sha2.c

Linux 2.6 内核上配置IPSec VPN 的工具

		s0 = W512[(j+1)&0x0f];
		s0 = sigma0_512(s0);
		s1 = W512[(j+14)&0x0f];
		s1 =  sigma1_512(s1);

		/* Apply the SHA-512 compression function to update a..h */
		T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] +
		     (W512[j&0x0f] += s1 + W512[(j+9)&0x0f] + s0);
		T2 = Sigma0_512(a) + Maj(a, b, c);
		h = g;
		g = f;
		f = e;
		e = d + T1;
		d = c;
		c = b;
		b = a;
		a = T1 + T2;

		j++;
	} while (j < 80);

	/* Compute the current intermediate hash value */
	context->state[0] += a;
	context->state[1] += b;
	context->state[2] += c;
	context->state[3] += d;
	context->state[4] += e;
	context->state[5] += f;
	context->state[6] += g;
	context->state[7] += h;

	/* Clean up */
	a = b = c = d = e = f = g = h = T1 = T2 = 0;
}

#endif /* SHA2_UNROLL_TRANSFORM */

void SHA512_Update(SHA512_CTX* context, const sha2_byte *data, size_t len) {
	unsigned int	freespace, usedspace;

	if (len == 0) {
		/* Calling with no data is valid - we do nothing */
		return;
	}

	/* Sanity check: */
	assert(context != (SHA512_CTX*)0 && data != (sha2_byte*)0);

	usedspace = (context->bitcount[0] >> 3) % SHA512_BLOCK_LENGTH;
	if (usedspace > 0) {
		/* Calculate how much free space is available in the buffer */
		freespace = SHA512_BLOCK_LENGTH - usedspace;

		if (len >= freespace) {
			/* Fill the buffer completely and process it */
			bcopy(data, &context->buffer[usedspace], freespace);
			ADDINC128(context->bitcount, freespace << 3);
			len -= freespace;
			data += freespace;
			SHA512_Transform(context, (sha2_word64*)context->buffer);
		} else {
			/* The buffer is not yet full */
			bcopy(data, &context->buffer[usedspace], len);
			ADDINC128(context->bitcount, len << 3);
			/* Clean up: */
			usedspace = freespace = 0;
			return;
		}
	}
	while (len >= SHA512_BLOCK_LENGTH) {
		/* Process as many complete blocks as we can */
		SHA512_Transform(context, (const sha2_word64*)data);
		ADDINC128(context->bitcount, SHA512_BLOCK_LENGTH << 3);
		len -= SHA512_BLOCK_LENGTH;
		data += SHA512_BLOCK_LENGTH;
	}
	if (len > 0) {
		/* There's left-overs, so save 'em */
		bcopy(data, context->buffer, len);
		ADDINC128(context->bitcount, len << 3);
	}
	/* Clean up: */
	usedspace = freespace = 0;
}

void SHA512_Last(SHA512_CTX* context) {
	unsigned int	usedspace;

	usedspace = (context->bitcount[0] >> 3) % SHA512_BLOCK_LENGTH;
#if BYTE_ORDER == LITTLE_ENDIAN
	/* Convert FROM host byte order */
	REVERSE64(context->bitcount[0],context->bitcount[0]);
	REVERSE64(context->bitcount[1],context->bitcount[1]);
#endif
	if (usedspace > 0) {
		/* Begin padding with a 1 bit: */
		context->buffer[usedspace++] = 0x80;

		if (usedspace <= SHA512_SHORT_BLOCK_LENGTH) {
			/* Set-up for the last transform: */
			bzero(&context->buffer[usedspace], SHA512_SHORT_BLOCK_LENGTH - usedspace);
		} else {
			if (usedspace < SHA512_BLOCK_LENGTH) {
				bzero(&context->buffer[usedspace], SHA512_BLOCK_LENGTH - usedspace);
			}
			/* Do second-to-last transform: */
			SHA512_Transform(context, (sha2_word64*)context->buffer);

			/* And set-up for the last transform: */
			bzero(context->buffer, SHA512_BLOCK_LENGTH - 2);
		}
	} else {
		/* Prepare for final transform: */
		bzero(context->buffer, SHA512_SHORT_BLOCK_LENGTH);

		/* Begin padding with a 1 bit: */
		*context->buffer = 0x80;
	}
	/* Store the length of input data (in bits): */
	*(sha2_word64*)&context->buffer[SHA512_SHORT_BLOCK_LENGTH] = context->bitcount[1];
	*(sha2_word64*)&context->buffer[SHA512_SHORT_BLOCK_LENGTH+8] = context->bitcount[0];

	/* Final transform: */
	SHA512_Transform(context, (sha2_word64*)context->buffer);
}

void SHA512_Final(sha2_byte digest[], SHA512_CTX* context) {
	sha2_word64	*d = (sha2_word64*)digest;

	/* Sanity check: */
	assert(context != (SHA512_CTX*)0);

	/* If no digest buffer is passed, we don't bother doing this: */
	if (digest != (sha2_byte*)0) {
		SHA512_Last(context);

		/* Save the hash data for output: */
#if BYTE_ORDER == LITTLE_ENDIAN
		{
			/* Convert TO host byte order */
			int	j;
			for (j = 0; j < 8; j++) {
				REVERSE64(context->state[j],context->state[j]);
				*d++ = context->state[j];
			}
		}
#else
		bcopy(context->state, d, SHA512_DIGEST_LENGTH);
#endif
	}

	/* Zero out state data */
	bzero(context, sizeof(*context));
}

char *SHA512_End(SHA512_CTX* context, char buffer[]) {
	sha2_byte	digest[SHA512_DIGEST_LENGTH], *d = digest;
	int		i;

	/* Sanity check: */
	assert(context != (SHA512_CTX*)0);

	if (buffer != (char*)0) {
		SHA512_Final(digest, context);

		for (i = 0; i < SHA512_DIGEST_LENGTH; i++) {
			*buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4];
			*buffer++ = sha2_hex_digits[*d & 0x0f];
			d++;
		}
		*buffer = (char)0;
	} else {
		bzero(context, sizeof(*context));
	}
	bzero(digest, SHA512_DIGEST_LENGTH);
	return buffer;
}

char* SHA512_Data(const sha2_byte* data, size_t len, char digest[SHA512_DIGEST_STRING_LENGTH]) {
	SHA512_CTX	context;

	SHA512_Init(&context);
	SHA512_Update(&context, data, len);
	return SHA512_End(&context, digest);
}


/*** SHA-384: *********************************************************/
void SHA384_Init(SHA384_CTX* context) {
	if (context == (SHA384_CTX*)0) {
		return;
	}
	bcopy(sha384_initial_hash_value, context->state, SHA512_DIGEST_LENGTH);
	bzero(context->buffer, SHA384_BLOCK_LENGTH);
	context->bitcount[0] = context->bitcount[1] = 0;
}

void SHA384_Update(SHA384_CTX* context, const sha2_byte* data, size_t len) {
	SHA512_Update((SHA512_CTX*)context, data, len);
}

void SHA384_Final(sha2_byte digest[], SHA384_CTX* context) {
	sha2_word64	*d = (sha2_word64*)digest;

	/* Sanity check: */
	assert(context != (SHA384_CTX*)0);

	/* If no digest buffer is passed, we don't bother doing this: */
	if (digest != (sha2_byte*)0) {
		SHA512_Last((SHA512_CTX*)context);

		/* Save the hash data for output: */
#if BYTE_ORDER == LITTLE_ENDIAN
		{
			/* Convert TO host byte order */
			int	j;
			for (j = 0; j < 6; j++) {
				REVERSE64(context->state[j],context->state[j]);
				*d++ = context->state[j];
			}
		}
#else
		bcopy(context->state, d, SHA384_DIGEST_LENGTH);
#endif
	}

	/* Zero out state data */
	bzero(context, sizeof(*context));
}

char *SHA384_End(SHA384_CTX* context, char buffer[]) {
	sha2_byte	digest[SHA384_DIGEST_LENGTH], *d = digest;
	int		i;

	/* Sanity check: */
	assert(context != (SHA384_CTX*)0);

	if (buffer != (char*)0) {
		SHA384_Final(digest, context);

		for (i = 0; i < SHA384_DIGEST_LENGTH; i++) {
			*buffer++ = sha2_hex_digits[(*d & 0xf0) >> 4];
			*buffer++ = sha2_hex_digits[*d & 0x0f];
			d++;
		}
		*buffer = (char)0;
	} else {
		bzero(context, sizeof(*context));
	}
	bzero(digest, SHA384_DIGEST_LENGTH);
	return buffer;
}

char* SHA384_Data(const sha2_byte* data, size_t len, char digest[SHA384_DIGEST_STRING_LENGTH]) {
	SHA384_CTX	context;

	SHA384_Init(&context);
	SHA384_Update(&context, data, len);
	return SHA384_End(&context, digest);
}

/*glue*/
#ifdef HAVE_EVP_097

/* SHA256 */
#define data(ctx) ((SHA256_CTX *)(ctx)->md_data)
static int sha256_init(EVP_MD_CTX *ctx)
{
  SHA256_Init(data(ctx));
  return 1;
}
static int sha256_update(EVP_MD_CTX *ctx, const void *data, unsigned long count)
{
  SHA256_Update(data(ctx), data, count);
  return 1;
}
static int sha256_final(EVP_MD_CTX *ctx, unsigned char *md)
{
  SHA256_Final(md, data(ctx));
  return 1;
}
#undef data

/* SHA384 */
#define data(ctx) ((SHA384_CTX *)(ctx)->md_data)
static int sha384_init(EVP_MD_CTX *ctx)
{
  SHA384_Init(data(ctx));
  return 1;
}
static int sha384_update(EVP_MD_CTX *ctx, const void *data, unsigned long count)
{
  SHA384_Update(data(ctx), data, count);
  return 1;
}
static int sha384_final(EVP_MD_CTX *ctx, unsigned char *md)
{
  SHA384_Final(md, data(ctx));
  return 1;
}
#undef data

/* SHA512 */
#define data(ctx) ((SHA512_CTX *)(ctx)->md_data)
static int sha512_init(EVP_MD_CTX *ctx)
{
  SHA512_Init(data(ctx));
  return 1;
}
static int sha512_update(EVP_MD_CTX *ctx, const void *data, unsigned long count)
{
  SHA512_Update(data(ctx), data, count);
  return 1;
}
static int sha512_final(EVP_MD_CTX *ctx, unsigned char *md)
{
  SHA512_Final(md, data(ctx));
  return 1;
}
#undef data
#endif

static struct env_md_st sha2_256_md = {
	0, /*NID_sha1*/
	0, /*NID_sha1WithRSAEncryption*/
	SHA256_DIGEST_LENGTH,
#ifdef HAVE_EVP_097
	0,			/* flags */
	sha256_init,
	sha256_update,
	sha256_final,
	NULL,			/* copy */
	NULL,			/* cleanup */
#else
	SHA256_Init,
	SHA256_Update,
	SHA256_Final,
#endif
	NULL, NULL, {0, 0, 0, 0},
	SHA256_BLOCK_LENGTH,
	sizeof(struct env_md_st *) + sizeof(SHA256_CTX),
};

struct env_md_st *EVP_sha2_256(void)
{
	return(&sha2_256_md);
}

static struct env_md_st sha2_384_md = {
	0, /*NID_sha1*/
	0, /*NID_sha1WithRSAEncryption*/
	SHA384_DIGEST_LENGTH,
#ifdef HAVE_EVP_097
	0,			/* flags */
	sha384_init,
	sha384_update,
	sha384_final,
	NULL,			/* copy */
	NULL,			/* cleanup */
#else
	SHA384_Init,
	SHA384_Update,
	SHA384_Final,
#endif
	NULL, NULL, {0, 0, 0, 0},
	SHA384_BLOCK_LENGTH,
	sizeof(struct env_md_st *) + sizeof(SHA384_CTX),
};

struct env_md_st *EVP_sha2_384(void)
{
	return(&sha2_384_md);
}

static struct env_md_st sha2_512_md = {
	0, /*NID_sha1*/
	0, /*NID_sha1WithRSAEncryption*/
	SHA512_DIGEST_LENGTH,
#ifdef HAVE_EVP_097
	0,			/* flags */
	sha512_init,
	sha512_update,
	sha512_final,
	NULL,			/* copy */
	NULL,			/* cleanup */
#else
	SHA512_Init,
	SHA512_Update,
	SHA512_Final,
#endif
	NULL, NULL, {0, 0, 0, 0}, /*EVP_PKEY_RSA_method*/
	SHA512_BLOCK_LENGTH,
	sizeof(struct env_md_st *) + sizeof(SHA512_CTX),
};

struct env_md_st *EVP_sha2_512(void)
{
	return(&sha2_512_md);
}