c.

References MEMCPY_BCOPY, MEMSET_BZERO, REVERSE64, SHA512_DIGEST_LENGTH, sha512_Last(), and _SHA512_CTX::state.

Referenced by hmac_sha512(), and sha512_Raw().

{
    sha2_word64* d = (sha2_word64*)digest;

    /* If no digest buffer is passed, we don't bother doing this: */
    if (digest != (sha2_byte*)0) {
        sha512_Last(context);

/* Save the hash data for output: */
#if BYTE_ORDER == LITTLE_ENDIAN
        {
            /* Convert TO host byte order */
            int j;
            for (j = 0; j < 8; j++) {
                REVERSE64(context->state[j], context->state[j]);
                *d++ = context->state[j];
            }
        }
#else
        MEMCPY_BCOPY(d, context->state, SHA512_DIGEST_LENGTH);
#endif
    }

    /* Zero out state data */
    MEMSET_BZERO(context, sizeof(SHA512_CTX));
}

void sha512_Init

(

SHA512_CTX *

context

)

Definition at line 662 of file sha2.c.

References _SHA512_CTX::bitcount, _SHA512_CTX::buffer, MEMCPY_BCOPY, MEMSET_BZERO, SHA512_BLOCK_LENGTH, SHA512_DIGEST_LENGTH, sha512_initial_hash_value, and _SHA512_CTX::state.

Referenced by hmac_sha512(), and sha512_Raw().

{
    if (context == (SHA512_CTX*)0) {
        return;
    }
    MEMCPY_BCOPY(context->state, sha512_initial_hash_value, SHA512_DIGEST_LENGTH);
    MEMSET_BZERO(context->buffer, SHA512_BLOCK_LENGTH);
    context->bitcount[0] = context->bitcount[1] = 0;
}

void sha512_Last

(

SHA512_CTX *

context

)

Definition at line 886 of file sha2.c.

References _SHA512_CTX::bitcount, _SHA512_CTX::buffer, MEMSET_BZERO, REVERSE64, SHA512_BLOCK_LENGTH, SHA512_SHORT_BLOCK_LENGTH, and sha512_Transform().

Referenced by sha512_Final().

{
    unsigned int usedspace;

    usedspace = (context->bitcount[0] >> 3) % SHA512_BLOCK_LENGTH;
#if BYTE_ORDER == LITTLE_ENDIAN
    /* Convert FROM host byte order */
    REVERSE64(context->bitcount[0], context->bitcount[0]);
    REVERSE64(context->bitcount[1], context->bitcount[1]);
#endif
    if (usedspace > 0) {
        /* Begin padding with a 1 bit: */
        context->buffer[usedspace++] = 0x80;

        if (usedspace <= SHA512_SHORT_BLOCK_LENGTH) {
            /* Set-up for the last transform: */
            MEMSET_BZERO(&context->buffer[usedspace], SHA512_SHORT_BLOCK_LENGTH - usedspace);
        } else {
            if (usedspace < SHA512_BLOCK_LENGTH) {
                MEMSET_BZERO(&context->buffer[usedspace], SHA512_BLOCK_LENGTH - usedspace);
            }
            /* Do second-to-last transform: */
            sha512_Transform(context, (sha2_word64*)context->buffer);

            /* And set-up for the last transform: */
            MEMSET_BZERO(context->buffer, SHA512_BLOCK_LENGTH - 2);
        }
    } else {
        /* Prepare for final transform: */
        MEMSET_BZERO(context->buffer, SHA512_SHORT_BLOCK_LENGTH);

        /* Begin padding with a 1 bit: */
        *context->buffer = 0x80;
    }
    /* Store the length of input data (in bits): */
    sha2_word64* t;
    t = (sha2_word64*)&context->buffer[SHA512_SHORT_BLOCK_LENGTH];
    *t = context->bitcount[1];
    t = (sha2_word64*)&context->buffer[SHA512_SHORT_BLOCK_LENGTH + 8];
    *t = context->bitcount[0];

    /* Final transform: */
    sha512_Transform(context, (sha2_word64*)context->buffer);
}

void sha512_Raw	(	const sha2_byte *	data,
		size_t	len,
		uint8_t	digest[SHA512_DIGEST_LENGTH]
	)

Definition at line 958 of file sha2.c.

References sha512_Final(), sha512_Init(), and sha512_Update().

Referenced by hmac_sha512().

{
    SHA512_CTX context;
    sha512_Init(&context);
    sha512_Update(&context, data, len);
    sha512_Final(digest, &context);
}

void sha512_Transform	(	SHA512_CTX *	context,
		const sha2_word64 *	data
	)

Definition at line 761 of file sha2.c.

References _SHA512_CTX::buffer, BYTE_ORDER, Ch, K512, LITTLE_ENDIAN, Maj, REVERSE64, Sigma0_512, Sigma1_512, and _SHA512_CTX::state.

Referenced by sha512_Last(), and sha512_Update().

{
    sha2_word64 a, b, c, d, e, f, g, h, s0, s1;
    sha2_word64 T1, T2, *W512 = (sha2_word64*)context->buffer;
    int j;

    /* Initialize registers with the prev. intermediate value */
    a = context->state[0];
    b = context->state[1];
    c = context->state[2];
    d = context->state[3];
    e = context->state[4];
    f = context->state[5];
    g = context->state[6];
    h = context->state[7];

    j = 0;
    do {
#if BYTE_ORDER == LITTLE_ENDIAN
        /* Convert TO host byte order */
        REVERSE64(*data++, W512[j]);
        /* Apply the SHA-512 compression function to update a..h */
        T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + W512[j];
#else  /* BYTE_ORDER == LITTLE_ENDIAN */
        /* Apply the SHA-512 compression function to update a..h with copy */
        T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + (W512[j] = *data++);
#endif /* BYTE_ORDER == LITTLE_ENDIAN */
        T2 = Sigma0_512(a) + Maj(a, b, c);
        h = g;
        g = f;
        f = e;
        e = d + T1;
        d = c;
        c = b;
        b = a;
        a = T1 + T2;

        j++;
    } while (j < 16);

    do {
        /* Part of the message block expansion: */
        s0 = W512[(j + 1) & 0x0f];
        s0 = sigma0_512(s0);
        s1 = W512[(j + 14) & 0x0f];
        s1 = sigma1_512(s1);

        /* Apply the SHA-512 compression function to update a..h */
        T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] +
             (W512[j & 0x0f] += s1 + W512[(j + 9) & 0x0f] + s0);
        T2 = Sigma0_512(a) + Maj(a, b, c);
        h = g;
        g = f;
        f = e;
        e = d + T1;
        d = c;
        c = b;
        b = a;
        a = T1 + T2;

        j++;
    } while (j < 80);

    /* Compute the current intermediate hash value */
    context->state[0] += a;
    context->state[1] += b;
    context->state[2] += c;
    context->state[3] += d;
    context->state[4] += e;
    context->state[5] += f;
    context->state[6] += g;
    context->state[7] += h;

    /* Clean up */
    a = b = c = d = e = f = g = h = T1 = T2 = 0;
}

void sha512_Update	(	SHA512_CTX *	context,
		const sha2_byte *	data,
		size_t	len
	)

Definition at line 840 of file sha2.c.

References ADDINC128, _SHA512_CTX::bitcount, _SHA512_CTX::buffer, MEMCPY_BCOPY, SHA512_BLOCK_LENGTH, and sha512_Transform().

Referenced by hmac_sha512(), and sha512_Raw().

{
    unsigned int freespace, usedspace;

    if (len == 0) {
        /* Calling with no data is valid - we do nothing */
        return;
    }

    usedspace = (context->bitcount[0] >> 3) % SHA512_BLOCK_LENGTH;
    if (usedspace > 0) {
        /* Calculate how much free space is available in the buffer */
        freespace = SHA512_BLOCK_LENGTH - usedspace;

        if (len >= freespace) {
            /* Fill the buffer completely and process it */
            MEMCPY_BCOPY(&context->buffer[usedspace], data, freespace);
            ADDINC128(context->bitcount, freespace << 3);
            len -= freespace;
            data += freespace;
            sha512_Transform(context, (sha2_word64*)context->buffer);
        } else {
            /* The buffer is not yet full */
            MEMCPY_BCOPY(&context->buffer[usedspace], data, len);
            ADDINC128(context->bitcount, len << 3);
            /* Clean up: */
            usedspace = freespace = 0;
            return;
        }
    }
    while (len >= SHA512_BLOCK_LENGTH) {
        /* Process as many complete blocks as we can */
        sha512_Transform(context, (const sha2_word64*)data);
        ADDINC128(context->bitcount, SHA512_BLOCK_LENGTH << 3);
        len -= SHA512_BLOCK_LENGTH;
        data += SHA512_BLOCK_LENGTH;
    }
    if (len > 0) {
        /* There's left-overs, so save 'em */
        MEMCPY_BCOPY(context->buffer, data, len);
        ADDINC128(context->bitcount, len << 3);
    }
    /* Clean up: */
    usedspace = freespace = 0;
}

Variable Documentation

const sha2_word32 K256[64]

static

Definition at line 187 of file sha2.c.

Referenced by sha256_Transform().

const sha2_word64 K512[80]

static

Definition at line 265 of file sha2.c.

Referenced by sha512_Transform().

const sha2_word32 sha256_initial_hash_value[8]

static

Initial value:

= {
    0x6a09e667UL,
    0xbb67ae85UL,
    0x3c6ef372UL,
    0xa54ff53aUL,
    0x510e527fUL,
    0x9b05688cUL,
    0x1f83d9abUL,
    0x5be0cd19UL}

Definition at line 254 of file sha2.c.

Referenced by sha256_Init().

const sha2_word64 sha512_initial_hash_value[8]

static

Initial value:

= {
    0x6a09e667f3bcc908ULL,
    0xbb67ae8584caa73bULL,
    0x3c6ef372fe94f82bULL,
    0xa54ff53a5f1d36f1ULL,
    0x510e527fade682d1ULL,
    0x9b05688c2b3e6c1fULL,
    0x1f83d9abfb41bd6bULL,
    0x5be0cd19137e2179ULL}

Definition at line 348 of file sha2.c.

Referenced by sha512_Init().